| |
| |||||||
Log-Analyse und Auswertung: Sicherheitscenter streikt !Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
07.05.2013, 20:18
| #1 |
 |  Sicherheitscenter streikt ! Hallo, Er lässt sich nicht aktivieren. Höffentlich bringt die Combofix analyse licht ins Dunkle im Vorfeld vielen Dank für ihre Bemühungen. : Combofix Logfile: Code:
ATTFilter ComboFix 13-05-07.02 - Geisens 07.05.2013 20:23:18.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3545.2803 [GMT 2:00]
ausgeführt von:: I:\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-07 bis 2013-05-07 ))))))))))))))))))))))))))))))
.
.
2013-05-07 18:28 . 2013-05-07 18:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-07 15:49 . 2013-05-07 16:08 -------- d-----w- c:\users\Geisens\AppData\Local\Diagnostics
2013-05-07 15:20 . 2013-05-07 16:08 -------- d-----w- c:\users\Geisens\AppData\Local\ElevatedDiagnostics
2013-05-07 14:57 . 2013-05-07 14:57 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-07 14:57 . 2013-05-07 14:57 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-07 14:57 . 2013-05-07 14:57 -------- d-----w- c:\program files (x86)\Java
2013-05-07 13:52 . 2013-05-07 15:05 -------- d-----w- c:\programdata\SecTaskMan
2013-05-07 13:52 . 2013-05-07 13:58 -------- d-----w- c:\program files (x86)\Security Task Manager
2013-05-07 13:37 . 2013-05-07 13:37 69632 ----a-r- c:\users\Geisens\AppData\Roaming\Microsoft\Installer\{84178AE8-C22D-48CB-A6BA-D116FD3FE469}\ARPPRODUCTICON.exe
2013-05-07 13:37 . 2013-05-07 13:37 49152 ----a-r- c:\users\Geisens\AppData\Roaming\Microsoft\Installer\{84178AE8-C22D-48CB-A6BA-D116FD3FE469}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe
2013-05-07 13:37 . 2013-05-07 13:37 -------- d-----w- c:\users\Geisens\Qtrax
2013-05-07 13:33 . 2013-05-07 13:37 -------- d-----w- c:\users\Geisens\AppData\Local\Downloaded Installations
2013-05-07 13:32 . 2013-05-07 13:32 -------- d-----w- c:\users\Geisens\AppData\Roaming\Video Converter Packages
2013-05-07 13:32 . 2013-05-07 13:32 -------- d-----w- c:\users\Geisens\AppData\Roaming\DSite
2013-05-07 13:32 . 2013-05-07 13:32 -------- d-----w- c:\users\Geisens\AppData\Roaming\DealPly
2013-05-07 13:32 . 2013-05-07 13:32 -------- d-----w- c:\program files (x86)\VideoConverter
2013-05-07 13:32 . 2013-05-07 13:32 -------- d-----w- c:\program files (x86)\LyricsFinder
2013-05-06 20:33 . 2013-05-06 20:33 -------- d-----w- c:\windows\SysWow64\Extensions
2013-05-06 20:33 . 2013-05-06 20:33 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-05-05 16:13 . 2013-05-05 16:15 -------- d-----w- c:\users\Geisens\Haushaltsplan
2013-05-04 07:59 . 2013-05-04 07:59 -------- d-----w- c:\program files (x86)\Delta
2013-05-04 07:59 . 2013-05-04 07:59 -------- d-----w- c:\users\Geisens\AppData\Roaming\Delta
2013-05-04 07:58 . 2013-05-04 07:58 -------- d-----w- c:\programdata\Babylon
2013-05-04 07:58 . 2013-05-04 07:58 -------- d-----w- c:\users\Geisens\AppData\Roaming\Babylon
2013-05-04 07:57 . 2013-05-04 07:57 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-05-04 07:57 . 2013-05-04 07:57 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-04-24 12:56 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 10:39 . 2013-04-23 10:39 -------- d-----w- c:\programdata\AVS4YOU
2013-04-23 10:39 . 2013-04-23 10:39 -------- d-----w- c:\users\Geisens\AppData\Roaming\AVS4YOU
2013-04-23 10:38 . 2012-03-26 10:27 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2013-04-23 10:38 . 2010-11-12 18:18 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2013-04-23 10:38 . 2013-05-07 04:39 -------- d-----w- c:\program files (x86)\AVS4YOU
2013-04-23 10:37 . 2013-05-07 04:39 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2013-04-10 08:27 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-09 17:29 . 2013-04-09 17:29 -------- d-----w- c:\users\Geisens\AppData\Local\Cyberlink
2013-04-09 09:31 . 2013-04-10 09:31 -------- d-----w- c:\windows\SysWow64\jmdp
2013-04-09 09:31 . 2013-04-09 09:31 -------- d-----w- c:\windows\SysWow64\ARFC
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-07 14:57 . 2012-01-25 20:13 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-05-07 14:57 . 2011-07-18 21:13 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-24 14:07 . 2012-08-13 15:49 178448 ----a-w- c:\windows\system32\drivers\kneps.sys
2013-04-24 14:07 . 2012-06-08 10:38 55056 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-04-24 14:06 . 2012-08-13 17:24 620128 ----a-w- c:\windows\system32\drivers\klif.sys
2013-04-24 14:06 . 2012-08-13 17:24 90208 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-04-10 21:08 . 2011-07-18 20:31 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-07 08:54 . 2012-11-18 15:19 1455408 ----a-w- c:\windows\system32\dmwu.exe
2013-04-07 08:53 . 2012-11-18 15:19 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-04-06 06:48 . 2013-04-06 06:48 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-06 06:48 . 2013-04-06 06:48 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-06 06:48 . 2013-04-06 06:48 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-06 06:48 . 2013-04-06 06:48 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-06 06:48 . 2013-04-06 06:48 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-06 06:48 . 2013-04-06 06:48 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-06 06:48 . 2013-04-06 06:48 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-06 06:48 . 2013-04-06 06:48 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-06 06:48 . 2013-04-06 06:48 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-06 06:48 . 2013-04-06 06:48 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-06 06:48 . 2013-04-06 06:48 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-06 06:48 . 2013-04-06 06:48 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-06 06:48 . 2013-04-06 06:48 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-06 06:48 . 2013-04-06 06:48 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-06 06:48 . 2013-04-06 06:48 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-06 06:48 . 2013-04-06 06:48 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-06 06:48 . 2013-04-06 06:48 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-06 06:48 . 2013-04-06 06:48 441856 ----a-w- c:\windows\system32\html.iec
2013-04-06 06:48 . 2013-04-06 06:48 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-06 06:48 . 2013-04-06 06:48 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-06 06:48 . 2013-04-06 06:48 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-06 06:48 . 2013-04-06 06:48 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-06 06:48 . 2013-04-06 06:48 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-06 06:48 . 2013-04-06 06:48 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-06 06:48 . 2013-04-06 06:48 235008 ----a-w- c:\windows\system32\url.dll
2013-04-06 06:48 . 2013-04-06 06:48 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-06 06:48 . 2013-04-06 06:48 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-06 06:48 . 2013-04-06 06:48 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-06 06:48 . 2013-04-06 06:48 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-06 06:48 . 2013-04-06 06:48 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-06 06:48 . 2013-04-06 06:48 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-06 06:48 . 2013-04-06 06:48 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-06 06:48 . 2013-04-06 06:48 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-06 06:48 . 2013-04-06 06:48 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-06 06:48 . 2013-04-06 06:48 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-06 06:48 . 2013-04-06 06:48 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-06 06:48 . 2013-04-06 06:48 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-06 06:48 . 2013-04-06 06:48 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-06 06:48 . 2013-04-06 06:48 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-06 06:48 . 2013-04-06 06:48 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-06 06:48 . 2013-04-06 06:48 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-06 06:48 . 2013-04-06 06:48 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-06 06:48 . 2013-04-06 06:48 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-06 06:48 . 2013-04-06 06:48 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-06 06:48 . 2013-04-06 06:48 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-06 06:48 . 2013-04-06 06:48 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-06 06:48 . 2013-04-06 06:48 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-06 06:48 . 2013-04-06 06:48 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-06 06:48 . 2013-04-06 06:48 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-13 16:06 . 2011-12-01 21:26 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 16:06 . 2008-01-01 07:31 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-12 05:45 . 2013-03-14 08:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 08:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 08:18 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 08:18 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 08:18 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 08:18 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-20 19:59 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
c:\users\Geisens\AppData\LocalLow\CT2625848\ldrtbDVDV.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{398C01F1-E584-46AD-A649-4F78B435DCFE}]
2013-02-27 19:59 109568 ----a-w- c:\program files (x86)\LyricsFinder\lfind.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}]
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-07-04 13:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2013-01-10 22:05 197920 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{F9639E4A-801B-4843-AEE3-03D9DA199E77}"= "c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll" [BU]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\Geisens\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [BU]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{f9639e4a-801b-4843-aee3-03d9da199e77}]
[HKEY_CLASSES_ROOT\Incredibar.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Incredibar.dskBnd]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-24 15:18 220632 ----a-w- c:\users\Geisens\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-24 15:18 220632 ----a-w- c:\users\Geisens\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-24 15:18 220632 ----a-w- c:\users\Geisens\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-01-04 356376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2012-03-02 19456]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2012-03-02 27648]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2012-03-02 27136]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2012-03-02 34304]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2010-09-23 129008]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-05-05 235520]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-05-04 361984]
R4 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R4 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R4 CyberLink PowerDVD 10 MS Monitor Service;CyberLink PowerDVD 10 MS Monitor Service;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [2011-04-13 70952]
R4 CyberLink PowerDVD 10 MS Service;CyberLink PowerDVD 10 MS Service;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [2011-04-13 312616]
R4 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [2013-04-07 1455408]
R4 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-09-28 25824]
R4 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R4 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2012-01-31 70144]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-12-12 82048]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-12-12 42624]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-04-24 55056]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-04-24 178448]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-10-26 102528]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-10-26 219776]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-01-04 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-01-04 29528]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-16 676968]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-01-14 56448]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 19:27 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2008-01-01 16:06]
.
2013-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-27 14:17]
.
2013-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-27 14:17]
.
2013-05-07 c:\windows\Tasks\Lyrics Finder Update.job
- c:\program files (x86)\LyricsFinder\LyricsFinderUpdater.exe [2013-02-27 19:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-24 15:18 244696 ----a-w- c:\users\Geisens\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-24 15:18 244696 ----a-w- c:\users\Geisens\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-24 15:18 244696 ----a-w- c:\users\Geisens\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://home.sweetim.com/?crg=3.1010006.10028&barid={6739D974-5F49-11E2-BAD3-D43D7E19BEE5}
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.2.1
DPF: {5BF3E4A3-7E64-4D53-B512-2E242E837D24} - hxxps://einfach.otto.de/ottoproj/ottomce//bin/activex/MCEControls.cab
FF - ProfilePath - c:\users\Geisens\AppData\Roaming\Mozilla\Firefox\Profiles\b4jip9iu.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www2.delta-search.com/?affID=121562&tt=gc_&babsrc=HP_ss&mntrId=204CE0B9A5E89AE3
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&CUI=UN49480471408670657&UM=&q=
FF - ExtSQL: 2013-05-04 09:59; ffxtlbr@delta.com; c:\users\Geisens\AppData\Roaming\Mozilla\Firefox\Profiles\b4jip9iu.default\extensions\ffxtlbr@delta.com
FF - ExtSQL: 2013-05-07 15:32; lfind@nijadsoft.net; c:\program files (x86)\LyricsFinder\FF
FF - ExtSQL: 2013-05-07 15:32; amo@dealplyshopping.com; c:\users\Geisens\AppData\Roaming\Mozilla\Firefox\Profiles\b4jip9iu.default\extensions\amo@dealplyshopping.com
FF - ExtSQL: 2013-05-07 16:30; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Geisens\AppData\Roaming\Mozilla\Firefox\Profiles\b4jip9iu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-ALDI SÜD Mah Jong - c:\windows\system32\Uninstall ALDI SÜD Mah Jong.exe
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
"ImagePath"="."
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-07 20:35:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-05-07 18:35
ComboFix2.txt 2013-05-07 17:55
.
Vor Suchlauf: 17 Verzeichnis(se), 136.526.700.544 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 136.421.466.112 Bytes frei
.
- - End Of File - - A66FF7CF942C2E95B266F39A5A1AB1D5
PS : Kann mit dem Rechner nicht ins Internet, schreibe hier von einem Anderen. |
|
07.05.2013, 20:47
| #2 |
| /// Malware-holic   | Sicherheitscenter streikt ! hi
__________________steht denn bei Combofix die Warnung nicht deutlich genug? niemals ohne anweisung verwenden! Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
|
|
07.05.2013, 23:29
| #3 |
| | Sicherheitscenter streikt ! Hi, musste zur Arbeit ( Nachtschicht).
