| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in FirefoxWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.06.2013, 10:08
| #1 |
 |  Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox Hallo, seit Kurzem tauchen bei mir in Firefox auf den meisten Seiten große Werbebanner am linken und/oder unteren Rand auf. Klickt man hier auf einen Button, gelangt man auf eine Seite, auf der beschrieben wird, um was es sich hierbei handelt: angeblich personalisierte Werbung namens "Topic Torch" oder "iReview". Diese soll man auch beseitigen können, indem man ein Programm namens Yontoo über die Systemsteuerung deinstalliert. Beim Versuch erscheint aber immer der Fehler "Setup initialization error". Hier also mal meine OTL- und Gmer-Logs. Seltsam hierbei: Ich kann seit neustem scheinbar nichts mehr auf dem Desktop speichern, weil "geschützt" oder ähnliches. OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.06.2013 11:23:24 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Freddy\Desktop\V-Scanner Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,24 Gb Available Physical Memory | 11,82% Memory free 4,22 Gb Paging File | 1,56 Gb Available in Paging File | 37,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 14,14 Gb Free Space | 18,97% Space Free | Partition Type: NTFS Drive D: | 644,90 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 73,06 Gb Total Space | 55,69 Gb Free Space | 76,23% Space Free | Partition Type: NTFS Computer Name: HOME-PC | User Name: Freddy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.18 11:22:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Freddy\Desktop\V-Scanner\OTL.exe PRC - [2013.06.12 01:02:49 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Freddy\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.05.24 04:58:21 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2013.05.21 17:17:01 | 001,226,928 | ---- | M] (AVG Secure Search) -- C:\Program Files\AVG Secure Search\vprot.exe PRC - [2013.05.21 17:17:01 | 001,015,984 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe PRC - [2013.05.16 19:10:55 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE PRC - [2013.05.14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.01 06:11:08 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\Freddy\AppData\Roaming\Yontoo\YontooDesktop.exe PRC - [2013.05.01 06:11:08 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe PRC - [2013.04.29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe PRC - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe PRC - [2013.04.04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe PRC - [2013.03.28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe PRC - [2013.03.18 17:47:58 | 000,448,736 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe PRC - [2013.03.18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe PRC - [2013.02.19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe PRC - [2013.02.04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe PRC - [2012.11.22 17:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\HelperService.exe PRC - [2012.11.22 17:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\ConversionService.exe PRC - [2012.10.04 11:56:36 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2012.09.10 15:05:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE PRC - [2011.07.08 22:32:14 | 000,666,696 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe PRC - [2011.03.30 15:57:57 | 000,119,608 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.4\ICQ.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2007.07.20 20:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2007.07.10 09:24:10 | 000,581,632 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe PRC - [2007.07.06 11:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.06.19 15:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2007.04.24 16:00:10 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe PRC - [2007.03.22 17:09:28 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe PRC - [2007.02.05 18:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe PRC - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC207\Monitor.exe PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe ========== Modules (No Company Name) ========== MOD - [2013.06.17 10:38:14 | 000,013,600 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll MOD - [2013.06.12 01:02:46 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll MOD - [2013.05.24 04:58:18 | 003,128,728 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2013.05.21 17:17:02 | 000,158,384 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll MOD - [2013.05.15 22:42:26 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll MOD - [2013.05.15 22:41:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013.02.04 17:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe MOD - [2013.01.11 10:47:44 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013.01.11 10:45:12 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013.01.11 10:42:20 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013.01.11 10:42:01 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2012.11.07 16:25:36 | 000,204,288 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll MOD - [2012.10.05 12:59:03 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.04.30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll MOD - [2011.12.27 04:51:23 | 005,251,072 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009.03.30 06:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2009.03.30 06:42:19 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2009.03.30 06:42:18 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2009.03.30 06:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Users\Freddy\AppData\Roaming\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater) SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2013.06.12 01:02:50 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.24 04:58:19 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.21 17:17:01 | 001,015,984 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0) SRV - [2013.05.14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2012.11.22 17:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.11.22 17:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2012.09.10 15:05:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2011.07.08 22:32:14 | 000,666,696 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.02.05 18:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Freddy\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2013.05.21 17:17:02 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp) DRV - [2013.04.30 01:50:37 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2013.03.29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2013.03.21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2013.03.01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2013.02.08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2013.02.08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx) DRV - [2013.02.08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2013.02.08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2013.02.08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.07.08 22:00:16 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV - [2009.04.11 07:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan) DRV - [2008.05.27 11:41:46 | 000,122,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008.05.27 11:41:46 | 000,117,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) DRV - [2008.05.27 11:41:46 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008.05.27 11:41:46 | 000,090,536 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) DRV - [2008.05.27 11:41:46 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008.05.27 11:41:44 | 000,115,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) DRV - [2008.05.27 11:41:44 | 000,025,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) DRV - [2008.01.19 08:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2007.10.25 18:31:08 | 000,616,064 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207) DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.26 16:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32) DRV - [2007.07.13 16:18:20 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2007.06.18 18:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N) DRV - [2007.01.18 16:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I) DRV - [2007.01.18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2006.12.14 15:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 92 20 C5 A6 F5 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={A8EE4762-FCD9-4514-9A7E-BA061892B70B}&mid=8bb2b9192f3047d69a413f2f749b8d4a-0cc5edd1b954af0b4f8681772ca507c2c2d2e203&lang=de&ds=AVG&pr=fr&d=2012-10-19 18:16:18&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{A3E61A4B-FA03-4F1A-B8A1-EA2C2022E5FE}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: "" FF - prefs.js..extensions.enabledAddons: %7Bdd05fd3d-18df-4ce4-ae53-e795339c5f01%7D:1.21 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02 FF - prefs.js..extensions.enabledAddons: avg%40toolbar:15.2.0.5 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013.05.21 17:17:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.04 11:57:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012.12.20 15:15:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.30 21:55:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.30 21:55:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{BC8B309B-75FF-401C-A4D3-3E779FD88379}: C:\Users\Freddy\AppData\Local\{BC8B309B-75FF-401C-A4D3-3E779FD88379} FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.30 21:55:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.30 21:55:30 | 000,000,000 | ---D | M] [2008.09.02 09:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Freddy\AppData\Roaming\mozilla\Extensions [2013.05.29 11:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions [2010.01.23 01:05:56 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66} [2013.05.29 11:49:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.31 18:20:00 | 000,000,000 | ---D | M] (FIFA Online Web Launcher) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\eafo3fflauncher@ea.com [2013.05.15 16:38:05 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\plugin@yontoo.com [2013.05.09 00:04:14 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Freddy\AppData\Roaming\mozilla\firefox\profiles\grohfmrs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.09.15 14:31:43 | 000,089,388 | ---- | M] () (No name found) -- C:\Users\Freddy\AppData\Roaming\mozilla\firefox\profiles\grohfmrs.