__________________Bin hier am Smartphone! Werde morgen alle Anweisungen ausführen. Danke für die schnelle Antwort |
|
07.05.2013, 23:33
| #4 |
| /// Malware-holic | Sicherheitscenter streikt ! Solche zwischenposts kannst du ruhig weg lassen, einfach los legen wenn du Zeit hast
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.05.2013, 06:01
| #5 |
| | Sicherheitscenter streikt ! Hallo, hier die Logfiles:OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.05.2013 06:43:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = I:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,46 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 75,24% Memory free 6,92 Gb Paging File | 6,01 Gb Available in Paging File | 86,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 880,41 Gb Total Space | 127,32 Gb Free Space | 14,46% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 26,39 Gb Free Space | 52,78% Space Free | Partition Type: NTFS Drive I: | 1006,73 Mb Total Space | 545,45 Mb Free Space | 54,18% Space Free | Partition Type: FAT Computer Name: GEISENS-PC | User Name: Geisens | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - I:\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () ========== Services (SafeList) ========== SRV:64bit: - (IBUpdaterService) -- C:\Windows\SysNative\dmwu.exe () SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (watchmi) -- C:\Program Files (x86)\watchmi\TvdService.exe () SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) SRV - (CyberLink PowerDVD 10 MS Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink) SRV - (CyberLink PowerDVD 10 MS Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO) DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.) DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.) DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.) DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.) DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - SOFTWARE\Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm080^YY^de&si=COS34NX4ubUCFUGR3godv1sAVg&ptb=B7C4885A-075B-4A1D-BCA9-A7F4BC22424E&ind=2013042306&n=77fc9682&psa=&st=sb&searchfor={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10028&barid={6739D974-5F49-11E2-BAD3-D43D7E19BEE5} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10028&barid={6739D974-5F49-11E2-BAD3-D43D7E19BEE5} IE - HKCU\..\SearchScopes,DefaultScope = {650B21C0-0045-417E-98F1-D41C0EF30B36} IE - HKCU\..\SearchScopes\{255471A0-85BA-4289-BFF5-2E97BB2CEF47}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&CUI=UN29539286393902638&SSPV=TB_IESB27 IE - HKCU\..\SearchScopes\{650B21C0-0045-417E-98F1-D41C0EF30B36}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_deDE503 IE - HKCU\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm080^YY^de&si=COS34NX4ubUCFUGR3godv1sAVg&ptb=B7C4885A-075B-4A1D-BCA9-A7F4BC22424E&ind=2013042306&n=77fc9682&psa=&st=sb&searchfor={searchTerms} IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10028&barid={6739D974-5F49-11E2-BAD3-D43D7E19BEE5} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultenginename: "My Web Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Delta Search" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www2.delta-search.com/?affID=121562&tt=gc_&babsrc=HP_ss&mntrId=204CE0B9A5E89AE3" FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0 FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02 FF - prefs.js..extensions.enabledAddons: %7B0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff%7D:10.15.2.523 FF - prefs.js..extensions.enabledAddons: url_advisor%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: virtual_keyboard%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: online_banking%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0 FF - prefs.js..extensions.enabledAddons: amo%40dealplyshopping.com:2.0 FF - prefs.js..extensions.enabledAddons: lfind%40nijadsoft.net:1.110 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&CUI=UN49480471408670657&UM=&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "DVDVideoSoftTB DE Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI=SB_CUI" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.24 16:10:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.24 16:10:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.24 16:10:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.24 16:10:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.24 16:10:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.14 10:39:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lfind@nijadsoft.net: C:\Program Files (x86)\LyricsFinder\FF\ [2013.05.07 15:32:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.14 10:39:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.27 22:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geisens\AppData\Roaming\mozilla\Extensions [2013.05.07 16:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\b4jip9iu.default\extensions [2013.04.16 15:35:26 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\b4jip9iu.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} [2013.05.07 15:32:47 | 000,000,000 | ---D | M] (DealPly Shopping) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\b4jip9iu.default\extensions\amo@dealplyshopping.com [2013.05.04 09:59:32 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\b4jip9iu.default\extensions\ffxtlbr@delta.com [2012.11.18 17:19:12 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\b4jip9iu.default\extensions\ffxtlbr@incredibar.com [2013.05.07 16:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\mData\extensions [2013.05.04 09:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\mData\Kaspersky Lab\SafeBrowser\S-1-5-21-204554976-1084251578-889026679-1002\FireFox\extensions [2013.05.04 09:59:34 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\mData\Kaspersky Lab\SafeBrowser\S-1-5-21-204554976-1084251578-889026679-1002\FireFox\extensions\ffxtlbr@delta.com [2013.02.22 11:38:49 | 000,021,487 | ---- | M] () (No name found) -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\extensions\plugin@yontoo.com.xpi [2013.05.07 16:30:11 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.16 16:11:00 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013.05.04 09:59:39 | 000,006,506 | ---- | M] () -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\searchplugins\babylon.xml [2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\searchplugins\BrowserProtect.xml [2013.05.04 09:59:36 | 000,001,294 | ---- | M] () -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\searchplugins\delta.xml [2013.02.16 06:02:26 | 000,001,064 | ---- | M] () -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml [2013.02.16 06:02:07 | 000,009,631 | ---- | M] () -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\searchplugins\my-web-search.xml [2013.05.07 17:43:33 | 000,002,120 | ---- | M] () -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\searchplugins\MyStart Search.xml [2013.01.15 21:26:33 | 000,003,998 | ---- | M] () -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\searchplugins\sweetim.xml [2013.04.14 10:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.24 16:10:02 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2013.04.24 16:10:10 | 000,000,000 | ---D | M] (Content Blocker) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM [2013.04.24 16:10:34 | 000,000,000 | ---D | M] (Safe Money) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ONLINE_BANKING@KASPERSKY.COM [2013.04.24 16:10:50 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\URL_ADVISOR@KASPERSKY.COM [2013.04.24 16:10:58 | 000,000,000 | ---D | M] (Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM [2013.05.07 15:32:45 | 000,000,000 | ---D | M] ("Lyrics Finder") -- C:\PROGRAM FILES (X86)\LYRICSFINDER\FF [2013.04.14 10:39:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.05.04 09:58:35 | 000,006,503 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: SweetIM Search (Enabled) CHR - default_search_provider: search_url = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10028&barid={6739D974-5F49-11E2-BAD3-D43D7E19BEE5} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://home.sweetim.com/?crg=3.1010006.10028&barid={6739D974-5F49-11E2-BAD3-D43D7E19BEE5} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\plugin/npUrlAdvisor.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Lyrics Finder = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbcopcndefcccgdofjadnafjljgofam\1.110_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\ CHR - Extension: Yontoo = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\ CHR - Extension: Anti-Banner = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Lyrics Finder = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbcopcndefcccgdofjadnafjljgofam\1.110_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\ CHR - Extension: Yontoo = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\ CHR - Extension: Anti-Banner = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2013.05.07 20:31:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Geisens\AppData\LocalLow\CT2625848\ldrtbDVDV.dll File not found O2 - BHO: (Lyrics Finder) - {398C01F1-E584-46AD-A649-4F78B435DCFE} - C:\Program Files (x86)\LyricsFinder\lfind.dll (Nijad Software) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll File not found O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Geisens\AppData\LocalLow\CT2625848\ldrtbDVDV.dll File not found O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O16 - DPF: {5BF3E4A3-7E64-4D53-B512-2E242E837D24} https://einfach.otto.de/ottoproj/ottomce//bin/activex/MCEControls.cab (CMCEInputCtl Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5495F9BC-3583-4D47-AEC5-DF6319A8D0ED}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.07 20:35:15 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.07 20:31:29 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.05.07 20:22:40 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.05.07 19:43:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.07 19:43:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.07 19:43:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.07 19:43:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.07 19:43:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.07 17:54:26 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.05.07 17:49:11 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Local\Diagnostics [2013.05.07 17:20:26 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Local\ElevatedDiagnostics [2013.05.07 16:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.07 16:57:30 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.05.07 16:57:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.05.07 16:57:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.05.07 16:57:27 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.05.07 16:57:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.05.07 15:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2013.05.07 15:52:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2013.05.07 15:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2013.05.07 15:37:59 | 000,000,000 | ---D | C] -- C:\Users\Geisens\Qtrax [2013.05.07 15:37:59 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QTRAX [2013.05.07 15:33:31 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Local\Downloaded Installations [2013.05.07 15:32:54 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\Video Converter Packages [2013.05.07 15:32:49 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\DSite [2013.05.07 15:32:49 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\DealPly [2013.05.07 15:32:46 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly [2013.05.07 15:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoConverter [2013.05.07 15:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsFinder [2013.05.06 22:33:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.05.06 22:33:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.05.05 18:13:25 | 000,000,000 | ---D | C] -- C:\Users\Geisens\Haushaltsplan [2013.05.04 09:59:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013.05.04 09:59:26 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\Delta [2013.05.04 09:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.05.04 09:58:00 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\Babylon [2013.05.04 09:57:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.05.04 09:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.04.24 14:46:52 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 4.2 [2013.04.23 12:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2013.04.23 12:39:40 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\AVS4YOU [2013.04.23 12:38:09 | 011,137,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxsw32.dll [2013.04.23 12:38:04 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll [2013.04.23 12:38:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU [2013.04.23 12:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2013.04.14 10:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.10 23:07:51 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.10 23:07:51 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.10 23:07:50 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.10 23:07:50 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.10 23:07:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.10 23:07:50 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.04.10 23:07:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.04.10 23:07:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.04.10 23:07:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.10 23:07:50 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.10 23:07:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.04.10 23:07:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.10 23:07:48 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.10 23:07:48 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.10 23:07:48 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.10 10:27:19 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.10 10:27:19 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.10 10:27:19 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.04.10 10:27:19 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.04.10 10:27:19 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.04.10 10:27:19 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.04.10 10:27:09 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.10 10:27:09 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.10 10:27:09 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.10 10:27:09 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.10 10:27:09 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.10 10:27:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.09 19:29:01 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Local\Cyberlink [2013.04.09 11:31:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp [2013.04.09 11:31:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC [9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.08 06:41:37 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.08 06:41:37 | 000,654,602 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.08 06:41:37 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.08 06:41:37 | 000,130,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.08 06:41:37 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.08 06:41:29 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.08 06:41:29 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.08 06:41:02 | 000,000,579 | ---- | M] () -- C:\Users\Geisens\Desktop\OTL - Verknüpfung.lnk [2013.05.08 06:37:20 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\Lyrics Finder Update.job [2013.05.08 06:36:11 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.08 06:36:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.08 06:34:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.08 06:34:11 | 2787,954,688 | -HS- | M] () -- C:\hiberfil.sys [2013.05.07 21:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.07 20:31:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.07 