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2013.05.24 04:58:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013.05.24 04:58:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.21 17:17:58 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\15.2.0.5 [2009.06.24 13:51:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.10.04 11:56:54 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2013.05.21 17:18:02 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml O1 HOSTS File: ([2012.11.06 18:26:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe (AVG Secure Search) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\Freddy\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC) O4 - Startup: C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Freddy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} file:///C:/Program%20Files/ProENGINEER%20Student%20Edition/i486_nt/obj/pvx_install.exe (Reg Error: Key error.) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDB99B38-9040-4AD3-A534-6A04B83AE8CD}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2000.08.30 22:09:30 | 000,024,576 | R--- | M] () - D:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2009.05.29 01:50:20 | 000,000,074 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.17 11:39:25 | 000,000,000 | R--D | C] -- C:\Users\Freddy\Desktop\V-Scanner [2013.06.11 11:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.06.06 23:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.06.06 23:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.06.06 23:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.06.06 23:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.06.04 16:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony [2013.06.03 17:54:18 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys [2013.05.30 21:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.05.29 01:47:52 | 000,000,000 | ---D | C] -- C:\Users\Freddy\Contacts [2013.05.29 01:32:52 | 000,000,000 | ---D | C] -- C:\Users\Freddy\Documents\Sony Ericsson [2013.05.29 01:12:47 | 000,000,000 | ---D | C] -- C:\Users\Freddy\AppData\Local\Sony Ericsson [2013.05.24 04:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [1 C:\Users\Freddy\Documents\*.tmp files -> C:\Users\Freddy\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.18 11:02:06 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.18 11:02:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.18 10:37:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.17 23:57:32 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.17 23:57:32 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.17 21:02:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.17 11:31:40 | 000,000,156 | ---- | M] () -- C:\Users\Freddy\defogger_reenable [2013.06.17 10:35:46 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2013.06.11 11:13:24 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.06.10 23:47:53 | 000,175,104 | ---- | M] () -- C:\Users\Freddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.06.06 23:28:31 | 000,001,629 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.06.04 16:36:41 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013.06.03 19:16:08 | 000,000,957 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.06.03 19:15:34 | 000,000,927 | ---- | M] () -- C:\Users\Freddy\Desktop\Dropbox.lnk [2013.06.03 17:37:43 | 000,639,460 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.03 17:37:43 | 000,605,014 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.03 17:37:43 | 000,131,274 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.03 17:37:43 | 000,108,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.30 21:54:53 | 000,001,691 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.05.21 17:17:02 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [1 C:\Users\Freddy\Documents\*.tmp files -> C:\Users\Freddy\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.06 23:28:31 | 000,001,629 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.06.04 16:36:41 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013.06.03 19:09:08 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2013.05.30 21:54:53 | 000,001,691 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.04.30 02:26:03 | 000,000,087 | ---- | C] () -- C:\Windows\SIERRA.INI [2013.01.30 00:13:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.02.28 17:21:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.02.28 17:21:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.02.28 17:21:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.02.28 17:21:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.02.28 17:21:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.02.24 17:54:29 | 000,000,156 | ---- | C] () -- C:\Users\Freddy\defogger_reenable [2011.11.11 04:04:47 | 000,000,094 | ---- | C] () -- C:\Users\Freddy\AppData\Local\fusioncache.dat [2011.10.12 03:20:55 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.04.23 20:07:00 | 000,000,120 | ---- | C] () -- C:\Users\Freddy\AppData\Local\Mnubiwa.dat [2011.04.23 20:07:00 | 000,000,000 | ---- | C] () -- C:\Users\Freddy\AppData\Local\Jjuyi.bin [2010.11.26 11:09:06 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.31 18:22:50 | 000,139,152 | ---- | C] () -- C:\Users\Freddy\AppData\Roaming\PnkBstrK.sys [2010.03.11 21:15:39 | 000,017,408 | ---- | C] () -- C:\Users\Freddy\AppData\Local\WebpageIcons.db [2010.02.28 18:29:30 | 000,000,600 | ---- | C] () -- C:\Users\Freddy\PUTTY.RND [2010.01.23 03:48:05 | 000,008,026 | ---- | C] () -- C:\Users\Freddy\AppData\Roaming\.civclientrc [2009.11.23 14:03:32 | 000,001,356 | ---- | C] () -- C:\Users\Freddy\AppData\Local\d3d9caps.dat [2009.02.10 22:33:53 | 000,000,016 | ---- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2 [2008.01.05 19:51:14 | 000,175,104 | ---- | C] () -- C:\Users\Freddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.11.15 19:33:52 | 000,000,016 | ---- | C] () -- C:\Users\Freddy\AppData\Roaming\mxfilerelatedcache.mxc2 [2007.11.15 19:33:52 | 000,000,016 | ---- | C] () -- C:\Users\Freddy\AppData\Local\mxfilerelatedcache.mxc2 [2007.11.15 19:33:48 | 000,000,016 | ---- | C] () -- C:\Users\Freddy\mxfilerelatedcache.mxc2 [2007.11.01 17:45:16 | 000,000,016 | ---- | C] () -- C:\Users\Freddy\persistent_state ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.11.26 03:29:33 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\.freeciv [2010.11.26 09:24:08 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Amazon [2012.12.20 15:15:55 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\APP_NAME_NON_STRING [2011.03.28 19:06:26 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Ashampoo [2012.10.19 18:24:13 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\AVG2013 [2013.06.17 11:18:46 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\DAEMON Tools Lite [2013.06.17 10:39:15 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Dropbox [2011.01.20 18:19:17 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\DVDVideoSoftIEHelpers [2012.10.26 13:11:02 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\ICQ [2008.05.06 02:18:25 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\IT-Sevice Christian Hau [2012.01.10 17:31:08 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Juniper Networks [2012.12.20 16:14:35 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\PDF Architect [2012.12.20 15:14:39 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\pdfforge [2008.04.23 02:15:18 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\PTC [2013.04.10 19:49:28 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\ScummVM [2008.05.06 01:35:34 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\SmartDraw [2009.06.26 16:49:37 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Sony [2008.03.10 22:03:50 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Toshiba [2012.10.19 18:17:36 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\TuneUp Software [2013.06.17 23:04:28 | 000,000,000 | ---D | M] -- C:\Users\Freddy\AppData\Roaming\Yontoo ========== Purity Check ========== < End of report > GMER.txt: Hier habe ich ein Problem. Das Textfile ist unglaublich lang (der Scan allein hat über 9 Stunden gedauert, ich vermute mal das ist ungewöhnlich?). Scheinbar auch zu lang, um es hier einfach im Text zu posten. Deswegen hänge ich es mal an. Ein Extras.txt wurde bei OTL nicht ausgegeben, habe ich dort etwas falsch gemacht? Vielen Dank schonmal für Eure Hilfe und viele Grüße Freddy Geändert von Ajin (19.06.2013 um 10:14 Uhr) Grund: GMER-Log zu groß |
|
19.06.2013, 10:12
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
19.06.2013, 10:49
| #3 |
| | Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox Hallo,
__________________ich hatte ja eigentlich noch angekündigt, den Gmer-Scan anzuhängen. Der ist aber tatsächlich 17,7MB groß. Also wohl auch als Anhang zu groß. Von Malwarebytes habe ich noch 7 Logdateien, 5 davon aus 2012, eine aus 2010, eine aus 2009. Soll ich die alle posten? Und falls ja, als Anhang oder direkt hier in den Thread? Die Ergebnisse meines Virenscanners (AVG) reichen bis Oktober 2012 zurück, darunter 4 Scans mit Funden, der letzte vom 22.05.2013. Habe allerdings noch keine Möglichkeit gefunden, die in Textform zu exportieren. Soll ich die Funde dann einfach per Hand in den Thread übertragen? Viele Grüße Freddy Edit: Habe gerade in einem Ordner names _OTL noch eine Art Log-File entdeckt, aus dem Februar 2012. Ist die auch relevant? Geändert von Ajin (19.06.2013 um 10:58 Uhr) Grund: Noch eine Logfile entdeckt |
|
19.06.2013, 11:08
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox Eigentlich sind die älteren Log irrelevant. Aber du kannst ja einfachmal alles posten was du da hast
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.06.2013, 12:22
| #5 |
| | Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox Die Logs sind im Anhang. Hier noch die Funde von AVG: 22.05.2013: Code:
ATTFilter Adware: Generic5.ZUV, C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll";"Gesichert"
Code:
ATTFilter Virus gefunden: Script/PDF.Exploit, C:\Users\Freddy\AppData\Local\Mozilla\Firefox\Profiles\grohfmrs.default\Cache\3\33\6FF25d01";"Gesichert"
Code:
ATTFilter Beschädigte ausführbare Datei, C:\Users\Freddy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S0HLU7J2\install_flashplayer11x32au_gtba_chra_dy_aih[1].exe";"Gesichert"
Beschädigte ausführbare Datei, C:\Users\Freddy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UQ7WEQ2B\install_flashplayer11x32au_gtba_chra_dy_aih[1].exe";"Gesichert"
Code:
ATTFilter Beschädigte ausführbare Datei, C:\Users\Freddy\AppData\Local\temp\SCC.dll";"Gesichert"
Beschädigte ausführbare Datei, C:\Users\Freddy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MMFP02W8\SCC[1].dll";"Gesichert"
Beschädigte ausführbare Datei, C:\Users\Freddy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MTMO6KZL\SCC[1].dll";"Gesichert"
|
|
19.06.2013, 12:25
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox |
|
19.06.2013, 14:17
| #7 |
| | Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox So, die mbar-log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.06.19.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Freddy :: HOME-PC [administrator]
19.06.2013 13:52:18
mbar-log-2013-06-19 (13-52-18).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 214863
Time elapsed: 30 minute(s), 24 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-19 14:35:39
-----------------------------
14:35:39.130 OS Version: Windows 6.0.6002 Service Pack 2
14:35:39.130 Number of processors: 2 586 0xF0D
14:35:39.130 ComputerName: HOME-PC UserName: Freddy
14:35:41.345 Initialize success
14:35:45.261 AVAST engine download error: 0
14:35:55.541 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:35:55.557 Disk 0 Vendor: TOSHIBA_ DL03 Size: 152627MB BusType: 3
14:35:55.728 Disk 0 MBR read successfully
14:35:55.744 Disk 0 MBR scan
14:35:55.744 Disk 0 Windows VISTA default MBR code
14:35:55.760 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:35:55.791 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76313 MB offset 3074048
14:35:55.806 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 74812 MB offset 159363072
14:35:55.822 Disk 0 scanning sectors +312578048
14:35:56.104 Disk 0 scanning C:\Windows\system32\drivers
14:36:09.960 Service scanning
14:36:38.134 Modules scanning
14:37:02.504 Disk 0 trace - called modules:
14:37:03.050 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
14:37:03.066 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b671f8]
14:37:03.082 3 CLASSPNP.SYS[8890f8b3] -> nt!IofCallDriver -> [0x8582b798]
14:37:03.097 5 acpi.sys[806a66bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85815030]
14:37:03.113 Scan finished successfully
14:54:10.442 Disk 0 MBR has been saved successfully to "C:\Users\Freddy\Desktop\MBR.dat"
14:54:10.458 The log file has been saved successfully to "C:\Users\Freddy\Desktop\aswMBR.txt"
Code:
ATTFilter 15:03:23.0052 5300 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:03:23.0443 5300 ============================================================
15:03:23.0443 5300 Current date / time: 2013/06/19 15:03:23.0443
15:03:23.0443 5300 SystemInfo:
15:03:23.0443 5300
15:03:23.0443 5300 OS Version: 6.0.6002 ServicePack: 2.0
15:03:23.0443 5300 Product type: Workstation
15:03:23.0443 5300 ComputerName: HOME-PC
15:03:23.0443 5300 UserName: Freddy
15:03:23.0443 5300 Windows directory: C:\Windows
15:03:23.0443 5300 System windows directory: C:\Windows
15:03:23.0443 5300 Processor architecture: Intel x86
15:03:23.0443 5300 Number of processors: 2
15:03:23.0443 5300 Page size: 0x1000
15:03:23.0443 5300 Boot type: Normal boot
15:03:23.0443 5300 ============================================================
15:03:24.0599 5300 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x209CD, SectorsPerTrack: 0x1A, TracksPerCylinder: 0x5A, Type 'K0', Flags 0x00000050
15:03:24.0630 5300 ============================================================
15:03:24.0630 5300 \Device\Harddisk0\DR0:
15:03:24.0630 5300 MBR partitions:
15:03:24.0630 5300 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x950C800
15:03:24.0630 5300 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x97FB000, BlocksNum 0x921E000
15:03:24.0630 5300 ============================================================
15:03:24.0661 5300 C: <-> \Device\Harddisk0\DR0\Partition1
15:03:24.0755 5300 E: <-> \Device\Harddisk0\DR0\Partition2
15:03:24.0771 5300 ============================================================
15:03:24.0771 5300 Initialize success
15:03:24.0771 5300 ============================================================
15:03:56.0690 4620 ============================================================
15:03:56.0690 4620 Scan started
15:03:56.0690 4620 Mode: Manual; SigCheck; TDLFS;
15:03:56.0690 4620 ============================================================
15:03:57.0330 4620 ================ Scan system memory ========================
15:03:57.0330 4620 System memory - ok
15:03:57.0330 4620 ================ Scan services =============================
15:03:57.0486 4620 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:03:57.0782 4620 !SASCORE ( UnsignedFile.Multi.Generic ) - warning
15:03:57.0782 4620 !SASCORE - detected UnsignedFile.Multi.Generic (1)
15:03:58.0141 4620 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
15:03:58.0188 4620 ACPI - ok
15:03:58.0313 4620 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:03:58.0344 4620 AdobeARMservice - ok
15:03:58.0547 4620 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:03:58.0593 4620 AdobeFlashPlayerUpdateSvc - ok
15:03:58.0656 4620 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:03:58.0718 4620 adp94xx - ok
15:03:58.0749 4620 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:03:58.0796 4620 adpahci - ok
15:03:58.0827 4620 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:03:58.0859 4620 adpu160m - ok
15:03:58.0890 4620 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:03:58.0921 4620 adpu320 - ok
15:03:58.0983 4620 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:03:59.0155 4620 AeLookupSvc - ok
15:03:59.0233 4620 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
15:03:59.0327 4620 AFD - ok
15:03:59.0389 4620 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
15:03:59.0483 4620 AgereModemAudio - ok
15:03:59.0623 4620 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
15:03:59.0732 4620 AgereSoftModem - ok
15:03:59.0779 4620 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:03:59.0810 4620 agp440 - ok
15:03:59.0857 4620 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:03:59.0888 4620 aic78xx - ok
15:03:59.0935 4620 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
15:04:00.0122 4620 ALG - ok
15:04:00.0138 4620 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
15:04:00.0169 4620 aliide - ok
15:04:00.0216 4620 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:04:00.0247 4620 amdagp - ok
15:04:00.0294 4620 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
15:04:00.0325 4620 amdide - ok
15:04:00.0356 4620 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:04:00.0621 4620 AmdK7 - ok
15:04:00.0699 4620 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:04:00.0840 4620 AmdK8 - ok
15:04:00.0902 4620 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
15:04:00.0996 4620 Appinfo - ok
15:04:01.0089 4620 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:04:01.0136 4620 Apple Mobile Device - ok
15:04:01.0199 4620 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
15:04:01.0230 4620 arc - ok
15:04:01.0277 4620 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:04:01.0308 4620 arcsas - ok
15:04:01.0401 4620 [ 66597AD6098352D11239C0C42100B176 ] ASLDRService C:\Program Files\ATK Hotkey\ASLDRSrv.exe
15:04:01.0433 4620 ASLDRService ( UnsignedFile.Multi.Generic ) - warning
15:04:01.0433 4620 ASLDRService - detected UnsignedFile.Multi.Generic (1)
15:04:01.0573 4620 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:04:01.0604 4620 aspnet_state - ok
15:04:01.0667 4620 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:04:01.0760 4620 AsyncMac - ok
15:04:01.0823 4620 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
15:04:01.0854 4620 atapi - ok
15:04:01.0932 4620 [ B0C272DEF210B149C0BFA0D85600CE4B ] athr C:\Windows\system32\DRIVERS\athr.sys
15:04:02.0057 4620 athr - ok
15:04:02.0119 4620 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:04:02.0197 4620 AudioEndpointBuilder - ok
15:04:02.0213 4620 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:04:02.0275 4620 Audiosrv - ok
15:04:02.0322 4620 AVG Security Toolbar Service - ok
15:04:03.0149 4620 [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
15:04:03.0476 4620 AVGIDSAgent - ok
15:04:03.0554 4620 [ 4750A2A188D39034F5DDDDAE1BF38BF8 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
15:04:04.0148 4620 AVGIDSDriver - ok
15:04:04.0226 4620 [ B0DEF92F4E1E6B9242E6C8FAB82703F7 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
15:04:04.0257 4620 AVGIDSHX - ok
15:04:04.0335 4620 [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
15:04:04.0366 4620 AVGIDSShim - ok
15:04:04.0413 4620 [ 08FA13787D77A75DC413E27FD92B44E8 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
15:04:04.0444 4620 Avgldx86 - ok
15:04:04.0491 4620 [ 3E587EE55C70E6DB78A98D7121D3052E ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
15:04:04.0538 4620 Avglogx - ok
15:04:04.0585 4620 [ 5AC56B2CF8EE751796C5A8FC5C631B66 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
15:04:04.0616 4620 Avgmfx86 - ok
15:04:04.0678 4620 [ C29E6070396E437FDE184D739CCBA2C7 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
15:04:04.0710 4620 Avgrkx86 - ok
15:04:04.0803 4620 [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
15:04:04.0834 4620 Avgtdix - ok
15:04:04.0881 4620 [ 02A43ADBA362B89B7D5715221D5F3010 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
15:04:04.0912 4620 avgtp - ok
15:04:05.0115 4620 [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
15:04:05.0162 4620 avgwd - ok
15:04:05.0224 4620 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
15:04:05.0302 4620 Beep - ok
15:04:05.0412 4620 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
15:04:05.0505 4620 BFE - ok
15:04:05.0677 4620 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
15:04:05.0802 4620 BITS - ok
15:04:05.0802 4620 blbdrive - ok
15:04:05.0911 4620 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:04:05.0958 4620 Bonjour Service - ok
15:04:05.0989 4620 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:04:06.0067 4620 bowser - ok
15:04:06.0114 4620 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:04:06.0207 4620 BrFiltLo - ok
15:04:06.0238 4620 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:04:06.0301 4620 BrFiltUp - ok
15:04:06.0426 4620 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
15:04:06.0519 4620 Browser - ok
15:04:06.0582 4620 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:04:06.0706 4620 Brserid - ok
15:04:06.0722 4620 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:04:06.0862 4620 BrSerWdm - ok
15:04:06.0956 4620 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:04:07.0096 4620 BrUsbMdm - ok
15:04:07.0112 4620 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:04:07.0252 4620 BrUsbSer - ok
15:04:07.0299 4620 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:04:07.0440 4620 BTHMODEM - ok
15:04:07.0627 4620 catchme - ok
15:04:07.0689 4620 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:04:07.0767 4620 cdfs - ok
15:04:07.0830 4620 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:04:07.0908 4620 cdrom - ok
15:04:07.0970 4620 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
15:04:08.0048 4620 CertPropSvc - ok