19:42:53 | 000,000,620 | ---- | M] () -- C:\Users\Geisens\Desktop\ComboFix - Verknüpfung.lnk [2013.05.07 16:57:23 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013.05.07 16:57:23 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.05.07 16:57:23 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.05.07 16:57:23 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.05.07 16:57:23 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.05.07 16:57:23 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.05.07 15:38:02 | 000,002,355 | ---- | M] () -- C:\Users\Geisens\Desktop\Qtrax Player.lnk [2013.05.07 15:33:07 | 000,000,000 | ---- | M] () -- C:\END [2013.05.04 09:57:55 | 000,001,311 | ---- | M] () -- C:\Users\Public\Desktop\Free DVD Video Burner.lnk [2013.05.04 09:57:54 | 000,001,243 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2013.05.04 09:57:53 | 000,001,402 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to DVD Converter.lnk [2013.04.24 16:07:05 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys [2013.04.24 16:07:05 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys [2013.04.24 16:06:50 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys [2013.04.24 16:06:42 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys [2013.04.24 14:46:52 | 000,002,217 | ---- | M] () -- C:\Users\Geisens\Desktop\GeoGebra 4.2.lnk [2013.04.23 10:03:27 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini [2013.04.23 10:03:15 | 000,000,835 | ---- | M] () -- C:\Users\Geisens\Desktop\LGMobile Support Tool.lnk [2013.04.11 09:48:38 | 000,291,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 21:27:32 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.08 06:41:02 | 000,000,579 | ---- | C] () -- C:\Users\Geisens\Desktop\OTL - Verknüpfung.lnk [2013.05.07 19:43:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.07 19:43:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.07 19:43:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.07 19:43:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.07 19:43:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.07 19:42:53 | 000,000,620 | ---- | C] () -- C:\Users\Geisens\Desktop\ComboFix - Verknüpfung.lnk [2013.05.07 15:38:02 | 000,002,385 | ---- | C] () -- C:\Users\Geisens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk [2013.05.07 15:38:02 | 000,002,355 | ---- | C] () -- C:\Users\Geisens\Desktop\Qtrax Player.lnk [2013.05.07 15:32:47 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\Lyrics Finder Update.job [2013.05.04 09:57:55 | 000,001,311 | ---- | C] () -- C:\Users\Public\Desktop\Free DVD Video Burner.lnk [2013.05.04 09:57:54 | 000,001,243 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2013.05.04 09:57:53 | 000,001,402 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to DVD Converter.lnk [2013.04.24 14:46:52 | 000,002,217 | ---- | C] () -- C:\Users\Geisens\Desktop\GeoGebra 4.2.lnk [2013.01.15 16:15:38 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2013.01.15 16:15:38 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2012.12.30 03:42:31 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.12.28 11:18:22 | 000,017,408 | ---- | C] () -- C:\Users\Geisens\AppData\Local\WebpageIcons.db [2012.09.27 21:16:42 | 010,480,310 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.27 20:22:56 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.09.27 20:22:56 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.09.27 20:22:23 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.09.27 20:21:30 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.09.27 20:21:30 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.09.27 20:15:44 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2012.05.05 00:37:46 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012.04.25 21:49:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.25 20:29:27 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.25 20:29:27 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.04.25 20:29:26 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.04.20 20:58:24 | 000,072,017 | ---- | C] () -- C:\Windows\SysWow64\Uninstall ALDI SÜD Mah Jong.exe [2012.04.20 01:12:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > MfG Mamut |
|
08.05.2013, 06:18
| #6 |
| | Sicherheitscenter streikt ! Hallo, hier die Logfiles:OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.05.2013 06:43:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = I:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,46 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 75,24% Memory free 6,92 Gb Paging File | 6,01 Gb Available in Paging File | 86,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 880,41 Gb Total Space | 127,32 Gb Free Space | 14,46% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 26,39 Gb Free Space | 52,78% Space Free | Partition Type: NTFS Drive I: | 1006,73 Mb Total Space | 545,45 Mb Free Space | 54,18% Space Free | Partition Type: FAT Computer Name: GEISENS-PC | User Name: Geisens | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - I:\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () ========== Services (SafeList) ========== SRV:64bit: - (IBUpdaterService) -- C:\Windows\SysNative\dmwu.exe () SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (watchmi) -- C:\Program Files (x86)\watchmi\TvdService.exe () SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) SRV - (CyberLink PowerDVD 10 MS Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink) SRV - (CyberLink PowerDVD 10 MS Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO) DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.) DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.) DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.) DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.) DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - SOFTWARE\Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm080^YY^de&si=COS34NX4ubUCFUGR3godv1sAVg&ptb=B7C4885A-075B-4A1D-BCA9-A7F4BC22424E&ind=2013042306&n=77fc9682&psa=&st=sb&searchfor={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10028&barid={6739D974-5F49-11E2-BAD3-D43D7E19BEE5} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10028&barid={6739D974-5F49-11E2-BAD3-D43D7E19BEE5} IE - HKCU\..\SearchScopes,DefaultScope = {650B21C0-0045-417E-98F1-D41C0EF30B36} IE - HKCU\..\SearchScopes\{255471A0-85BA-4289-BFF5-2E97BB2CEF47}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&CUI=UN29539286393902638&SSPV=TB_IESB27 IE - HKCU\..\SearchScopes\{650B21C0-0045-417E-98F1-D41C0EF30B36}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_deDE503 IE - HKCU\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm080^YY^de&si=COS34NX4ubUCFUGR3godv1sAVg&ptb=B7C4885A-075B-4A1D-BCA9-A7F4BC22424E&ind=2013042306&n=77fc9682&psa=&st=sb&searchfor={searchTerms} IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10028&barid={6739D974-5F49-11E2-BAD3-D43D7E19BEE5} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultenginename: "My Web Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Delta Search" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www2.delta-search.com/?affID=121562&tt=gc_&babsrc=HP_ss&mntrId=204CE0B9A5E89AE3" FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0 FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02 FF - prefs.js..extensions.enabledAddons: %7B0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff%7D:10.15.2.523 FF - prefs.js..extensions.enabledAddons: url_advisor%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: virtual_keyboard%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: online_banking%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0 FF - prefs.js..extensions.enabledAddons: amo%40dealplyshopping.com:2.0 FF - prefs.js..extensions.enabledAddons: lfind%40nijadsoft.net:1.110 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&CUI=UN49480471408670657&UM=&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "DVDVideoSoftTB DE Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI=SB_CUI" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.24 16:10:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.24 16:10:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.24 16:10:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.24 16:10:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.24 16:10:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.14 10:39:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lfind@nijadsoft.net: C:\Program Files (x86)\LyricsFinder\FF\ [2013.05.07 15:32:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.14 10:39:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.27 22:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geisens\AppData\Roaming\mozilla\Extensions [2013.05.07 16:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\b4jip9iu.default\extensions [2013.04.16 15:35:26 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\b4jip9iu.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} [2013.05.07 15:32:47 | 000,000,000 | ---D | M] (DealPly Shopping) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\b4jip9iu.default\extensions\amo@dealplyshopping.com [2013.05.04 09:59:32 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\b4jip9iu.default\extensions\ffxtlbr@delta.com [2012.11.18 17:19:12 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\b4jip9iu.default\extensions\ffxtlbr@incredibar.com [2013.05.07 16:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\mData\extensions [2013.05.04 09:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\mData\Kaspersky Lab\SafeBrowser\S-1-5-21-204554976-1084251578-889026679-1002\FireFox\extensions [2013.05.04 09:59:34 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\mData\Kaspersky Lab\SafeBrowser\S-1-5-21-204554976-1084251578-889026679-1002\FireFox\extensions\ffxtlbr@delta.com [2013.02.22 11:38:49 | 000,021,487 | ---- | M] () (No name found) -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\extensions\plugin@yontoo.com.xpi [2013.05.07 16:30:11 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.16 16:11:00 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013.05.04 09:59:39 | 000,006,506 | ---- | M] () -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\searchplugins\babylon.xml [2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\searchplugins\BrowserProtect.xml [2013.05.04 09:59:36 | 000,001,294 | ---- | M] () -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\searchplugins\delta.xml [2013.02.16 06:02:26 | 000,001,064 | ---- | M] () -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml [2013.02.16 06:02:07 | 000,009,631 | ---- | M] () -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\searchplugins\my-web-search.xml [2013.05.07 17:43:33 | 000,002,120 | ---- | M] () -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\searchplugins\MyStart Search.xml [2013.01.15 21:26:33 | 000,003,998 | ---- | M] () -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\searchplugins\sweetim.xml [2013.04.14 10:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.24 16:10:02 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2013.04.24 16:10:10 | 000,000,000 | ---D | M] (Content Blocker) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM [2013.04.24 16:10:34 | 000,000,000 | ---D | M] (Safe Money) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ONLINE_BANKING@KASPERSKY.COM [2013.04.24 16:10:50 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\URL_ADVISOR@KASPERSKY.COM [2013.04.24 16:10:58 | 000,000,000 | ---D | M] (Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM [2013.05.07 15:32:45 | 000,000,000 | ---D | M] ("Lyrics Finder") -- C:\PROGRAM FILES (X86)\LYRICSFINDER\FF [2013.04.14 10:39:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.05.04 09:58:35 | 000,006,503 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: SweetIM Search (Enabled) CHR - default_search_provider: search_url = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10028&barid={6739D974-5F49-11E2-BAD3-D43D7E19BEE5} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://home.sweetim.com/?crg=3.1010006.10028&barid={6739D974-5F49-11E2-BAD3-D43D7E19BEE5} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\plugin/npUrlAdvisor.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Lyrics Finder = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbcopcndefcccgdofjadnafjljgofam\1.110_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\ CHR - Extension: Yontoo = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\ CHR - Extension: Anti-Banner = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Lyrics Finder = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbcopcndefcccgdofjadnafjljgofam\1.110_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\ CHR - Extension: Yontoo = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\ CHR - Extension: Anti-Banner = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2013.05.07 20:31:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Geisens\AppData\LocalLow\CT2625848\ldrtbDVDV.dll File not found O2 - BHO: (Lyrics Finder) - {398C01F1-E584-46AD-A649-4F78B435DCFE} - C:\Program Files (x86)\LyricsFinder\lfind.dll (Nijad Software) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll File not found O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Geisens\AppData\LocalLow\CT2625848\ldrtbDVDV.dll File not found O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O16 - DPF: {5BF3E4A3-7E64-4D53-B512-2E242E837D24} https://einfach.otto.de/ottoproj/ottomce//bin/activex/MCEControls.cab (CMCEInputCtl Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5495F9BC-3583-4D47-AEC5-DF6319A8D0ED}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.07 20:35:15 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.07 20:31:29 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.05.07 20:22:40 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.05.07 19:43:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.07 19:43:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.07 19:43:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.07 19:43:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.07 19:43:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.07 17:54:26 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.05.07 17:49:11 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Local\Diagnostics [2013.05.07 17:20:26 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Local\ElevatedDiagnostics [2013.05.07 16:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.07 16:57:30 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.05.07 16:57:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.05.07 16:57:27 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.05.07 16:57:27 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.05.07 16:57:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.05.07 15:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2013.05.07 15:52:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2013.05.07 15:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2013.05.07 15:37:59 | 000,000,000 | ---D | C] -- C:\Users\Geisens\Qtrax [2013.05.07 15:37:59 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QTRAX [2013.05.07 15:33:31 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Local\Downloaded Installations [2013.05.07 15:32:54 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\Video Converter Packages [2013.05.07 15:32:49 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\DSite [2013.05.07 15:32:49 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\DealPly [2013.05.07 15:32:46 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly [2013.05.07 15:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoConverter [2013.05.07 15:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsFinder [2013.05.06 22:33:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.05.06 22:33:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.05.05 18:13:25 | 000,000,000 | ---D | C] -- C:\Users\Geisens\Haushaltsplan [2013.05.04 09:59:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013.05.04 09:59:26 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\Delta [2013.05.04 09:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.05.04 