15:04:08.0126 4620 [ C82162949BBA6CC5D006C7BD008F3CF1 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
15:04:08.0188 4620 CFSvcs ( UnsignedFile.Multi.Generic ) - warning
15:04:08.0188 4620 CFSvcs - detected UnsignedFile.Multi.Generic (1)
15:04:08.0235 4620 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
15:04:08.0344 4620 circlass - ok
15:04:08.0469 4620 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
15:04:08.0516 4620 CLFS - ok
15:04:08.0578 4620 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:04:08.0625 4620 clr_optimization_v2.0.50727_32 - ok
15:04:08.0734 4620 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:04:08.0751 4620 clr_optimization_v4.0.30319_32 - ok
15:04:08.0829 4620 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:04:08.0938 4620 CmBatt - ok
15:04:08.0985 4620 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:04:09.0016 4620 cmdide - ok
15:04:09.0079 4620 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:04:09.0110 4620 Compbatt - ok
15:04:09.0125 4620 COMSysApp - ok
15:04:09.0157 4620 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:04:09.0203 4620 crcdisk - ok
15:04:09.0250 4620 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:04:09.0391 4620 Crusoe - ok
15:04:09.0469 4620 [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:04:09.0547 4620 CryptSvc - ok
15:04:09.0593 4620 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys
15:04:09.0656 4620 CVirtA - ok
15:04:09.0859 4620 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:04:09.0968 4620 DcomLaunch - ok
15:04:09.0999 4620 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:04:10.0077 4620 DfsC - ok
15:04:10.0436 4620 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
15:04:10.0623 4620 DFSR - ok
15:04:10.0701 4620 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:04:10.0779 4620 Dhcp - ok
15:04:10.0841 4620 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
15:04:10.0873 4620 disk - ok
15:04:10.0935 4620 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:04:11.0029 4620 Dnscache - ok
15:04:11.0075 4620 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:04:11.0169 4620 dot3svc - ok
15:04:11.0231 4620 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
15:04:11.0309 4620 DPS - ok
15:04:11.0372 4620 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:04:11.0434 4620 drmkaud - ok
15:04:11.0497 4620 [ B2C3F71B86E25C3DF78339DDB40A7562 ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
15:04:11.0543 4620 dsNcAdpt - ok
15:04:11.0668 4620 [ 60AE3D932BC594FF9CDC91F7CD2C2015 ] dsNcService C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
15:04:11.0731 4620 dsNcService - ok
15:04:11.0824 4620 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
15:04:11.0855 4620 dtsoftbus01 - ok
15:04:12.0089 4620 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:04:12.0152 4620 DXGKrnl - ok
15:04:12.0199 4620 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:04:12.0323 4620 E1G60 - ok
15:04:12.0386 4620 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
15:04:12.0464 4620 EapHost - ok
15:04:12.0542 4620 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
15:04:12.0589 4620 Ecache - ok
15:04:12.0698 4620 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:04:12.0760 4620 ehRecvr - ok
15:04:12.0791 4620 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
15:04:12.0869 4620 ehSched - ok
15:04:12.0885 4620 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
15:04:12.0916 4620 ehstart - ok
15:04:12.0979 4620 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:04:13.0025 4620 elxstor - ok
15:04:13.0103 4620 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:04:13.0228 4620 EMDMgmt - ok
15:04:13.0275 4620 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
15:04:13.0353 4620 EventSystem - ok
15:04:13.0415 4620 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
15:04:13.0493 4620 exfat - ok
15:04:13.0556 4620 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:04:13.0634 4620 fastfat - ok
15:04:13.0696 4620 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:04:13.0822 4620 fdc - ok
15:04:13.0931 4620 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
15:04:13.0994 4620 fdPHost - ok
15:04:14.0040 4620 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:04:14.0181 4620 FDResPub - ok
15:04:14.0322 4620 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:04:14.0369 4620 FileInfo - ok
15:04:14.0525 4620 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:04:14.0634 4620 Filetrace - ok
15:04:14.0697 4620 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:04:14.0821 4620 flpydisk - ok
15:04:14.0915 4620 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:04:14.0962 4620 FltMgr - ok
15:04:15.0087 4620 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
15:04:15.0196 4620 FontCache - ok
15:04:15.0383 4620 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:04:15.0414 4620 FontCache3.0.0.0 - ok
15:04:15.0477 4620 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:04:15.0555 4620 Fs_Rec - ok
15:04:15.0586 4620 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:04:15.0617 4620 gagp30kx - ok
15:04:15.0679 4620 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:04:15.0711 4620 GEARAspiWDM - ok
15:04:15.0867 4620 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
15:04:15.0976 4620 gpsvc - ok
15:04:16.0085 4620 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:04:16.0116 4620 gupdate - ok
15:04:16.0163 4620 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:04:16.0194 4620 gupdatem - ok
15:04:16.0272 4620 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:04:16.0303 4620 gusvc - ok
15:04:16.0381 4620 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:04:16.0522 4620 HdAudAddService - ok
15:04:16.0818 4620 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:04:16.0927 4620 HDAudBus - ok
15:04:16.0974 4620 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:04:17.0099 4620 HidBth - ok
15:04:17.0146 4620 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:04:17.0333 4620 HidIr - ok
15:04:17.0536 4620 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
15:04:17.0629 4620 hidserv - ok
15:04:17.0661 4620 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:04:17.0739 4620 HidUsb - ok
15:04:17.0801 4620 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:04:17.0895 4620 hkmsvc - ok
15:04:18.0066 4620 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:04:18.0097 4620 HpCISSs - ok
15:04:18.0238 4620 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:04:18.0332 4620 HTTP - ok
15:04:18.0348 4620 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:04:18.0379 4620 i2omp - ok
15:04:18.0442 4620 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:04:18.0520 4620 i8042prt - ok
15:04:18.0582 4620 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:04:18.0613 4620 iaStor - ok
15:04:18.0816 4620 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:04:18.0864 4620 iaStorV - ok
15:04:18.0973 4620 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:04:19.0051 4620 idsvc - ok
15:04:19.0301 4620 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
15:04:19.0550 4620 igfx - ok
15:04:19.0581 4620 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:04:19.0628 4620 iirsp - ok
15:04:19.0800 4620 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
15:04:19.0971 4620 IKEEXT - ok
15:04:20.0642 4620 [ 6F62BAFE6150F3952F877051C65786FE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:04:20.0829 4620 IntcAzAudAddService - ok
15:04:20.0892 4620 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
15:04:20.0923 4620 intelide - ok
15:04:20.0970 4620 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:04:21.0063 4620 intelppm - ok
15:04:21.0126 4620 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:04:21.0219 4620 IPBusEnum - ok
15:04:21.0266 4620 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:04:21.0329 4620 IpFilterDriver - ok
15:04:21.0453 4620 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:04:21.0531 4620 iphlpsvc - ok
15:04:21.0531 4620 IpInIp - ok
15:04:21.0578 4620 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:04:21.0719 4620 IPMIDRV - ok
15:04:21.0765 4620 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:04:21.0859 4620 IPNAT - ok
15:04:21.0968 4620 [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:04:22.0031 4620 iPod Service - ok
15:04:22.0077 4620 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:04:22.0171 4620 IRENUM - ok
15:04:22.0202 4620 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:04:22.0233 4620 isapnp - ok
15:04:22.0296 4620 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:04:22.0327 4620 iScsiPrt - ok
15:04:22.0374 4620 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:04:22.0405 4620 iteatapi - ok
15:04:22.0421 4620 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:04:22.0467 4620 iteraid - ok
15:04:22.0545 4620 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:04:22.0577 4620 kbdclass - ok
15:04:22.0608 4620 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:04:22.0748 4620 kbdhid - ok
15:04:22.0779 4620 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
15:04:22.0857 4620 KeyIso - ok
15:04:22.0889 4620 [ A383F2CEA0A8F4E76E71ABC869BD5748 ] KR10I C:\Windows\system32\drivers\kr10i.sys
15:04:22.0967 4620 KR10I - ok
15:04:23.0060 4620 [ 6E9922332386C2A49936B30B2B6FD298 ] KR10N C:\Windows\system32\drivers\kr10n.sys
15:04:23.0123 4620 KR10N - ok
15:04:23.0232 4620 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:04:23.0294 4620 KSecDD - ok
15:04:23.0357 4620 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:04:23.0466 4620 KtmRm - ok
15:04:23.0559 4620 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
15:04:23.0653 4620 LanmanServer - ok
15:04:23.0731 4620 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:04:23.0825 4620 LanmanWorkstation - ok
15:04:23.0871 4620 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:04:23.0935 4620 lltdio - ok
15:04:23.0993 4620 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:04:24.0086 4620 lltdsvc - ok
15:04:24.0133 4620 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:04:24.0258 4620 lmhosts - ok
15:04:24.0305 4620 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:04:24.0336 4620 LSI_FC - ok
15:04:24.0367 4620 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:04:24.0398 4620 LSI_SAS - ok
15:04:24.0414 4620 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:04:24.0445 4620 LSI_SCSI - ok
15:04:24.0539 4620 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
15:04:24.0648 4620 luafv - ok
15:04:24.0741 4620 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:04:24.0804 4620 Mcx2Svc - ok
15:04:24.0866 4620 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
15:04:24.0897 4620 megasas - ok
15:04:24.0929 4620 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
15:04:25.0007 4620 MMCSS - ok
15:04:25.0053 4620 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
15:04:25.0147 4620 Modem - ok
15:04:25.0194 4620 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:04:25.0256 4620 monitor - ok
15:04:25.0303 4620 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:04:25.0334 4620 mouclass - ok
15:04:25.0350 4620 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:04:25.0443 4620 mouhid - ok
15:04:25.0475 4620 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:04:25.0500 4620 MountMgr - ok
15:04:25.0607 4620 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:04:25.0653 4620 MozillaMaintenance - ok
15:04:25.0700 4620 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
15:04:25.0731 4620 mpio - ok
15:04:25.0778 4620 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:04:25.0841 4620 mpsdrv - ok
15:04:25.0903 4620 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
15:04:25.0997 4620 MpsSvc - ok
15:04:26.0043 4620 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:04:26.0075 4620 Mraid35x - ok
15:04:26.0137 4620 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:04:26.0168 4620 MRxDAV - ok
15:04:26.0215 4620 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:04:26.0309 4620 mrxsmb - ok
15:04:26.0340 4620 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:04:26.0402 4620 mrxsmb10 - ok
15:04:26.0433 4620 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:04:26.0480 4620 mrxsmb20 - ok
15:04:26.0527 4620 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
15:04:26.0558 4620 msahci - ok
15:04:26.0589 4620 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:04:26.0621 4620 msdsm - ok
15:04:26.0683 4620 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
15:04:26.0777 4620 MSDTC - ok
15:04:26.0855 4620 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:04:26.0948 4620 Msfs - ok
15:04:27.0011 4620 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:04:27.0042 4620 msisadrv - ok
15:04:27.0104 4620 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:04:27.0213 4620 MSiSCSI - ok
15:04:27.0229 4620 msiserver - ok
15:04:27.0276 4620 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:04:27.0354 4620 MSKSSRV - ok
15:04:27.0416 4620 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:04:27.0479 4620 MSPCLOCK - ok
15:04:27.0525 4620 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:04:27.0603 4620 MSPQM - ok
15:04:27.0713 4620 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:04:27.0744 4620 MsRPC - ok
15:04:27.0931 4620 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:04:27.0962 4620 mssmbios - ok
15:04:28.0025 4620 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:04:28.0134 4620 MSTEE - ok
15:04:28.0181 4620 [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys
15:04:28.0259 4620 MTsensor - ok
15:04:28.0290 4620 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
15:04:28.0337 4620 Mup - ok
15:04:28.0477 4620 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
15:04:28.0571 4620 napagent - ok
15:04:28.0649 4620 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:04:28.0711 4620 NativeWifiP - ok
15:04:28.0789 4620 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:04:28.0851 4620 NDIS - ok
15:04:29.0007 4620 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:04:29.0085 4620 NdisTapi - ok
15:04:29.0335 4620 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:04:29.0413 4620 Ndisuio - ok
15:04:29.0507 4620 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:04:29.0569 4620 NdisWan - ok
15:04:29.0631 4620 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:04:29.0709 4620 NDProxy - ok
15:04:29.0819 4620 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:04:29.0912 4620 NetBIOS - ok
15:04:30.0162 4620 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:04:30.0209 4620 netbt - ok
15:04:30.0287 4620 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
15:04:30.0318 4620 Netlogon - ok
15:04:30.0536 4620 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
15:04:30.0630 4620 Netman - ok
15:04:30.0755 4620 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
15:04:30.0864 4620 netprofm - ok
15:04:30.0973 4620 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:04:31.0004 4620 NetTcpPortSharing - ok
15:04:31.0035 4620 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:04:31.0067 4620 nfrd960 - ok
15:04:31.0191 4620 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:04:31.0285 4620 NlaSvc - ok
15:04:31.0488 4620 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:04:31.0581 4620 Npfs - ok
15:04:31.0644 4620 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
15:04:31.0737 4620 nsi - ok
15:04:31.0784 4620 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:04:31.0847 4620 nsiproxy - ok
15:04:32.0252 4620 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:04:32.0377 4620 Ntfs - ok
15:04:32.0455 4620 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:04:32.0580 4620 ntrigdigi - ok
15:04:32.0736 4620 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
15:04:32.0798 4620 Null - ok
15:04:32.0892 4620 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:04:32.0923 4620 nvraid - ok
15:04:33.0001 4620 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:04:33.0032 4620 nvstor - ok
15:04:33.0173 4620 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:04:33.0204 4620 nv_agp - ok
15:04:33.0219 4620 NwlnkFlt - ok
15:04:33.0235 4620 NwlnkFwd - ok
15:04:33.0500 4620 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:04:33.0563 4620 odserv - ok
15:04:33.0609 4620 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:04:33.0750 4620 ohci1394 - ok
15:04:33.0828 4620 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:04:33.0875 4620 ose - ok
15:04:34.0093 4620 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:04:34.0233 4620 p2pimsvc - ok
15:04:34.0374 4620 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
15:04:34.0436 4620 p2psvc - ok
15:04:34.0530 4620 [ 9482616A0F87384C5AFB5F34A317BF6C ] PAC207 C:\Windows\system32\DRIVERS\PFC027.SYS
15:04:34.0623 4620 PAC207 - ok
15:04:34.0655 4620 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
15:04:34.0795 4620 Parport - ok
15:04:34.0951 4620 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:04:34.0982 4620 partmgr - ok
15:04:35.0154 4620 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:04:35.0372 4620 Parvdm - ok
15:04:35.0419 4620 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
15:04:35.0497 4620 PcaSvc - ok
15:04:35.0559 4620 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
15:04:35.0606 4620 pci - ok
15:04:35.0715 4620 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
15:04:35.0747 4620 pciide - ok
15:04:35.0856 4620 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:04:35.0903 4620 pcmcia - ok
15:04:36.0620 4620 [ 98655F862BB07CFB1CCC9262DA621AE1 ] PDF Architect Helper Service C:\Program Files\PDF Architect\HelperService.exe
15:04:36.0792 4620 PDF Architect Helper Service - ok
15:04:37.0229 4620 [ 73406F96E946F2B38615375269EF286F ] PDF Architect Service C:\Program Files\PDF Architect\ConversionService.exe
15:04:37.0369 4620 PDF Architect Service - ok
15:04:37.0447 4620 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:04:37.0634 4620 PEAUTH - ok
15:04:38.0477 4620 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
15:04:38.0695 4620 pla - ok
15:04:38.0742 4620 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:04:38.0804 4620 PlugPlay - ok
15:04:38.0867 4620 [ A1DD33D16F277CE34124EE52AB2C0F14 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
15:04:38.0898 4620 PnkBstrA - ok
15:04:38.0960 4620 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:04:39.0023 4620 PNRPAutoReg - ok
15:04:39.0039 4620 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:04:39.0133 4620 PNRPsvc - ok
15:04:39.0320 4620 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:04:39.0382 4620 PolicyAgent - ok
15:04:39.0445 4620 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:04:39.0538 4620 PptpMiniport - ok
15:04:39.0632 4620 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
15:04:39.0772 4620 Processor - ok
15:04:39.0928 4620 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
15:04:40.0053 4620 ProfSvc - ok
15:04:40.0084 4620 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:04:40.0131 4620 ProtectedStorage - ok
15:04:40.0552 4620 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:04:40.0646 4620 PSched - ok
15:04:40.0740 4620 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:04:40.0833 4620 ql2300 - ok
15:04:40.0911 4620 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:04:40.0974 4620 ql40xx - ok
15:04:41.0020 4620 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
15:04:41.0098 4620 QWAVE - ok
15:04:41.0145 4620 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:04:41.0208 4620 QWAVEdrv - ok
15:04:41.0254 4620 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:04:41.0317 4620 RasAcd - ok
15:04:41.0410 4620 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
15:04:41.0488 4620 RasAuto - ok
15:04:41.0613 4620 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:04:41.0691 4620 Rasl2tp - ok
15:04:41.0754 4620 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
15:04:41.0832 4620 RasMan - ok
15:04:41.0910 4620 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:04:41.0956 4620 RasPppoe - ok
15:04:42.0019 4620 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:04:42.0066 4620 RasSstp - ok
15:04:42.0159 4620 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:04:42.0237 4620 rdbss - ok
15:04:42.0268 4620 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:04:42.0378 4620 RDPCDD - ok
15:04:42.0487 4620 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:04:42.0627 4620 rdpdr - ok
15:04:42.0658 4620 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:04:42.0736 4620 RDPENCDD - ok
15:04:42.0783 4620 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:04:42.0846 4620 RDPWD - ok
15:04:42.0892 4620 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:04:42.0986 4620 RemoteAccess - ok
15:04:43.0033 4620 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:04:43.0126 4620 RemoteRegistry - ok
15:04:43.0173 4620 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
15:04:43.0236 4620 rimmptsk - ok
15:04:43.0251 4620 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
15:04:43.0314 4620 rimsptsk - ok
15:04:43.0345 4620 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
15:04:43.0392 4620 rismxdp - ok
15:04:43.0438 4620 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
15:04:43.0516 4620 RpcLocator - ok
15:04:43.0548 4620 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
15:04:43.0626 4620 RpcSs - ok
15:04:43.0657 4620 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:04:43.0750 4620 rspndr - ok
15:04:43.0813 4620 [ 5C5612756B380BCEDBF566A780FF9AFE ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys
15:04:43.0906 4620 RTL8023xp - ok
15:04:43.0969 4620 [ 6381D7FAC6CE956F37AA76031939F8CC ] s0017bus C:\Windows\system32\DRIVERS\s0017bus.sys
15:04:44.0000 4620 s0017bus - ok
15:04:44.0078 4620 [ 3A0B4FC02D9D79A4F7EE9C13E287C5EB ] s0017mdfl C:\Windows\system32\DRIVERS\s0017mdfl.sys
15:04:44.0095 4620 s0017mdfl - ok
15:04:44.0148 4620 [ AA689C79D62CAF565357520CAE065F17 ] s0017mdm C:\Windows\system32\DRIVERS\s0017mdm.sys
15:04:44.0179 4620 s0017mdm - ok
15:04:44.0195 4620 [ 547B1A09017A4C4CE6B535BA810523DA ] s0017mgmt C:\Windows\system32\DRIVERS\s0017mgmt.sys
15:04:44.0226 4620 s0017mgmt - ok
15:04:44.0273 4620 [ 6DB4820821E819CF61546E1F991A298D ] s0017nd5 C:\Windows\system32\DRIVERS\s0017nd5.sys
15:04:44.0288 4620 s0017nd5 - ok
15:04:44.0335 4620 [ D623BF6F04F7603EE1C4B59C737B69A7 ] s0017obex C:\Windows\system32\DRIVERS\s0017obex.sys
15:04:44.0366 4620 s0017obex - ok
15:04:44.0397 4620 [ 0C970A53FC43815E948628442F8983AD ] s0017unic C:\Windows\system32\DRIVERS\s0017unic.sys
15:04:44.0429 4620 s0017unic - ok
15:04:44.0460 4620 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
15:04:44.0491 4620 SamSs - ok
15:04:44.0553 4620 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:04:44.0569 4620 SASDIFSV - ok
15:04:44.0600 4620 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:04:44.0631 4620 SASKUTIL - ok
15:04:44.0678 4620 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:04:44.0709 4620 sbp2port - ok
15:04:44.0772 4620 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:04:44.0850 4620 SCardSvr - ok
15:04:44.0912 4620 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
15:04:45.0021 4620 Schedule - ok
15:04:45.0068 4620 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:04:45.0131 4620 SCPolicySvc - ok
15:04:45.0162 4620 [ 7B3973CC28B8AA3E9E2E5D53E720E2C9 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:04:45.0209 4620 sdbus - ok
15:04:45.0255 4620 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:04:45.0302 4620 SDRSVC - ok
15:04:45.0333 4620 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:04:45.0458 4620 secdrv - ok
15:04:45.0521 4620 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
15:04:45.0599 4620 seclogon - ok
15:04:45.0661 4620 [ E5B56569A9F79B70314FEDE6C953641E ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
15:04:45.0739 4620 seehcri - ok
15:04:45.0755 4620 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
15:04:45.0833 4620 SENS - ok
15:04:45.0848 4620 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:04:45.0957 4620 Serenum - ok
15:04:45.0989 4620 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
15:04:46.0113 4620 Serial - ok
15:04:46.0129 4620 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:04:46.0207 4620 sermouse - ok
15:04:46.0254 4620 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
15:04:46.0332 4620 SessionEnv - ok
15:04:46.0347 4620 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:04:46.0472 4620 sffdisk - ok
15:04:46.0488 4620 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:04:46.0597 4620 sffp_mmc - ok
15:04:46.0644 4620 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:04:46.0753 4620 sffp_sd - ok
15:04:46.0769 4620 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:04:46.0878 4620 sfloppy - ok
15:04:46.0925 4620 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:04:47.0003 4620 SharedAccess - ok
15:04:47.0065 4620 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:04:47.0127 4620 ShellHWDetection - ok
15:04:47.0159 4620 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:04:47.0190 4620 sisagp - ok
15:04:47.0205 4620 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:04:47.0237 4620 SiSRaid2 - ok
15:04:47.0268 4620 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:04:47.0299 4620 SiSRaid4 - ok
15:04:47.0361 4620 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
15:04:47.0393 4620 SkypeUpdate - ok
15:04:47.0564 4620 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
15:04:47.0751 4620 slsvc - ok
15:04:47.0798 4620 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:04:47.0876 4620 SLUINotify - ok
15:04:47.0923 4620 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:04:47.0985 4620 Smb - ok
15:04:48.0032 4620 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:04:48.0079 4620 SNMPTRAP - ok
15:04:48.0204 4620 [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
15:04:48.0235 4620 Sony PC Companion - ok
15:04:48.0282 4620 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
15:04:48.0313 4620 spldr - ok
15:04:48.0375 4620 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
15:04:48.0469 4620 Spooler - ok
15:04:48.0516 4620 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:04:48.0578 4620 srv - ok
15:04:48.0625 4620 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:04:48.0703 4620 srv2 - ok
15:04:48.0719 4620 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:04:48.0765 4620 srvnet - ok
15:04:48.0828 4620 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:04:48.0907 4620 SSDPSRV - ok
15:04:48.0985 4620 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:04:49.0047 4620 SstpSvc - ok
15:04:49.0094 4620 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
15:04:49.0172 4620 StillCam - ok
15:04:49.0235 4620 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
15:04:49.0313 4620 stisvc - ok
15:04:49.0329 4620 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:04:49.0376 4620 swenum - ok
15:04:49.0438 4620 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
15:04:49.0516 4620 swprv - ok
15:04:49.0563 4620 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:04:49.0594 4620 Symc8xx - ok
15:04:49.0610 4620 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:04:49.0657 4620 Sym_hi - ok
15:04:49.0672 4620 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:04:49.0719 4620 Sym_u3 - ok
15:04:49.0766 4620 [ BAA29028E7DB52837198465C5C53A2F0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:04:49.0813 4620 SynTP - ok
15:04:49.0891 4620 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
15:04:49.0984 4620 SysMain - ok
15:04:50.0031 4620 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:04:50.0078 4620 TabletInputService - ok
15:04:50.0140 4620 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:04:50.0234 4620 TapiSrv - ok
15:04:50.0265 4620 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
15:04:50.0343 4620 TBS - ok
15:04:50.0405 4620 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:04:50.0499 4620 Tcpip - ok
15:04:50.0530 4620 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:04:50.0608 4620 Tcpip6 - ok
15:04:50.0655 4620 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:04:50.0717 4620 tcpipreg - ok
15:04:50.0764 4620 [ 1825BCEB47BF41C5A9F0E44DE82FC27A ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
15:04:50.0827 4620 tdcmdpst - ok
15:04:50.0873 4620 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:04:50.0951 4620 TDPIPE - ok
15:04:50.0983 4620 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:04:51.0045 4620 TDTCP - ok
15:04:51.0092 4620 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:04:51.0154 4620 tdx - ok
15:04:51.0170 4620 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:04:51.0217 4620 TermDD - ok
15:04:51.0248 4620 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
15:04:51.0357 4620 TermService - ok
15:04:51.0388 4620 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
15:04:51.0435 4620 Themes - ok
15:04:51.0466 4620 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
15:04:51.0529 4620 THREADORDER - ok
15:04:51.0560 4620 [ D540858E65BFA6FDED41AD2495ECE344 ] TODDSrv C:\Windows\system32\TODDSrv.exe
15:04:51.0607 4620 TODDSrv ( UnsignedFile.Multi.Generic ) - warning
15:04:51.0607 4620 TODDSrv - detected UnsignedFile.Multi.Generic (1)
15:04:51.0653 4620 [ 1EA5F27C29405BF49799FECA77186DA9 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys
15:04:51.0700 4620 tos_sps32 - ok
15:04:51.0731 4620 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
15:04:51.0825 4620 TrkWks - ok
15:04:51.0919 4620 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:04:51.0997 4620 TrustedInstaller - ok
15:04:52.0028 4620 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:04:52.0106 4620 tssecsrv - ok
15:04:52.0168 4620 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:04:52.0215 4620 tunmp - ok
15:04:52.0262 4620 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:04:52.0309 4620 tunnel - ok
15:04:52.0355 4620 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:04:52.0387 4620 uagp35 - ok
15:04:52.0449 4620 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:04:52.0527 4620 udfs - ok
15:04:52.0574 4620 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:04:52.0652 4620 UI0Detect - ok
15:04:52.0667 4620 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:04:52.0699 4620 uliagpkx - ok
15:04:52.0730 4620 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:04:52.0777 4620 uliahci - ok
15:04:52.0808 4620 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:04:52.0839 4620 UlSata - ok
15:04:52.0855 4620 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:04:52.0901 4620 ulsata2 - ok
15:04:52.0933 4620 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:04:52.0995 4620 umbus - ok
15:04:53.0042 4620 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
15:04:53.0151 4620 upnphost - ok
15:04:53.0182 4620 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
15:04:53.0245 4620 USBAAPL - ok
15:04:53.0307 4620 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:04:53.0385 4620 usbaudio - ok
15:04:53.0416 4620 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:04:53.0494 4620 usbccgp - ok
15:04:53.0525 4620 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:04:53.0635 4620 usbcir - ok
15:04:53.0697 4620 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:04:53.0759 4620 usbehci - ok
15:04:53.0791 4620 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:04:53.0853 4620 usbhub - ok
15:04:53.0869 4620 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:04:53.0994 4620 usbohci - ok
15:04:54.0026 4620 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:04:54.0104 4620 usbprint - ok
15:04:54.0166 4620 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:04:54.0213 4620 usbscan - ok
15:04:54.0276 4620 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:04:54.0339 4620 USBSTOR - ok
15:04:54.0370 4620 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:04:54.0432 4620 usbuhci - ok
15:04:54.0479 4620 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
15:04:54.0541 4620 UxSms - ok
15:04:54.0604 4620 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
15:04:54.0682 4620 vds - ok
15:04:54.0713 4620 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:04:54.0822 4620 vga - ok
15:04:54.0869 4620 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