09:58:00 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\Babylon [2013.05.04 09:57:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.05.04 09:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.04.24 14:46:52 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 4.2 [2013.04.23 12:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2013.04.23 12:39:40 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\AVS4YOU [2013.04.23 12:38:09 | 011,137,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxsw32.dll [2013.04.23 12:38:04 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll [2013.04.23 12:38:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU [2013.04.23 12:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2013.04.14 10:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.10 23:07:51 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.04.10 23:07:51 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.04.10 23:07:50 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.10 23:07:50 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.10 23:07:50 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.10 23:07:50 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.04.10 23:07:50 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.04.10 23:07:50 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.04.10 23:07:50 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.10 23:07:50 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.10 23:07:50 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.04.10 23:07:50 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.10 23:07:48 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.10 23:07:48 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.10 23:07:48 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.10 10:27:19 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.10 10:27:19 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.10 10:27:19 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.04.10 10:27:19 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.04.10 10:27:19 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.04.10 10:27:19 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.04.10 10:27:09 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.10 10:27:09 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.04.10 10:27:09 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.04.10 10:27:09 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.04.10 10:27:09 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.04.10 10:27:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.04.09 19:29:01 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Local\Cyberlink [2013.04.09 11:31:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp [2013.04.09 11:31:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC [9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.08 06:41:37 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.08 06:41:37 | 000,654,602 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.08 06:41:37 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.08 06:41:37 | 000,130,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.08 06:41:37 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.08 06:41:29 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.08 06:41:29 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.08 06:41:02 | 000,000,579 | ---- | M] () -- C:\Users\Geisens\Desktop\OTL - Verknüpfung.lnk [2013.05.08 06:37:20 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\Lyrics Finder Update.job [2013.05.08 06:36:11 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.08 06:36:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.08 06:34:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.08 06:34:11 | 2787,954,688 | -HS- | M] () -- C:\hiberfil.sys [2013.05.07 21:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.07 20:31:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.07 19:42:53 | 000,000,620 | ---- | M] () -- C:\Users\Geisens\Desktop\ComboFix - Verknüpfung.lnk [2013.05.07 16:57:23 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013.05.07 16:57:23 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.05.07 16:57:23 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.05.07 16:57:23 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.05.07 16:57:23 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.05.07 16:57:23 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.05.07 15:38:02 | 000,002,355 | ---- | M] () -- C:\Users\Geisens\Desktop\Qtrax Player.lnk [2013.05.07 15:33:07 | 000,000,000 | ---- | M] () -- C:\END [2013.05.04 09:57:55 | 000,001,311 | ---- | M] () -- C:\Users\Public\Desktop\Free DVD Video Burner.lnk [2013.05.04 09:57:54 | 000,001,243 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2013.05.04 09:57:53 | 000,001,402 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to DVD Converter.lnk [2013.04.24 16:07:05 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys [2013.04.24 16:07:05 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys [2013.04.24 16:06:50 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys [2013.04.24 16:06:42 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys [2013.04.24 14:46:52 | 000,002,217 | ---- | M] () -- C:\Users\Geisens\Desktop\GeoGebra 4.2.lnk [2013.04.23 10:03:27 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini [2013.04.23 10:03:15 | 000,000,835 | ---- | M] () -- C:\Users\Geisens\Desktop\LGMobile Support Tool.lnk [2013.04.11 09:48:38 | 000,291,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 21:27:32 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.08 06:41:02 | 000,000,579 | ---- | C] () -- C:\Users\Geisens\Desktop\OTL - Verknüpfung.lnk [2013.05.07 19:43:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.07 19:43:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.07 19:43:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.07 19:43:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.07 19:43:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.07 19:42:53 | 000,000,620 | ---- | C] () -- C:\Users\Geisens\Desktop\ComboFix - Verknüpfung.lnk [2013.05.07 15:38:02 | 000,002,385 | ---- | C] () -- C:\Users\Geisens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk [2013.05.07 15:38:02 | 000,002,355 | ---- | C] () -- C:\Users\Geisens\Desktop\Qtrax Player.lnk [2013.05.07 15:32:47 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\Lyrics Finder Update.job [2013.05.04 09:57:55 | 000,001,311 | ---- | C] () -- C:\Users\Public\Desktop\Free DVD Video Burner.lnk [2013.05.04 09:57:54 | 000,001,243 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2013.05.04 09:57:53 | 000,001,402 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to DVD Converter.lnk [2013.04.24 14:46:52 | 000,002,217 | ---- | C] () -- C:\Users\Geisens\Desktop\GeoGebra 4.2.lnk [2013.01.15 16:15:38 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2013.01.15 16:15:38 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2012.12.30 03:42:31 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.12.28 11:18:22 | 000,017,408 | ---- | C] () -- C:\Users\Geisens\AppData\Local\WebpageIcons.db [2012.09.27 21:16:42 | 010,480,310 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.27 20:22:56 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.09.27 20:22:56 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.09.27 20:22:23 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.09.27 20:21:30 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.09.27 20:21:30 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.09.27 20:15:44 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2012.05.05 00:37:46 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012.04.25 21:49:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.25 20:29:27 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.25 20:29:27 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.04.25 20:29:26 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.04.20 20:58:24 | 000,072,017 | ---- | C] () -- C:\Windows\SysWow64\Uninstall ALDI SÜD Mah Jong.exe [2012.04.20 01:12:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > MfG Mamut hier der Quick Scan :OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.05.2013 07:11:26 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = I:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,46 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 75,23% Memory free 6,92 Gb Paging File | 6,21 Gb Available in Paging File | 89,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 880,41 Gb Total Space | 127,30 Gb Free Space | 14,46% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 26,39 Gb Free Space | 52,78% Space Free | Partition Type: NTFS Drive I: | 1006,73 Mb Total Space | 545,27 Mb Free Space | 54,16% Space Free | Partition Type: FAT Computer Name: GEISENS-PC | User Name: Geisens | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - I:\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (IBUpdaterService) -- C:\Windows\SysNative\dmwu.exe () SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (watchmi) -- C:\Program Files (x86)\watchmi\TvdService.exe () SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) SRV - (CyberLink PowerDVD 10 MS Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (CyberLink) SRV - (CyberLink PowerDVD 10 MS Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO) DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO) DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.) DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.) DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.) DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.) DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - SOFTWARE\Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm080^YY^de&si=COS34NX4ubUCFUGR3godv1sAVg&ptb=B7C4885A-075B-4A1D-BCA9-A7F4BC22424E&ind=2013042306&n=77fc9682&psa=&st=sb&searchfor={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10028&barid={6739D974-5F49-11E2-BAD3-D43D7E19BEE5} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010006.10028&barid={6739D974-5F49-11E2-BAD3-D43D7E19BEE5} IE - HKCU\..\SearchScopes,DefaultScope = {650B21C0-0045-417E-98F1-D41C0EF30B36} IE - HKCU\..\SearchScopes\{255471A0-85BA-4289-BFF5-2E97BB2CEF47}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848&CUI=UN29539286393902638&SSPV=TB_IESB27 IE - HKCU\..\SearchScopes\{650B21C0-0045-417E-98F1-D41C0EF30B36}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_deDE503 IE - HKCU\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm080^YY^de&si=COS34NX4ubUCFUGR3godv1sAVg&ptb=B7C4885A-075B-4A1D-BCA9-A7F4BC22424E&ind=2013042306&n=77fc9682&psa=&st=sb&searchfor={searchTerms} IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10028&barid={6739D974-5F49-11E2-BAD3-D43D7E19BEE5} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultenginename: "My Web Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Delta Search" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www2.delta-search.com/?affID=121562&tt=gc_&babsrc=HP_ss&mntrId=204CE0B9A5E89AE3" FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0 FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02 FF - prefs.js..extensions.enabledAddons: %7B0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff%7D:10.15.2.523 FF - prefs.js..extensions.enabledAddons: url_advisor%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: virtual_keyboard%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: online_banking%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0 FF - prefs.js..extensions.enabledAddons: amo%40dealplyshopping.com:2.0 FF - prefs.js..extensions.enabledAddons: lfind%40nijadsoft.net:1.110 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2625848&SearchSource=2&CUI=UN49480471408670657&UM=&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "DVDVideoSoftTB DE Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2625848&SearchSource=13&CUI=SB_CUI" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.24 16:10:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.24 16:10:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.24 16:10:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.24 16:10:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.24 16:10:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.14 10:39:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lfind@nijadsoft.net: C:\Program Files (x86)\LyricsFinder\FF\ [2013.05.07 15:32:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.14 10:39:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.27 22:18:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geisens\AppData\Roaming\mozilla\Extensions [2013.05.07 16:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\b4jip9iu.default\extensions [2013.04.16 15:35:26 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\b4jip9iu.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} [2013.05.07 15:32:47 | 000,000,000 | ---D | M] (DealPly Shopping) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\b4jip9iu.default\extensions\amo@dealplyshopping.com [2013.05.04 09:59:32 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\b4jip9iu.default\extensions\ffxtlbr@delta.com [2012.11.18 17:19:12 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\b4jip9iu.default\extensions\ffxtlbr@incredibar.com [2013.05.07 16:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\mData\extensions [2013.05.04 09:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\mData\Kaspersky Lab\SafeBrowser\S-1-5-21-204554976-1084251578-889026679-1002\FireFox\extensions [2013.05.04 09:59:34 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\Geisens\AppData\Roaming\mozilla\Firefox\Profiles\mData\Kaspersky Lab\SafeBrowser\S-1-5-21-204554976-1084251578-889026679-1002\FireFox\extensions\ffxtlbr@delta.com [2013.02.22 11:38:49 | 000,021,487 | ---- | M] () (No name found) -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\extensions\plugin@yontoo.com.xpi [2013.05.07 16:30:11 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.16 16:11:00 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013.05.04 09:59:39 | 000,006,506 | ---- | M] () -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\searchplugins\babylon.xml [2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\searchplugins\BrowserProtect.xml [2013.05.04 09:59:36 | 000,001,294 | ---- | M] () -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\searchplugins\delta.xml [2013.02.16 06:02:26 | 000,001,064 | ---- | M] () -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml [2013.02.16 06:02:07 | 000,009,631 | ---- | M] () -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\searchplugins\my-web-search.xml [2013.05.07 17:43:33 | 000,002,120 | ---- | M] () -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\searchplugins\MyStart Search.xml [2013.01.15 21:26:33 | 000,003,998 | ---- | M] () -- C:\Users\Geisens\AppData\Roaming\mozilla\firefox\profiles\b4jip9iu.default\searchplugins\sweetim.xml [2013.04.14 10:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.24 16:10:02 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM [2013.04.24 16:10:10 | 000,000,000 | ---D | M] (Content Blocker) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM [2013.04.24 16:10:34 | 000,000,000 | ---D | M] (Safe Money) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ONLINE_BANKING@KASPERSKY.COM [2013.04.24 16:10:50 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\URL_ADVISOR@KASPERSKY.COM [2013.04.24 16:10:58 | 000,000,000 | ---D | M] (Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM [2013.05.07 15:32:45 | 000,000,000 | ---D | M] ("Lyrics Finder") -- C:\PROGRAM FILES (X86)\LYRICSFINDER\FF [2013.04.14 10:39:53 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.05.04 09:58:35 | 000,006,503 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: SweetIM Search (Enabled) CHR - default_search_provider: search_url = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10028&barid={6739D974-5F49-11E2-BAD3-D43D7E19BEE5} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://home.sweetim.com/?crg=3.1010006.10028&barid={6739D974-5F49-11E2-BAD3-D43D7E19BEE5} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\plugin/npUrlAdvisor.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Lyrics Finder = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbcopcndefcccgdofjadnafjljgofam\1.110_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\ CHR - Extension: Yontoo = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\ CHR - Extension: Anti-Banner = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Lyrics Finder = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbcopcndefcccgdofjadnafjljgofam\1.110_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\ CHR - Extension: SweetIM for Facebook = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\ CHR - Extension: Yontoo = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\ CHR - Extension: Anti-Banner = C:\Users\Geisens\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2013.05.07 20:31:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Geisens\AppData\LocalLow\CT2625848\ldrtbDVDV.dll File not found O2 - BHO: (Lyrics Finder) - {398C01F1-E584-46AD-A649-4F78B435DCFE} - C:\Program Files (x86)\LyricsFinder\lfind.dll (Nijad Software) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll File not found O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Geisens\AppData\LocalLow\CT2625848\ldrtbDVDV.dll File not found O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O16 - DPF: {5BF3E4A3-7E64-4D53-B512-2E242E837D24} https://einfach.otto.de/ottoproj/ottomce//bin/activex/MCEControls.cab (CMCEInputCtl Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5495F9BC-3583-4D47-AEC5-DF6319A8D0ED}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.07 20:35:15 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.07 20:31:29 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.05.07 20:22:40 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.05.07 19:43:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.07 19:43:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.07 19:43:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.07 19:43:51 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.07 19:43:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.07 17:54:26 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.05.07 17:49:11 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Local\Diagnostics [2013.05.07 17:20:26 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Local\ElevatedDiagnostics [2013.05.07 16:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.07 16:57:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.05.07 15:52:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2013.05.07 15:52:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager [2013.05.07 15:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2013.05.07 15:37:59 | 000,000,000 | ---D | C] -- C:\Users\Geisens\Qtrax [2013.05.07 15:37:59 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QTRAX [2013.05.07 15:33:31 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Local\Downloaded Installations [2013.05.07 15:32:54 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\Video Converter Packages [2013.05.07 15:32:49 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\DSite [2013.05.07 15:32:49 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\DealPly [2013.05.07 15:32:46 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly [2013.05.07 15:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoConverter [2013.05.07 15:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsFinder [2013.05.06 22:33:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.05.06 22:33:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.05.05 18:13:25 | 000,000,000 | ---D | C] -- C:\Users\Geisens\Haushaltsplan [2013.05.04 09:59:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013.05.04 09:59:26 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\Delta [2013.05.04 09:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.05.04 09:58:00 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\Babylon [2013.05.04 09:57:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.05.04 09:57:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.04.24 14:46:52 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 4.2 [2013.04.23 12:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2013.04.23 12:39:40 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Roaming\AVS4YOU [2013.04.23 12:38:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU [2013.04.23 12:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2013.04.14 10:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.09 19:29:01 | 000,000,000 | ---D | C] -- C:\Users\Geisens\AppData\Local\Cyberlink [2013.04.09 11:31:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp [2013.04.09 11:31:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC [9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.08 07:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.08 06:41:37 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.08 06:41:37 | 000,654,602 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.08 06:41:37 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.08 06:41:37 | 000,130,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.08 06:41:37 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.08 06:41:29 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.08 06:41:29 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.08 06:41:02 | 000,000,579 | ---- | M] () -- C:\Users\Geisens\Desktop\OTL - Verknüpfung.lnk [2013.05.08 06:37:20 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\Lyrics Finder Update.job [2013.05.08 06:36:11 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.08 06:36:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.08 06:34:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.08 06:34:11 | 2787,954,688 | -HS- | M] () -- C:\hiberfil.sys [2013.05.07 20:31:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.07 19:42:53 | 000,000,620 | ---- | M] () -- C:\Users\Geisens\Desktop\ComboFix - Verknüpfung.lnk [2013.05.07 15:38:02 | 000,002,355 | ---- | M] () -- C:\Users\Geisens\Desktop\Qtrax Player.lnk [2013.05.07 15:33:07 | 000,000,000 | ---- | M] () -- C:\END [2013.05.04 09:57:55 | 000,001,311 | ---- | M] () -- C:\Users\Public\Desktop\Free DVD Video Burner.lnk [2013.05.04 09:57:54 | 000,001,243 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2013.05.04 09:57:53 | 000,001,402 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to DVD Converter.lnk [2013.04.24 16:07:05 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys [2013.04.24 16:07:05 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys [2013.04.24 16:06:50 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys [2013.04.24 16:06:42 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys [2013.04.24 14:46:52 | 000,002,217 | ---- | M] () -- C:\Users\Geisens\Desktop\GeoGebra 4.2.lnk [2013.04.23 10:03:27 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini [2013.04.23 10:03:15 | 000,000,835 | ---- | M] () -- C:\Users\Geisens\Desktop\LGMobile Support Tool.lnk [2013.04.11 09:48:38 | 000,291,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 21:27:32 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.08 06:41:02 | 000,000,579 | ---- | C] () -- C:\Users\Geisens\Desktop\OTL - Verknüpfung.lnk [2013.05.07 19:43:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.07 19:43:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.07 19:43:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.07 19:43:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.07 19:43:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.07 19:42:53 | 000,000,620 | ---- | C] () -- C:\Users\Geisens\Desktop\ComboFix - Verknüpfung.lnk [2013.05.07 15:38:02 | 000,002,385 | ---- | C] () -- C:\Users\Geisens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk [2013.05.07 15:38:02 | 000,002,355 | ---- | C] () -- C:\Users\Geisens\Desktop\Qtrax Player.lnk [2013.05.07 15:32:47 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\Lyrics Finder Update.job [2013.05.04 09:57:55 | 000,001,311 | ---- | C] () -- C:\Users\Public\Desktop\Free DVD Video Burner.lnk [2013.05.04 09:57:54 | 000,001,243 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2013.05.04 09:57:53 | 000,001,402 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to DVD Converter.lnk [2013.04.24 14:46:52 | 000,002,217 | ---- | C] () -- C:\Users\Geisens\Desktop\GeoGebra 4.2.lnk [2013.01.15 16:15:38 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2013.01.15 16:15:38 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2012.12.30 03:42:31 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.12.28 11:18:22 | 000,017,408 | ---- | C] () -- C:\Users\Geisens\AppData\Local\WebpageIcons.db [2012.09.27 21:16:42 | 010,480,310 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.27 20:22:56 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini [2012.09.27 20:22:56 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini [2012.09.27 20:22:23 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.09.27 20:21:30 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini [2012.09.27 20:21:30 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat [2012.09.27 20:15:44 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2012.05.05 00:37:46 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012.04.25 21:49:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.25 20:29:27 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.25 20:29:27 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.04.25 20:29:26 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.04.20 20:58:24 | 000,072,017 | ---- | C] () -- C:\Windows\SysWow64\Uninstall ALDI SÜD Mah Jong.exe [2012.04.20 01:12:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.28 16:45:52 | 000,000,000 | ---D | M] -- C:\Users\Geisens\AppData\Roaming\ALDI_SUED_Mah_Jong [2013.05.04 09:58:00 | 000,000,000 | ---D | M] -- C:\Users\Geisens\AppData\Roaming\Babylon [2013.05.07 15:32:49 | 000,000,000 | ---D | M] -- C:\Users\Geisens\AppData\Roaming\DealPly [2013.05.04 09:59:26 | 000,000,000 | ---D | M] -- C:\Users\Geisens\AppData\Roaming\Delta [2013.05.07 15:32:49 | 000,000,000 | ---D | M] -- C:\Users\Geisens\AppData\Roaming\DSite [2013.05.04 10:28:29 | 000,000,000 | ---D | M] -- C:\Users\Geisens\AppData\Roaming\DVDVideoSoft [2013.05.04 09:57:39 | 000,000,000 | ---D | M] -- C:\Users\Geisens\AppData\Roaming\DVDVideoSoftIEHelpers [2012.11.05 11:18:31 | 000,000,000 | ---D | M] -- C:\Users\Geisens\AppData\Roaming\elsterformular [2012.12.24 16:59:55 | 000,000,000 | ---D | M] -- C:\Users\Geisens\AppData\Roaming\GitarreroSoftware [2013.05.04 09:57:44 | 000,000,000 | ---D | M] -- C:\Users\Geisens\AppData\Roaming\OpenCandy [2012.09.27 20:23:47 | 000,000,000 | ---D | M] -- C:\Users\Geisens\AppData\Roaming\ScanSoft [2013.05.07 06:36:43 | 000,000,000 | ---D | M] -- C:\Users\Geisens\AppData\Roaming\SoftGrid Client [2013.05.07 17:37:18 | 000,000,000 | ---D | M] -- C:\Users\Geisens\AppData\Roaming\Spotify [2012.09.27 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\Geisens\AppData\Roaming\TP [2013.01.15 19:43:32 | 000,000,000 | ---D | M] -- C:\Users\Geisens\AppData\Roaming\TuneUp Software [2013.05.07 15:32:54 | 000,000,000 | ---D | M] -- C:\Users\Geisens\AppData\Roaming\Video Converter Packages [2012.11.07 22:27:19 | 000,000,000 | ---D | M] -- C:\Users\Geisens\AppData\Roaming\WebApp [2012.10.17 07:44:33 | 000,000,000 | ---D | M] -- C:\Users\Geisens\AppData\Roaming\Windows Live Writer [2012.09.27 20:23:51 | 000,000,000 | ---D | M] -- C:\Users\Geisens\AppData\Roaming\Zeon ========== Purity Check ========== < End of report > |
|
08.05.2013, 12:57
| #7 |
| /// Malware-holic | Sicherheitscenter streikt ! Hi hatte Kaspersky Funde, wenn ja, kannst du sie posten?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.05.2013, 14:10
| #8 |
| | Sicherheitscenter streikt ! Kaspersky zegt keine Bedrohung an ! |
|
08.05.2013, 14:17
| #9 |
| /// Malware-holic | Sicherheitscenter streikt ! ich meine nicht momentan, sondern ob es Funde gab, im allgemeinen, prüfe dazu die Protokolle und poste Fund.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.05.2013, 14:32
| #10 |
| | Sicherheitscenter streikt ! Alle Funde: Typ: Phishing-Link (6) Schädlicher Link Inaktiv 20.02.2013 09:55:22 hxxp://www.heganmedia.com/sp/delivery/ js.php?advplaces=6 Schädlicher Link Inaktiv 16.01.2013 15:20:47 ownCloud 011e9e3c96e789da57c6857be363f4a3 Schädlicher Link Inaktiv 16.01.2013 15:20:47 ownCloud 8d8afbd27b0d9a6bc347a63b1810912b Schädlicher Link Inaktiv 15.04.2013 20:30:08 hxxp://hotfast.pl/gptrack/ track.php Schädlicher Link Inaktiv 10.03.2013 23:56:12 Need to Porn - The Greatest Porn Video Collection Schädlicher Link Inaktiv 10.03.2013 23:56:12 Need to Porn - The Greatest Porn Video Collection favicon.ico Typ: trojanisches Programm (4) Exploit.Linux.Lotoor.t Inaktiv 19.01.2013 20:40:18 FAQ4Mobiles.de gingerbreak.png Exploit.Linux.Lotoor.t Inaktiv 19.01.2013 20:38:39 FAQ4Mobiles.de gingerbreak.png Exploit.Linux.Lotoor.t Inaktiv 19.01.2013 20:37:34 FAQ4Mobiles.de gingerbreak.png HEUR:Trojan.Script.Generic Inaktiv 04.03.2013 11:20:25 Castle Of Glass chords by Linkin Park www.e-chords Typ: Schwachstelle (5) Viruslist.com - Oracle Java Multiple Vulnerabilities Virenfreies Objekt in der Quarantäne 24.04.2013 13:00:17 C:\Program Files (x86)\Java\jre7\bin\ java.exe Viruslist.com - Adobe Shockwave Player Multiple Vulnerabilities Virenfreies Objekt in der Quarantäne 16.01.2013 15:04:23 C:\Windows\SysWOW64\Adobe\Shockwave 11\ SwInit.exe Viruslist.com - Adobe Flash Player / AIR Multiple Vulnerabilities Inaktiv 07.05.2013 20:55:24 C:\Windows\SysWOW64\Macromed\Flash\ NPSWF32_11_6_602_180.dll Viruslist.com - Adobe Flash Player / AIR Multiple Vulnerabilities Inaktiv 07.05.2013 20:55:00 C:\Windows\system32\Macromed\Flash\ NPSWF64_11_6_602_180.dll Viruslist.com - Oracle Java Multiple Vulnerabilities Inaktiv 07.05.2013 20:52:00 C:\Program Files\Java\jre7\bin\ java.exe Typ: legales Programm, das von einem Angreifer benutzt werden kann, um den Computer oder die Benutzerdaten zu beschädigen (4) PDM:Trojan.Win32.StartPage.a Inaktiv 07.05.2013 20:35:19 c:\combofix\ creg.dat PDM:Suspicious.Driver.Installation.a Inaktiv 07.05.2013 19:56:01 c:\combofix\ handle.3xe not-a-virus:RemoteAdmin.Win32.WinVNC.e Gelöscht 06.05.2013 13:06:39 c:\musik di1v\software\ultravnc-101-setup.exe// data0130 not-a-virus:RemoteAdmin.Win32.WinVNC.e Gelöscht 06.05.2013 13:05:43 c:\musik di1v\software\ultravnc-101-setup.exe// data0129 Typ: Unbekannt (1) ultravnc-101-setup.exe Gelöscht 06.05.2013 13:06:39 c:\musik di1v\software\ ultravnc-101-setup.exe |
|
08.05.2013, 16:27
| #11 |
| /// Malware-holic | Sicherheitscenter streikt ! Danke. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
08.05.2013, 19:53
| #12 |
| | Sicherheitscenter streikt ! Hallo, hier die TDSSKiller Logfile: 20:47:11.0176 3000 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 20:47:11.0192 3000 ============================================================ 20:47:11.0192 3000 Current date / time: 2013/05/08 20:47:11.0192 20:47:11.0192 3000 SystemInfo: 20:47:11.0192 3000 20:47:11.0192 3000 OS Version: 6.1.7601 ServicePack: 1.0 20:47:11.0192 3000 Product type: Workstation 20:47:11.0192 3000 ComputerName: GEISENS-PC 20:47:11.0192 3000 UserName: Geisens 20:47:11.0192 3000 Windows directory: C:\Windows 20:47:11.0192 3000 System windows directory: C:\Windows 20:47:11.0192 3000 Running under WOW64 20:47:11.0192 3000 Processor architecture: Intel x64 20:47:11.0192 3000 Number of processors: 4 20:47:11.0192 3000 Page size: 0x1000 20:47:11.0192 3000 Boot type: Normal boot 20:47:11.0192 3000 ============================================================ 20:47:12.0518 3000 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:47:12.0549 3000 Drive \Device\Harddisk4\DR4 - Size: 0x3EF00000 (0.98 Gb), SectorSize: 0x200, Cylinders: 0x80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 20:47:12.0549 3000 ============================================================ 20:47:12.0549 3000 \Device\Harddisk0\DR0: 20:47:12.0549 3000 MBR partitions: 20:47:12.0549 3000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 20:47:12.0549 3000 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6E0D3800 20:47:12.0549 3000 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6E106000, BlocksNum 0x6400000 20:47:12.0549 3000 \Device\Harddisk4\DR4: 20:47:12.0549 3000 MBR partitions: 20:47:12.0549 3000 ============================================================ 20:47:12.0611 3000 C: <-> \Device\Harddisk0\DR0\Partition2 20:47:12.0721 3000 D: <-> \Device\Harddisk0\DR0\Partition3 20:47:12.0721 3000 ============================================================ 20:47:12.0736 3000 Initialize success 20:47:12.0736 3000 ============================================================ 20:47:43.0359 0392 ============================================================ 20:47:43.0359 0392 Scan started 20:47:43.0359 0392 Mode: Manual; SigCheck; TDLFS; 20:47:43.0359 0392 ============================================================ 20:47:43.0593 0392 ================ Scan system memory ======================== 20:47:43.0593 0392 System memory - ok 20:47:43.0593 0392 ================ Scan services ============================= 20:47:43.0999 0392 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 20:47:44.0077 0392 1394ohci - ok 20:47:44.0108 0392 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 20:47:44.0123 0392 ACPI - ok 20:47:44.0123 0392 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 20:47:44.0170 0392 AcpiPmi - ok 20:47:44.0264 0392 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 20:47:44.0264 0392 AdobeARMservice - ok 20:47:44.0373 0392 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 20:47:44.0389 0392 AdobeFlashPlayerUpdateSvc - ok 20:47:44.0404 0392 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 20:47:44.0420 0392 adp94xx - ok 20:47:44.0435 0392 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 20:47:44.0451 0392 adpahci - ok 20:47:44.0467 0392 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 20:47:44.0482 0392 adpu320 - ok 20:47:44.0513 0392 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:47:44.0638 0392 AeLookupSvc - ok 20:47:44.0685 0392 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 20:47:44.0732 0392 AFD - ok 20:47:44.0732 0392 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:47:44.0747 0392 agp440 - ok 20:47:44.0763 0392 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 20:47:44.0810 0392 ALG - ok 20:47:44.0825 0392 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 20:47:44.0825 0392 aliide - ok 20:47:44.0872 0392 [ E7D375BA988D76E7FE175B493A152C0A ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 20:47:44.0919 0392 AMD External Events Utility - ok 20:47:44.0997 0392 AMD FUEL Service - ok 20:47:45.0028 0392 [ 2EF1BA6D5DC79FCE5E9216C8C2D3F193 ] amdhub30 C:\Windows\system32\DRIVERS\amdhub30.sys 20:47:45.0091 0392 amdhub30 - ok 20:47:45.0122 0392 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 20:47:45.0122 0392 amdide - ok 20:47:45.0137 0392 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys 20:47:45.0137 0392 amdiox64 - ok 20:47:45.0153 0392 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 20:47:45.0184 0392 AmdK8 - ok 20:47:45.0325 0392 [ 713FB06DE2E3A03587DE208D6B94509F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 20:47:45.0512 0392 amdkmdag - ok 20:47:45.0543 0392 [ E78DF1BE38F723972ED4EF0DBFD621E0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 20:47:45.0559 0392 amdkmdap - ok 20:47:45.0590 0392 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 20:47:45.0605 0392 AmdPPM - ok 20:47:45.0605 0392 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 20:47:45.0621 0392 amdsata - ok 20:47:45.0637 0392 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 20:47:45.0637 0392 amdsbs - ok 20:47:45.0652 0392 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 20:47:45.0668 0392 amdxata - ok 20:47:45.0683 0392 [ 541A6C49C792ED71FB3EFF8C815CFE60 ] amdxhc C:\Windows\system32\DRIVERS\amdxhc.sys 20:47:45.0683 0392 amdxhc - ok 20:47:45.0699 0392 [ A1434F35B7B171CB697D74D33F7D029F ] amd_sata C:\Windows\system32\drivers\amd_sata.sys 20:47:45.0715 0392 amd_sata - ok 20:47:45.0715 0392 [ E9B5A82FA268BB2D1B012030D5F4E096 ] amd_xata C:\Windows\system32\drivers\amd_xata.sys 20:47:45.0730 0392 amd_xata - ok 20:47:45.0746 0392 [ 48CD7E6520D47D62EAB0E6CE3EC30C65 ] Andbus C:\Windows\system32\DRIVERS\lgandbus64.sys 20:47:45.0761 0392 Andbus - ok 20:47:45.0793 0392 [ 08CBACC00D15DCDBBAAE1A7C8F231C61 ] AndDiag C:\Windows\system32\DRIVERS\lganddiag64.sys 20:47:45.0808 0392 AndDiag - ok 20:47:45.0824 0392 [ CEA9A4CD6B3A83428CE8501240833668 ] AndGps C:\Windows\system32\DRIVERS\lgandgps64.sys 20:47:45.0839 0392 AndGps - ok 20:47:45.0855 0392 [ E2B5663E547FA5E756B253EFA8EC8286 ] ANDModem C:\Windows\system32\DRIVERS\lgandmodem64.sys 20:47:45.0871 0392 ANDModem - ok 20:47:45.0886 0392 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 20:47:46.0011 0392 AppID - ok 20:47:46.0027 0392 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 20:47:46.0073 0392 AppIDSvc - ok 20:47:46.0073 0392 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 20:47:46.0120 0392 Appinfo - ok 20:47:46.0167 0392 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 20:47:46.0167 0392 arc - ok 20:47:46.0183 0392 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 20:47:46.0198 0392 arcsas - ok 20:47:46.0214 0392 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:47:46.0245 0392 AsyncMac - ok 20:47:46.0261 0392 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 20:47:46.0276 0392 atapi - ok 20:47:46.0354 0392 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 20:47:46.0354 0392 AtiHDAudioService - ok 20:47:46.0385 0392 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:47:46.0432 0392 AudioEndpointBuilder - ok 20:47:46.0432 0392 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 20:47:46.0463 0392 AudioSrv - ok 20:47:46.0588 0392 AVP - ok 20:47:46.0635 0392 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 20:47:46.0838 0392 AxInstSV - ok 20:47:46.0900 0392 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 20:47:46.0947 0392 b06bdrv - ok 20:47:46.0963 0392 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 20:47:47.0009 0392 b57nd60a - ok 20:47:47.0025 0392 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 20:47:47.0056 0392 BDESVC - ok 20:47:47.0072 0392 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 20:47:47.0134 0392 Beep - ok 20:47:47.0150 0392 BFE - ok 20:47:47.0181 0392 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 20:47:47.0212 0392 BITS - ok 20:47:47.0259 0392 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 20:47:47.0290 0392 blbdrive - ok 20:47:47.0337 0392 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:47:47.0384 0392 bowser - ok 20:47:47.0384 0392 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 20:47:47.0399 0392 BrFiltLo - ok 20:47:47.0415 0392 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 20:47:47.0431 0392 BrFiltUp - ok 20:47:47.0446 0392 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 20:47:47.0477 0392 BridgeMP - ok 20:47:47.0509 0392 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 20:47:47.0524 0392 Browser - ok 20:47:47.0540 0392 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 20:47:47.0571 0392 Brserid - ok 20:47:47.0587 0392 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 20:47:47.0618 0392 BrSerWdm - ok 20:47:47.0618 0392 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 20:47:47.0649 0392 BrUsbMdm - ok 20:47:47.0665 0392 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 20:47:47.0680 0392 BrUsbSer - ok 20:47:47.0743 0392 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe 20:47:47.0758 0392 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning 20:47:47.0758 0392 BrYNSvc - detected UnsignedFile.Multi.Generic (1) 20:47:47.0789 0392 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 20:47:47.0821 0392 BTHMODEM - ok 20:47:47.0836 0392 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 20:47:47.0867 0392 bthserv - ok 20:47:47.0883 0392 catchme - ok 20:47:47.0914 0392 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:47:47.0961 0392 cdfs - ok 20:47:47.0992 0392 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 20:47:48.0023 0392 cdrom - ok 20:47:48.0039 0392 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 20:47:48.0086 0392 CertPropSvc - ok 20:47:48.0101 0392 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 20:47:48.0101 0392 circlass - ok 20:47:48.0117 0392 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 20:47:48.0133 0392 CLFS - ok 20:47:48.0179 0392 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:47:48.0195 0392 clr_optimization_v2.0.50727_32 - ok 20:47:48.0226 0392 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:47:48.0226 0392 clr_optimization_v2.0.50727_64 - ok 20:47:48.0320 0392 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:47:48.0367 0392 clr_optimization_v4.0.30319_32 - ok 20:47:48.0429 0392 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:47:48.0445 0392 clr_optimization_v4.0.30319_64 - ok 20:47:48.0445 0392 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 20:47:48.0476 0392 CmBatt - ok 20:47:48.0491 0392 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:47:48.0507 0392 cmdide - ok 20:47:48.0554 0392 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 20:47:48.0601 0392 CNG - ok 20:47:48.0616 0392 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 20:47:48.0632 0392 Compbatt - ok 20:47:48.0647 0392 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 20:47:48.0663 0392 CompositeBus - ok 20:47:48.0679 0392 COMSysApp - ok 20:47:48.0679 0392 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 20:47:48.0694 0392 crcdisk - ok 20:47:48.0710 0392 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:47:48.0741 0392 CryptSvc - ok 20:47:48.0819 0392 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 20:47:48.0835 0392 cvhsvc - ok 20:47:48.0897 0392 [ 7F5CD87CA5BDB4D83F992D8C77201483 ] CyberLink PowerDVD 10 MS Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe 20:47:48.0913 0392 CyberLink PowerDVD 10 MS Monitor Service - ok 20:47:48.0928 0392 [ 9FAF58E876A3B1DB3030A0A5805F2D86 ] CyberLink PowerDVD 10 MS Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe 20:47:48.0944 0392 CyberLink PowerDVD 10 MS Service - ok 20:47:48.0959 0392 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:47:49.0006 0392 DcomLaunch - ok 20:47:49.0022 0392 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 20:47:49.0069 0392 defragsvc - ok 20:47:49.0084 0392 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:47:49.0115 0392 DfsC - ok 20:47:49.0115 0392 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 20:47:49.0147 0392 Dhcp - ok 20:47:49.0162 0392 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 20:47:49.0209 0392 discache - ok 20:47:49.0225 0392 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 20:47:49.0240 0392 Disk - ok 20:47:49.0287 0392 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:47:49.0303 0392 Dnscache - ok 20:47:49.0318 0392 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 20:47:49.0365 0392 dot3svc - ok 20:47:49.0365 0392 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 20:47:49.0396 0392 DPS - ok 20:47:49.0443 0392 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:47:49.0459 0392 drmkaud - ok 20:47:49.0490 0392 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:47:49.0505 0392 DXGKrnl - ok 20:47:49.0521 0392 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 20:47:49.0568 0392 EapHost - ok 20:47:49.0615 0392 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 20:47:49.0661 0392 ebdrv - ok 20:47:49.0708 0392 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 20:47:49.0739 0392 EFS - ok 20:47:49.0771 0392 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:47:49.0817 0392 ehRecvr - ok 20:47:49.0817 0392 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 20:47:49.0849 0392 ehSched - ok 20:47:49.0864 0392 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 20:47:49.0880 0392 elxstor - ok 20:47:49.0880 0392 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:47:49.0911 0392 ErrDev - ok 20:47:49.0927 0392 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 20:47:49.0958 0392 EventSystem - ok 20:47:49.0973 0392 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 20:47:50.0005 0392 exfat - ok 20:47:50.0020 0392 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:47:50.0067 0392 fastfat - ok 20:47:50.0083 0392 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 20:47:50.0114 0392 Fax - ok 20:47:50.0145 0392 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 20:47:50.0161 0392 fdc - ok 20:47:50.0176 0392 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 20:47:50.0207 0392 fdPHost - ok 20:47:50.0207 0392 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 20:47:50.0239 0392 FDResPub - ok 20:47:50.0254 0392 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:47:50.0254 0392 FileInfo - ok 20:47:50.0270 0392 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:47:50.0301 0392 Filetrace - ok 20:47:50.0317 0392 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 20:47:50.0348 0392 flpydisk - ok 20:47:50.0348 0392 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:47:50.0363 0392 FltMgr - ok 20:47:50.0410 0392 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 20:47:50.0441 0392 FontCache - ok 20:47:50.0488 0392 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:47:50.0488 0392 FontCache3.0.0.0 - ok 20:47:50.0504 0392 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 20:47:50.0504 0392 FsDepends - ok 20:47:50.0551 0392 [ B16B626996C74B564005BA855C5DEE90 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 20:47:50.0566 0392 fssfltr - ok 20:47:50.0644 0392 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 20:47:50.0675 0392 fsssvc - ok 20:47:50.0722 0392 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:47:50.0722 0392 Fs_Rec - ok 20:47:50.0753 0392 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 20:47:50.0769 0392 fvevol - ok 20:47:50.0769 0392 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 20:47:50.0785 0392 gagp30kx - ok 20:47:50.0800 0392 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 20:47:50.0831 0392 gpsvc - ok 20:47:50.0878 0392 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:47:50.0894 0392 gupdate - ok 20:47:50.0909 0392 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:47:50.0909 0392 gupdatem - ok 20:47:50.0925 0392 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 20:47:50.0941 0392 hcw85cir - ok 20:47:50.0987 0392 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 20:47:51.0019 0392 HdAudAddService - ok 20:47:51.0050 0392 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 20:47:51.0065 0392 HDAudBus - ok 20:47:51.0081 0392 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 20:47:51.0097 0392 HidBatt - ok 20:47:51.0112 0392 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 20:47:51.0143 0392 HidBth - ok 20:47:51.0159 0392 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 20:47:51.0175 0392 HidIr - ok 20:47:51.0190 0392 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 20:47:51.0221 0392 hidserv - ok 20:47:51.0237 0392 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:47:51.0253 0392 HidUsb - ok 20:47:51.0268 0392 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:47:51.0299 0392 hkmsvc - ok 20:47:51.0315 0392 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 20:47:51.0331 0392 HomeGroupListener - ok 20:47:51.0346 0392 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 20:47:51.0362 0392 HomeGroupProvider - ok 20:47:51.0377 0392 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 20:47:51.0393 0392 HpSAMD - ok 20:47:51.0409 0392 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:47:51.0455 0392 HTTP - ok 20:47:51.0471 0392 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 20:47:51.0471 0392 hwpolicy - ok 20:47:51.0487 0392 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 20:47:51.0502 0392 i8042prt - ok 20:47:51.0502 0392 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 20:47:51.0518 0392 iaStorV - ok 20:47:51.0565 0392 [ F85EB9654B4C771470CD13A0A170D3B9 ] IBUpdaterService C:\Windows\system32\dmwu.exe 20:47:51.0596 0392 IBUpdaterService - ok 20:47:51.0627 0392 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:47:51.0658 0392 idsvc - ok 20:47:51.0721 0392 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 20:47:51.0830 0392 igfx - ok 20:47:51.0845 0392 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 20:47:51.0861 0392 iirsp - ok 20:47:51.0877 0392 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 20:47:51.0923 0392 IKEEXT - ok 20:47:52.0017 0392 [ 21F54139C93FC595902B58ED947D47D5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 20:47:52.0079 0392 IntcAzAudAddService - ok 20:47:52.0095 0392 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 20:47:52.0095 0392 intelide - ok 20:47:52.0126 0392 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys 20:47:52.0142 0392 intelppm - ok 20:47:52.0173 0392 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:47:52.0204 0392 IPBusEnum - ok 20:47:52.0220 0392 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:47:52.0251 0392 IpFilterDriver - ok 20:47:52.0267 0392 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:47:52.0298 0392 iphlpsvc - ok 20:47:52.0313 0392 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 20:47:52.0345 0392 IPMIDRV - ok 20:47:52.0376 0392 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 20:47:52.0391 0392 IPNAT - ok 20:47:52.0423 0392 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:47:52.0438 0392 IRENUM - ok 20:47:52.0454 0392 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:47:52.0454 0392 isapnp - ok 20:47:52.0469 0392 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 20:47:52.0485 0392 iScsiPrt - ok 20:47:52.0485 0392 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 20:47:52.0501 0392 kbdclass - ok 20:47:52.0516 0392 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 20:47:52.0532 0392 kbdhid - ok 20:47:52.0532 0392 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 20:47:52.0547 0392 KeyIso - ok 20:47:52.0579 0392 [ 8B5219318DF5895ABD230C373F2DF18A ] KL1 C:\Windows\system32\DRIVERS\kl1.sys 20:47:52.0594 0392 KL1 - ok 20:47:52.0625 0392 [ 2CBD248370721DCAD632DB70D09C5A6D ] KLIF C:\Windows\system32\DRIVERS\klif.sys 20:47:52.0641 0392 KLIF - ok 20:47:52.0672 0392 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys 20:47:52.0672 0392 KLIM6 - ok 20:47:52.0703 0392 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys 20:47:52.0703 0392 klkbdflt - ok 20:47:52.0719 0392 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys 20:47:52.0719 0392 klmouflt - ok 20:47:52.0735 0392 [ 982974975E679276F0FA39EFA331A268 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys 20:47:52.0750 0392 kltdi - ok 20:47:52.0766 0392 [ 1FCB657B581CC4DF17FD6571F93602DE ] kneps C:\Windows\system32\DRIVERS\kneps.sys 20:47:52.0781 0392 kneps - ok 20:47:52.0828 0392 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:47:52.0844 0392 KSecDD - ok 20:47:52.0844 0392 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 20:47:52.0859 0392 KSecPkg - ok 20:47:52.0875 0392 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 20:47:52.0906 0392 ksthunk - ok 20:47:52.0922 0392 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 20:47:52.0953 0392 KtmRm - ok 20:47:52.0969 0392 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 20:47:53.0015 0392 LanmanServer - ok 20:47:53.0047 0392 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:47:53.0078 0392 LanmanWorkstation - ok 20:47:53.0093 0392 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:47:53.0109 0392 lltdio - ok 20:47:53.0125 0392 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:47:53.0156 0392 lltdsvc - ok 20:47:53.0171 0392 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:47:53.0203 0392 lmhosts - ok 20:47:53.0218 0392 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 20:47:53.0234 0392 LSI_FC - ok 20:47:53.0234 0392 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 20:47:53.0249 0392 LSI_SAS - ok 20:47:53.0265 0392 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 20:47:53.0281 0392 LSI_SAS2 - ok 20:47:53.0296 0392 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 20:47:53.0312 0392 LSI_SCSI - ok 20:47:53.0312 0392 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 20:47:53.0359 0392 luafv - ok 20:47:53.0374 0392 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:47:53.0390 0392 Mcx2Svc - ok 20:47:53.0405 0392 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 20:47:53.0405 0392 megasas - ok 20:47:53.0437 0392 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 20:47:53.0452 0392 MegaSR - ok 20:47:53.0499 0392 [ 8A43D23ACE2E8C95A2D87B6E9599DEDA ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe 20:47:53.0499 0392 MemeoBackgroundService - ok 20:47:53.0515 0392 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 20:47:53.0561 0392 MMCSS - ok 20:47:53.0561 0392 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 20:47:53.0608 0392 Modem - ok 20:47:53.0608 0392 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:47:53.0624 0392 monitor - ok 20:47:53.0639 0392 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:47:53.0655 0392 mouclass - ok 20:47:53.0671 0392 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:47:53.0686 0392 mouhid - ok 20:47:53.0702 0392 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 20:47:53.0702 0392 mountmgr - ok 20:47:53.0733 0392 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 20:47:53.0733 0392 MozillaMaintenance - ok 20:47:53.0749 0392 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 20:47:53.0764 0392 mpio - ok 20:47:53.0780 0392 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:47:53.0795 0392 mpsdrv - ok 20:47:53.0811 0392 MpsSvc - ok 20:47:53.0811 0392 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:47:53.0842 0392 MRxDAV - ok 20:47:53.0889 0392 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:47:53.0905 0392 mrxsmb - ok 20:47:53.0920 0392 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:47:53.0936 0392 mrxsmb10 - ok 20:47:53.0951 0392 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:47:53.0967 0392 mrxsmb20 - ok 20:47:53.0983 0392 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 20:47:53.0998 0392 msahci - ok 20:47:54.0014 0392 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:47:54.0029 0392 msdsm - ok 20:47:54.0045 0392 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 20:47:54.0061 0392 MSDTC - ok 20:47:54.0076 0392 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:47:54.0092 0392 Msfs - ok 20:47:54.0107 0392 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 20:47:54.0139 0392 mshidkmdf - ok 20:47:54.0139 0392 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:47:54.0154 0392 msisadrv - ok 20:47:54.0170 0392 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:47:54.0201 0392 MSiSCSI - ok 20:47:54.0201 0392 msiserver - ok 20:47:54.0217 0392 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:47:54.0248 0392 MSKSSRV - ok 20:47:54.0263 0392 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:47:54.0295 0392 MSPCLOCK - ok 20:47:54.0295 0392 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:47:54.0326 0392 MSPQM - ok 20:47:54.0341 0392 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:47:54.0357 0392 MsRPC - ok 20:47:54.0373 0392 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 20:47:54.0373 0392 mssmbios - ok 20:47:54.0388 0392 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:47:54.0419 0392 MSTEE - ok 20:47:54.0435 0392 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 20:47:54.0451 0392 MTConfig - ok 20:47:54.0466 0392 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 20:47:54.0466 0392 Mup - ok 20:47:54.0497 0392 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 20:47:54.0544 0392 napagent - ok 20:47:54.0575 0392 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:47:54.0607 0392 NativeWifiP - ok 20:47:54.0638 0392 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 20:47:54.0653 0392 NDIS - ok 20:47:54.0669 0392 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 20:47:54.0700 0392 NdisCap - ok 20:47:54.0716 0392 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:47:54.0747 0392 NdisTapi - ok 20:47:54.0763 0392 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:47:54.0794 0392 Ndisuio - ok 20:47:54.0809 0392 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:47:54.0841 0392 NdisWan - ok 20:47:54.0856 0392 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:47:54.0872 0392 NDProxy - ok 20:47:54.0887 0392 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:47:54.0919 0392 NetBIOS - ok 20:47:54.0934 0392 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 20:47:54.0950 0392 NetBT - ok 20:47:54.0965 0392 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 20:47:54.0981 0392 Netlogon - ok 20:47:54.0997 0392 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 20:47:55.0043 0392 Netman - ok 20:47:55.0059 0392 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 20:47:55.0090 0392 netprofm - ok 20:47:55.0106 0392 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:47:55.0137 0392 NetTcpPortSharing - ok 20:47:55.0168 0392 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 20:47:55.0168 0392 nfrd960 - ok 20:47:55.0199 0392 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:47:55.0215 0392 NlaSvc - ok 20:47:55.0215 0392 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:47:55.0246 0392 Npfs - ok 20:47:55.0262 0392 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 20:47:55.0293 0392 nsi - ok 20:47:55.0309 0392 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:47:55.0324 0392 nsiproxy - ok 20:47:55.0371 0392 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:47:55.0402 0392 Ntfs - ok 20:47:55.0418 0392 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 20:47:55.0449 0392 Null - ok 20:47:55.0511 0392 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys 20:47:55.0527 0392 NVENETFD - ok 20:47:55.0683 0392 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 20:47:55.0901 0392 nvlddmkm - ok 20:47:55.0933 0392 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:47:55.0933 0392 nvraid - ok 20:47:55.0948 0392 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:47:55.0964 0392 nvstor - ok 20:47:55.0979 0392 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:47:55.0995 0392 nv_agp - ok 20:47:56.0011 0392 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 20:47:56.0026 0392 ohci1394 - ok 20:47:56.0057 0392 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:47:56.0057 0392 ose - ok 20:47:56.0151 0392 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 20:47:56.0245 0392 osppsvc - ok 20:47:56.0260 0392 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 20:47:56.0291 0392 p2pimsvc - ok 20:47:56.0307 0392 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 20:47:56.0323 0392 p2psvc - ok 20:47:56.0338 0392 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 20:47:56.0354 0392 Parport - ok 20:47:56.0401 0392 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:47:56.0416 0392 partmgr - ok 20:47:56.0416 0392 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 20:47:56.0447 0392 PcaSvc - ok 20:47:56.0463 0392 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 20:47:56.0479 0392 pci - ok 20:47:56.0479 0392 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 20:47:56.0494 0392 pciide - ok 20:47:56.0510 0392 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 20:47:56.0525 0392 pcmcia - ok 20:47:56.0541 0392 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 20:47:56.0541 0392 pcw - ok 20:47:56.0557 0392 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:47:56.0603 0392 PEAUTH - ok 20:47:56.0635 0392 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 20:47:56.0666 0392 PerfHost - ok 20:47:56.0697 0392 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 20:47:56.0744 0392 pla - ok 20:47:56.0791 0392 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:47:56.0822 0392 PlugPlay - ok 20:47:56.0822 0392 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 20:47:56.0837 0392 PNRPAutoReg - ok 20:47:56.0853 0392 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 20:47:56.0869 0392 PNRPsvc - ok 20:47:56.0884 0392 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:47:56.0931 0392 PolicyAgent - ok 20:47:56.0931 0392 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 20:47:56.0978 0392 Power - ok 20:47:56.0993 0392 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:47:57.0025 0392 PptpMiniport - ok 20:47:57.0040 0392 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 20:47:57.0056 0392 Processor - ok 20:47:57.0071 0392 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 20:47:57.0103 0392 ProfSvc - ok 20:47:57.0118 0392 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 20:47:57.0118 0392 ProtectedStorage - ok 20:47:57.0134 0392 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 20:47:57.0165 0392 Psched - ok 20:47:57.0196 0392 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 20:47:57.0227 0392 ql2300 - ok 20:47:57.0243 0392 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 20:47:57.0259 0392 ql40xx - ok 20:47:57.0259 0392 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 20:47:57.0290 0392 QWAVE - ok 20:47:57.0290 0392 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:47:57.0305 0392 QWAVEdrv - ok 20:47:57.0321 0392 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:47:57.0352 0392 RasAcd - ok 20:47:57.0368 0392 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 20:47:57.0399 0392 RasAgileVpn - ok 20:47:57.0415 0392 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 20:47:57.0461 0392 RasAuto - ok 20:47:57.0477 0392 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:47:57.0508 0392 Rasl2tp - ok 20:47:57.0508 0392 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 20:47:57.0555 0392 RasMan - ok 20:47:57.0571 0392 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:47:57.0586 0392 RasPppoe - ok 20:47:57.0602 0392 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:47:57.0633 0392 RasSstp - ok 20:47:57.0649 0392 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:47:57.0680 0392 rdbss - ok 20:47:57.0727 0392 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 20:47:57.0742 0392 rdpbus - ok 20:47:57.0758 0392 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:47:57.0789 0392 RDPCDD - ok 20:47:57.0820 0392 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:47:57.0851 0392 RDPENCDD - ok 20:47:57.0851 0392 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 20:47:57.0883 0392 RDPREFMP - ok 20:47:57.0929 0392 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:47:57.0961 0392 RDPWD - ok 20:47:57.0976 0392 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 20:47:57.0992 0392 rdyboost - ok 20:47:58.0007 0392 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:47:58.0054 0392 RemoteAccess - ok 20:47:58.0054 0392 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:47:58.0101 0392 RemoteRegistry - ok 20:47:58.0117 0392 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 20:47:58.0148 0392 RpcEptMapper - ok 20:47:58.0163 0392 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 20:47:58.0179 0392 RpcLocator - ok 20:47:58.0195 0392 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 20:47:58.0226 0392 RpcSs - ok 20:47:58.0226 0392 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:47:58.0273 0392 rspndr - ok 20:47:58.0335 0392 [ 39A719875F572241C585A629EE62EB14 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 20:47:58.0351 0392 RTL8167 - ok 20:47:58.0397 0392 [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys 20:47:58.0413 0392 RTL8192su - ok 20:47:58.0429 0392 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 20:47:58.0444 0392 SamSs - ok 20:47:58.0460 0392 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:47:58.0475 0392 sbp2port - ok 20:47:58.0491 0392 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:47:58.0522 0392 SCardSvr - ok 20:47:58.0522 0392 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 20:47:58.0553 0392 scfilter - ok 20:47:58.0569 0392 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 20:47:58.0631 0392 Schedule - ok 20:47:58.0647 0392 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 20:47:58.0663 0392 SCPolicySvc - ok 20:47:58.0678 0392 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:47:58.0694 0392 SDRSVC - ok 20:47:58.0709 0392 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:47:58.0741 0392 secdrv - ok 20:47:58.0741 0392 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 20:47:58.0772 0392 seclogon - ok 20:47:58.0787 0392 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 20:47:58.0819 0392 SENS - ok 20:47:58.0834 0392 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 20:47:58.0850 0392 SensrSvc - ok 20:47:58.0881 0392 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 20:47:58.0897 0392 Serenum - ok 20:47:58.0897 0392 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 20:47:58.0912 0392 Serial - ok 20:47:58.0943 0392 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 20:47:58.0959 0392 sermouse - ok 20:47:58.0990 0392 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 20:47:59.0021 0392 SessionEnv - ok 20:47:59.0021 0392 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:47:59.0053 0392 sffdisk - ok 20:47:59.0053 0392 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:47:59.0068 0392 sffp_mmc - ok 20:47:59.0084 0392 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:47:59.0084 0392 sffp_sd - ok 20:47:59.0099 0392 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 20:47:59.0115 0392 sfloppy - ok 20:47:59.0146 0392 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys 20:47:59.0177 0392 Sftfs - ok 20:47:59.0224 0392 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 20:47:59.0240 0392 sftlist - ok 20:47:59.0255 0392 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys 20:47:59.0271 0392 Sftplay - ok 20:47:59.0271 0392 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys 20:47:59.0287 0392 Sftredir - ok 20:47:59.0302 0392 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys 20:47:59.0318 0392 Sftvol - ok 20:47:59.0318 0392 sftvsa - ok 20:47:59.0349 0392 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:47:59.0380 0392 SharedAccess - ok 20:47:59.0396 0392 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:47:59.0427 0392 ShellHWDetection - ok 20:47:59.0443 0392 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 20:47:59.0458 0392 SiSRaid2 - ok 20:47:59.0458 0392 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 20:47:59.0474 0392 SiSRaid4 - ok 20:47:59.0505 0392 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:47:59.0536 0392 Smb - ok 20:47:59.0552 0392 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:47:59.0583 0392 SNMPTRAP - ok 20:47:59.0583 0392 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 20:47:59.0599 0392 spldr - ok 20:47:59.0630 0392 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 20:47:59.0661 0392 Spooler - ok 20:47:59.0708 0392 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 20:47:59.0801 0392 sppsvc - ok 20:47:59.0801 0392 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 20:47:59.0833 0392 sppuinotify - ok 20:47:59.0879 0392 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 20:47:59.0911 0392 srv - ok 20:47:59.0942 0392 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:47:59.0957 0392 srv2 - ok 20:47:59.0989 0392 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:48:00.0004 0392 srvnet - ok 20:48:00.0035 0392 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:48:00.0067 0392 SSDPSRV - ok 20:48:00.0067 0392 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:48:00.0098 0392 SstpSvc - ok 20:48:00.0113 0392 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 20:48:00.0129 0392 stexstor - ok 20:48:00.0160 0392 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 20:48:00.0191 0392 stisvc - ok 20:48:00.0191 0392 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 20:48:00.0207 0392 swenum - ok 20:48:00.0223 0392 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 20:48:00.0269 0392 swprv - ok 20:48:00.0285 0392 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 20:48:00.0332 0392 SysMain - ok 20:48:00.0347 0392 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:48:00.0379 0392 TabletInputService - ok 20:48:00.0394 0392 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 20:48:00.0425 0392 TapiSrv - ok 20:48:00.0425 0392 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 20:48:00.0457 0392 TBS - ok 20:48:00.0488 0392 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:48:00.0535 0392 Tcpip - ok 20:48:00.0566 0392 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 20:48:00.0597 0392 TCPIP6 - ok 20:48:00.0613 0392 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:48:00.0628 0392 tcpipreg - ok 20:48:00.0644 0392 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:48:00.0675 0392 TDPIPE - ok 20:48:00.0706 0392 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:48:00.0722 0392 TDTCP - ok 20:48:00.0737 0392 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:48:00.0769 0392 tdx - ok 20:48:00.0784 0392 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 20:48:00.0800 0392 TermDD - ok 20:48:00.0815 0392 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 20:48:00.0847 0392 TermService - ok 20:48:00.0862 0392 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 20:48:00.0878 0392 Themes - ok 20:48:00.0893 0392 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 20:48:00.0925 0392 THREADORDER - ok 20:48:00.0925 0392 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 20:48:00.0956 0392 TrkWks - ok 20:48:01.0003 0392 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:48:01.0034 0392 TrustedInstaller - ok 20:48:01.0049 0392 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:48:01.0081 0392 tssecsrv - ok 20:48:01.0096 0392 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 20:48:01.0112 0392 TsUsbFlt - ok 20:48:01.0127 0392 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 20:48:01.0143 0392 TsUsbGD - ok 20:48:01.0174 0392 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:48:01.0190 0392 tunnel - ok 20:48:01.0221 0392 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 20:48:01.0221 0392 uagp35 - ok 20:48:01.0237 0392 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:48:01.0283 0392 udfs - ok 20:48:01.0299 0392 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:48:01.0315 0392 UI0Detect - ok 20:48:01.0330 0392 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:48:01.0346 0392 uliagpkx - ok 20:48:01.0361 0392 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 20:48:01.0377 0392 umbus - ok 20:48:01.0393 0392 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 20:48:01.0424 0392 UmPass - ok 20:48:01.0439 0392 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 20:48:01.0471 0392 upnphost - ok 20:48:01.0486 0392 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:48:01.0502 0392 usbccgp - ok 20:48:01.0517 0392 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:48:01.0533 0392 usbcir - ok 20:48:01.0549 0392 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 20:48:01.0580 0392 usbehci - ok 20:48:01.0642 0392 [ 33A58C5630200E17B51C8D73DD64181B ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys 20:48:01.0658 0392 usbfilter - ok 20:48:01.0673 0392 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:48:01.0689 0392 usbhub - ok 20:48:01.0705 0392 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 20:48:01.0720 0392 usbohci - ok 20:48:01.0736 0392 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 20:48:01.0751 0392 usbprint - ok 20:48:01.0751 0392 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:48:01.0767 0392 USBSTOR - ok 20:48:01.0783 0392 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 20:48:01.0783 0392 usbuhci - ok 20:48:01.0798 0392 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 20:48:01.0829 0392 UxSms - ok 20:48:01.0845 0392 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 20:48:01.0861 0392 VaultSvc - ok 20:48:01.0861 0392 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 20:48:01.0876 0392 vdrvroot - ok 20:48:01.0892 0392 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 20:48:01.0923 0392 vds - ok 20:48:01.0939 0392 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:48:01.0954 0392 vga - ok 20:48:01.0954 0392 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 20:48:01.0985 0392 VgaSave - ok 20:48:02.0017 0392 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 20:48:02.0017 0392 vhdmp - ok 20:48:02.0048 0392 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 20:48:02.0048 0392 viaide - ok 20:48:02.0063 0392 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:48:02.0063 0392 volmgr - ok 20:48:02.0079 0392 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:48:02.0095 0392 volmgrx - ok 20:48:02.0095 0392 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:48:02.0110 0392 volsnap - ok 20:48:02.0126 0392 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 20:48:02.0141 0392 vsmraid - ok 20:48:02.0173 0392 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 20:48:02.0235 0392 VSS - ok 20:48:02.0251 0392 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 20:48:02.0266 0392 vwifibus - ok 20:48:02.0282 0392 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 20:48:02.0313 0392 vwififlt - ok 20:48:02.0329 0392 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 20:48:02.0375 0392 W32Time - ok 20:48:02.0391 0392 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 20:48:02.0391 0392 WacomPen - ok 20:48:02.0407 0392 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 20:48:02.0438 0392 WANARP - ok 20:48:02.0438 0392 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:48:02.0469 0392 Wanarpv6 - ok 20:48:02.0500 0392 [ 63D7250ED2C2E3CD9B11139A608D6C39 ] watchmi C:\Program Files (x86)\watchmi\TvdService.exe 20:48:02.0516 0392 watchmi ( UnsignedFile.Multi.Generic ) - warning 20:48:02.0516 0392 watchmi - detected UnsignedFile.Multi.Generic (1) 20:48:02.0547 0392 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 20:48:02.0594 0392 wbengine - ok 20:48:02.0609 0392 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 20:48:02.0625 0392 WbioSrvc - ok 20:48:02.0641 0392 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:48:02.0687 0392 wcncsvc - ok 20:48:02.0687 0392 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:48:02.0719 0392 WcsPlugInService - ok 20:48:02.0734 0392 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 20:48:02.0750 0392 Wd - ok 20:48:02.0781 0392 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:48:02.0797 0392 Wdf01000 - ok 20:48:02.0812 0392 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:48:02.0875 0392 WdiServiceHost - ok 20:48:02.0875 0392 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:48:02.0890 0392 WdiSystemHost - ok 20:48:02.0906 0392 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 20:48:02.0937 0392 WebClient - ok 20:48:02.0953 0392 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:48:02.0999 0392 Wecsvc - ok 20:48:03.0015 0392 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:48:03.0046 0392 wercplsupport - ok 20:48:03.0077 0392 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 20:48:03.0093 0392 WerSvc - ok 20:48:03.0109 0392 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 20:48:03.0140 0392 WfpLwf - ok 20:48:03.0140 0392 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 20:48:03.0155 0392 WIMMount - ok 20:48:03.0155 0392 WinDefend - ok 20:48:03.0171 0392 WinHttpAutoProxySvc - ok 20:48:03.0218 0392 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:48:03.0265 0392 Winmgmt - ok 20:48:03.0296 0392 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 20:48:03.0358 0392 WinRM - ok 20:48:03.0374 0392 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 20:48:03.0405 0392 Wlansvc - ok 20:48:03.0483 0392 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 20:48:03.0530 0392 wlidsvc - ok 20:48:03.0545 0392 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 20:48:03.0561 0392 WmiAcpi - ok 20:48:03.0577 0392 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:48:03.0592 0392 wmiApSrv - ok 20:48:03.0608 0392 WMPNetworkSvc - ok 20:48:03.0623 0392 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:48:03.0639 0392 WPCSvc - ok 20:48:03.0655 0392 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:48:03.0686 0392 WPDBusEnum - ok 20:48:03.0686 0392 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:48:03.0717 0392 ws2ifsl - ok 20:48:03.0733 0392 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 20:48:03.0748 0392 wscsvc - ok 20:48:03.0779 0392 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 20:48:03.0795 0392 WSDPrintDevice - ok 20:48:03.0795 0392 WSearch - ok 20:48:03.0826 0392 [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA ] wsvd C:\Windows\system32\DRIVERS\wsvd.sys 20:48:03.0826 0392 wsvd - ok 20:48:03.0889 0392 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 20:48:03.0951 0392 wuauserv - ok 20:48:03.0967 0392 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 20:48:03.0998 0392 WudfPf - ok 20:48:04.0013 0392 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:48:04.0045 0392 WUDFRd - ok 20:48:04.0045 0392 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:48:04.0060 0392 wudfsvc - ok 20:48:04.0091 0392 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 20:48:04.0107 0392 WwanSvc - ok 20:48:04.0138 0392 ================ Scan global =============================== 20:48:04.0154 0392 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 20:48:04.0169 0392 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 20:48:04.0185 0392 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 20:48:04.0185 0392 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 20:48:04.0201 0392 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 20:48:04.0216 0392 [Global] - ok 20:48:04.0216 0392 ================ Scan MBR ================================== 20:48:04.0216 0392 [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0 20:48:06.0026 0392 \Device\Harddisk0\DR0 - ok 20:48:06.0026 0392 [ 0C5D2AC9BA3C70DD35D5B405B2CB0429 ] \Device\Harddisk4\DR4 20:48:06.0977 0392 \Device\Harddisk4\DR4 - ok 20:48:06.0977 0392 ================ Scan VBR ================================== 20:48:06.0977 0392 [ 936D6E1E3B42C0F6599AA5F075C878E5 ] \Device\Harddisk0\DR0\Partition1 20:48:06.0977 0392 \Device\Harddisk0\DR0\Partition1 - ok 20:48:06.0993 0392 [ 4993626D5E885B3541AE4E9A7F708F20 ] \Device\Harddisk0\DR0\Partition2 20:48:06.0993 0392 \Device\Harddisk0\DR0\Partition2 - ok 20:48:07.0024 0392 [ A39A13EC2C80736C96AE795F1E13A7A9 ] \Device\Harddisk0\DR0\Partition3 20:48:07.0024 0392 \Device\Harddisk0\DR0\Partition3 - ok 20:48:07.0024 0392 ============================================================ 20:48:07.0024 0392 Scan finished 20:48:07.0024 0392 ============================================================ 20:48:07.0040 0120 Detected object count: 2 20:48:07.0040 0120 Actual detected object count: 2 20:49:36.0272 0120 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user 20:49:36.0272 0120 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:49:36.0272 0120 watchmi ( UnsignedFile.Multi.Generic ) - skipped by user 20:49:36.0272 0120 watchmi ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:49:46.0412 2996 Deinitialize success |
|
08.05.2013, 20:22
| #13 |
| /// Malware-holic | Sicherheitscenter streikt ! Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.05.2013, 17:55
| #14 |
| | Sicherheitscenter streikt ! Hallo, malwarebytes - logfile : Malwarebytes Anti-Malware (Test) 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.04.04.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16540 Geisens :: GEISENS-PC [Administrator] Schutz: Aktiviert 09.05.2013 18:01:28 mbam-log-2013-05-09 (18-01-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 427875 Laufzeit: 45 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
11.05.2013, 09:06
| #15 |
| | Sicherheitscenter streikt ! Malwarebytes zeigt an, das es seit 36 Tagen veraltet ist. Wenn ich aktualisieren möchte kommt eine Fehlermeldung: Program_error_updating (0,0,no address found) hab dann ohne aktualisierung den vollständigen Suchlauf durchführen lassen Gruß mamut |
|
| Themen zu Sicherheitscenter streikt ! |
| adobe, avp, browser, combofix, converter, explorer, firefox, flash player, generic, google, helper, home, internet, internet explorer, internet security 2013, kaspersky, kaspersky internet security 2013, monitor, mozilla, port, realtek, security, software, svchost, system, usb, windows |