15:04:54.0964 4620 VgaSave - ok
15:04:54.0995 4620 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:04:55.0026 4620 viaagp - ok
15:04:55.0042 4620 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:04:55.0166 4620 ViaC7 - ok
15:04:55.0198 4620 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
15:04:55.0229 4620 viaide - ok
15:04:55.0244 4620 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:04:55.0276 4620 volmgr - ok
15:04:55.0338 4620 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:04:55.0385 4620 volmgrx - ok
15:04:55.0432 4620 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:04:55.0478 4620 volsnap - ok
15:04:55.0541 4620 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:04:55.0588 4620 vsmraid - ok
15:04:55.0666 4620 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
15:04:55.0775 4620 VSS - ok
15:04:55.0900 4620 [ 4B817450226F93C31ADD5BCC27FED27A ] vToolbarUpdater15.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
15:04:55.0993 4620 vToolbarUpdater15.2.0 - ok
15:04:56.0040 4620 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
15:04:56.0102 4620 W32Time - ok
15:04:56.0134 4620 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:04:56.0258 4620 WacomPen - ok
15:04:56.0290 4620 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:04:56.0368 4620 Wanarp - ok
15:04:56.0368 4620 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:04:56.0430 4620 Wanarpv6 - ok
15:04:56.0524 4620 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:04:56.0586 4620 wcncsvc - ok
15:04:56.0617 4620 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:04:56.0695 4620 WcsPlugInService - ok
15:04:56.0726 4620 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
15:04:56.0758 4620 Wd - ok
15:04:56.0804 4620 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:04:56.0882 4620 Wdf01000 - ok
15:04:56.0929 4620 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:04:57.0007 4620 WdiServiceHost - ok
15:04:57.0023 4620 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:04:57.0101 4620 WdiSystemHost - ok
15:04:57.0148 4620 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
15:04:57.0194 4620 WebClient - ok
15:04:57.0257 4620 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:04:57.0350 4620 Wecsvc - ok
15:04:57.0382 4620 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:04:57.0460 4620 wercplsupport - ok
15:04:57.0506 4620 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
15:04:57.0569 4620 WerSvc - ok
15:04:57.0647 4620 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:04:57.0694 4620 WinDefend - ok
15:04:57.0709 4620 WinHttpAutoProxySvc - ok
15:04:57.0803 4620 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:04:57.0865 4620 Winmgmt - ok
15:04:57.0943 4620 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
15:04:58.0068 4620 WinRM - ok
15:04:58.0162 4620 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:04:58.0271 4620 Wlansvc - ok
15:04:58.0302 4620 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:04:58.0411 4620 WmiAcpi - ok
15:04:58.0474 4620 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:04:58.0536 4620 wmiApSrv - ok
15:04:58.0630 4620 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:04:58.0754 4620 WMPNetworkSvc - ok
15:04:58.0786 4620 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:04:58.0879 4620 WPCSvc - ok
15:04:58.0942 4620 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:04:59.0035 4620 WPDBusEnum - ok
15:04:59.0113 4620 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
15:04:59.0160 4620 WpdUsb - ok
15:04:59.0456 4620 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:04:59.0534 4620 WPFFontCache_v0400 - ok
15:04:59.0566 4620 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:04:59.0644 4620 ws2ifsl - ok
15:04:59.0690 4620 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
15:04:59.0737 4620 wscsvc - ok
15:04:59.0784 4620 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
15:04:59.0831 4620 WSDPrintDevice - ok
15:04:59.0893 4620 [ 65D1FF8AAFF4A7D8F787A290E5087816 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
15:04:59.0987 4620 WSDScan - ok
15:05:00.0002 4620 WSearch - ok
15:05:00.0361 4620 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:05:00.0502 4620 wuauserv - ok
15:05:00.0548 4620 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:05:00.0611 4620 WudfPf - ok
15:05:00.0673 4620 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:05:00.0720 4620 WUDFRd - ok
15:05:00.0751 4620 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:05:00.0798 4620 wudfsvc - ok
15:05:00.0907 4620 [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8 ] Yontoo Desktop Updater C:\Program Files\Yontoo\Y2Desktop.Updater.exe
15:05:00.0907 4620 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - warning
15:05:00.0907 4620 Yontoo Desktop Updater - detected UnsignedFile.Multi.Generic (1)
15:05:00.0938 4620 ================ Scan global ===============================
15:05:01.0001 4620 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:05:01.0048 4620 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
15:05:01.0079 4620 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
15:05:01.0157 4620 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:05:01.0157 4620 [Global] - ok
15:05:01.0157 4620 ================ Scan MBR ==================================
15:05:01.0172 4620 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:05:02.0436 4620 \Device\Harddisk0\DR0 - ok
15:05:02.0436 4620 ================ Scan VBR ==================================
15:05:02.0467 4620 [ 9F66481563F3E13E18297B6867A6DE48 ] \Device\Harddisk0\DR0\Partition1
15:05:02.0467 4620 \Device\Harddisk0\DR0\Partition1 - ok
15:05:02.0498 4620 [ ED80CB87387BC837C59B31D2DB9654D6 ] \Device\Harddisk0\DR0\Partition2
15:05:02.0498 4620 \Device\Harddisk0\DR0\Partition2 - ok
15:05:02.0498 4620 ============================================================
15:05:02.0498 4620 Scan finished
15:05:02.0498 4620 ============================================================
15:05:02.0514 5612 Detected object count: 5
15:05:02.0514 5612 Actual detected object count: 5
15:05:30.0956 5612 !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:30.0956 5612 !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:30.0971 5612 ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:30.0971 5612 ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:30.0971 5612 CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:30.0971 5612 CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:30.0971 5612 TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:30.0971 5612 TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:30.0987 5612 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:30.0987 5612 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
Bei der Gelegenheit habe ich noch eine alte TDSSKiller-log sowie eine alte ComboFix-log gefunden (Februar 2012). Weiß nicht, ob die auch relevant sind, ich hänge sie der Vollständigkeit halber einfach mal dran  . |
|
19.06.2013, 15:15
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.06.2013, 10:02
| #9 |
| | Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox JRT.txt: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Freddy on 19.06.2013 at 21:54:48,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Failed to stop: [Service] yontoo desktop updater
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\yontoo desktop
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\tbcommonutils.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\Freddy\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Freddy\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\Freddy\AppData\Roaming\yontoo"
Successfully deleted: [Folder] "C:\Users\Freddy\appdata\locallow\toolbar4"
Successfully deleted: [Folder] "C:\Program Files\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files\yontoo"
~~~ FireFox
Successfully deleted: [File] C:\Users\Freddy\AppData\Roaming\mozilla\firefox\profiles\grohfmrs.default\user.js
Successfully deleted: [File] C:\Users\Freddy\AppData\Roaming\mozilla\firefox\profiles\grohfmrs.default\invalidprefs.js
Successfully deleted: [Folder] C:\Users\Freddy\AppData\Roaming\mozilla\firefox\profiles\grohfmrs.default\extensions\plugin@yontoo.com
Successfully deleted the following from C:\Users\Freddy\AppData\Roaming\mozilla\firefox\profiles\grohfmrs.default\prefs.js
user_pref("avg.toolbar.buttons_icon", ",,chrome://avg/skin/safesurf.png,chrome://avg/skin/safesurf.png,chrome://avg/skin/safesearch.png,chrome://avg/skin/avglinks.png,chrome:/
user_pref("vshare.install.date", "1330384944");
user_pref("vshare.install.finished", "1.0.0");
user_pref("vshare.install.fresh", "false");
user_pref("vshare.install.guid", "{4d20e147-5782-4cd9-83bd-cc4a189d69cc}");
user_pref("vshare.install.newtab", false);
Emptied folder: C:\Users\Freddy\AppData\Roaming\mozilla\firefox\profiles\grohfmrs.default\minidumps [172 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.06.2013 at 21:59:15,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 19/06/2013 um 22:28:08 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Freddy - HOME-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Freddy\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : Yontoo Desktop Updater
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Gelöscht mit Neustart : C:\Program Files\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Freddy\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Freddy\AppData\Local\AVG Security Toolbar
Ordner Gelöscht : C:\Users\Freddy\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Freddy\AppData\LocalLow\AVG Security Toolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16490
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Freddy\AppData\Roaming\Mozilla\Firefox\Profiles\grohfmrs.default\prefs.js
Gelöscht : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.2.0.5");
Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Gelöscht : user_pref("extentions.y2layers.installId", "52eb2707-18f7-47a9-b711-baefa354cf63");
Gelöscht : user_pref("vshare.install.date", "1371673263");
Gelöscht : user_pref("vshare.install.finished", "1.0.0");
Gelöscht : user_pref("vshare.install.fresh", "false");
Gelöscht : user_pref("vshare.install.guid", "{6ea53c39-8b59-491d-9c93-af94eecaca2d}");
Gelöscht : user_pref("vshare.install.newtab", false);
*************************
AdwCleaner[S1].txt - [8873 octets] - [19/06/2013 22:28:08]
########## EOF - C:\AdwCleaner[S1].txt - [8933 octets] ##########
OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.06.2013 04:18:03 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Freddy\Desktop\V-Scanner Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 36,89% Memory free 4,22 Gb Paging File | 2,69 Gb Available in Paging File | 63,88% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,52 Gb Total Space | 13,42 Gb Free Space | 18,01% Space Free | Partition Type: NTFS Drive E: | 73,06 Gb Total Space | 55,69 Gb Free Space | 76,23% Space Free | Partition Type: NTFS Computer Name: HOME-PC | User Name: Freddy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Freddy\Desktop\V-Scanner\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe (Adobe Systems, Inc.) PRC - C:\Users\Freddy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search) PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony) PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe () PRC - C:\Program Files\PDF Architect\HelperService.exe (pdfforge GbR) PRC - C:\Program Files\PDF Architect\ConversionService.exe (pdfforge GbR) PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) PRC - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100) PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe () PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll () MOD - C:\Users\Freddy\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll () MOD - C:\Users\Freddy\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Program Files\Sony\Sony PC Companion\MExplorer.dll () MOD - C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () ========== Services (SafeList) ========== SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (vToolbarUpdater15.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe (AVG Secure Search) SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Sony PC Companion) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (PDF Architect Helper Service) -- C:\Program Files\PDF Architect\HelperService.exe (pdfforge GbR) SRV - (PDF Architect Service) -- C:\Program Files\PDF Architect\ConversionService.exe (pdfforge GbR) SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com) SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe () SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Freddy\AppData\Local\Temp\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (dsNcAdpt) -- C:\Windows\System32\drivers\dsNcAdpt.sys (Juniper Networks) DRV - (WSDScan) -- C:\Windows\System32\drivers\WSDScan.sys (Microsoft Corporation) DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (s0017mgmt) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017nd5) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation) DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation ) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION) DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 92 20 C5 A6 F5 CC 01 [binary data] IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\..\SearchScopes\{A3E61A4B-FA03-4F1A-B8A1-EA2C2022E5FE}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: "" FF - prefs.js..extensions.enabledAddons: %7Bdd05fd3d-18df-4ce4-ae53-e795339c5f01%7D:1.21 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.04 11:57:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012.12.20 15:15:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.30 21:55:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.30 21:55:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{BC8B309B-75FF-401C-A4D3-3E779FD88379}: C:\Users\Freddy\AppData\Local\{BC8B309B-75FF-401C-A4D3-3E779FD88379} FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.30 21:55:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.30 21:55:30 | 000,000,000 | ---D | M] [2008.09.02 09:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Freddy\AppData\Roaming\mozilla\Extensions [2013.06.19 21:58:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions [2010.01.23 01:05:56 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66} [2013.05.29 11:49:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.31 18:20:00 | 000,000,000 | ---D | M] (FIFA Online Web Launcher) -- C:\Users\Freddy\AppData\Roaming\mozilla\Firefox\Profiles\grohfmrs.default\extensions\eafo3fflauncher@ea.com [2013.05.09 00:04:14 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Freddy\AppData\Roaming\mozilla\firefox\profiles\grohfmrs.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.09.15 14:31:43 | 000,089,388 | ---- | M] () (No name found) -- C:\Users\Freddy\AppData\Roaming\mozilla\firefox\profiles\grohfmrs.default\extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2013.05.24 04:58:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013.05.24 04:58:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009.06.24 13:51:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.10.04 11:56:54 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll O1 HOSTS File: ([2012.11.06 18:26:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found O4 - HKLM..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA) O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba) O4 - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Freddy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1500827056-3957875689-2215453943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} file:///C:/Program%20Files/ProENGINEER%20Student%20Edition/i486_nt/obj/pvx_install.exe (Reg Error: Key error.) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.21.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDB99B38-9040-4AD3-A534-6A04B83AE8CD}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img34.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img34.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.06.19 21:54:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.19 21:54:26 | 000,000,000 | ---D | C] -- C:\JRT [2013.06.19 21:50:58 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Freddy\Desktop\JRT.exe [2013.06.19 15:00:33 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Freddy\Desktop\tdsskiller.exe [2013.06.19 14:32:06 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Freddy\Desktop\aswMBR.exe [2013.06.19 13:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013.06.19 13:44:33 | 000,000,000 | ---D | C] -- C:\Users\Freddy\Desktop\mbar [2013.06.17 11:39:25 | 000,000,000 | R--D | C] -- C:\Users\Freddy\Desktop\V-Scanner [2013.06.12 18:24:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.06.12 18:24:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.06.12 18:24:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.06.12 18:24:08 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.06.12 18:24:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.06.12 18:24:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.06.12 18:24:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.06.12 18:24:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.06.12 12:29:15 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll [2013.06.12 12:29:06 | 000,812,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe [2013.06.12 12:29:04 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll [2013.06.12 12:27:51 | 003,603,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.06.12 12:27:49 | 003,551,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.06.12 12:27:18 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll [2013.06.11 11:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.06.06 23:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.06.06 23:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.06.06 23:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.06.06 23:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.06.04 16:36:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony [2013.06.03 17:54:18 | 000,027,632 | ---- | C] (Sony Ericsson Mobile Communications) -- C:\Windows\System32\drivers\seehcri.sys [2013.05.30 21:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.05.29 01:47:52 | 000,000,000 | ---D | C] -- C:\Users\Freddy\Contacts [2013.05.29 01:32:52 | 000,000,000 | ---D | C] -- C:\Users\Freddy\Documents\Sony Ericsson [2013.05.29 01:12:47 | 000,000,000 | ---D | C] -- C:\Users\Freddy\AppData\Local\Sony Ericsson [2013.05.24 04:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [1 C:\Users\Freddy\Documents\*.tmp files -> C:\Users\Freddy\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.20 04:09:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.20 04:08:17 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.20 04:07:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.19 22:53:06 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.19 22:52:39 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2013.06.19 22:51:04 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.19 22:51:03 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.19 22:28:56 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.06.19 22:27:24 | 000,648,201 | ---- | M] () -- C:\Users\Freddy\Desktop\adwcleaner.exe [2013.06.19 21:51:01 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Freddy\Desktop\JRT.exe [2013.06.19 15:00:50 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Freddy\Desktop\tdsskiller.exe [2013.06.19 14:54:10 | 000,000,512 | ---- | M] () -- C:\Users\Freddy\Desktop\MBR.dat [2013.06.19 14:33:10 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Freddy\Desktop\aswMBR.exe [2013.06.19 13:44:03 | 013,169,742 | ---- | M] () -- C:\Users\Freddy\Desktop\mbar-1.06.0.1003.zip [2013.06.19 11:27:59 | 000,000,854 | ---- | M] () -- C:\Users\Freddy\Documents\AVG_22-05-13.csv [2013.06.18 11:59:33 | 000,000,299 | ---- | M] () -- C:\Users\Freddy\Freddy - Verknüpfung.lnk [2013.06.17 11:31:40 | 000,000,156 | ---- | M] () -- C:\Users\Freddy\defogger_reenable [2013.06.12 01:02:49 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.06.12 01:02:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.06.11 11:13:24 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.06.10 23:47:53 | 000,175,104 | ---- | M] () -- C:\Users\Freddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.06.06 23:28:31 | 000,001,629 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.06.04 16:36:41 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013.06.03 19:16:08 | 000,000,957 | ---- | M] () -- C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.06.03 19:15:34 | 000,000,927 | ---- | M] () -- C:\Users\Freddy\Desktop\Dropbox.lnk [2013.06.03 17:37:43 | 000,639,460 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.06.03 17:37:43 | 000,605,014 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.06.03 17:37:43 | 000,131,274 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.06.03 17:37:43 | 000,108,346 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.30 21:54:53 | 000,001,691 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.05.21 17:17:02 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [1 C:\Users\Freddy\Documents\*.tmp files -> C:\Users\Freddy\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.19 22:28:26 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.06.19 22:27:19 | 000,648,201 | ---- | C] () -- C:\Users\Freddy\Desktop\adwcleaner.exe [2013.06.19 14:54:10 | 000,000,512 | ---- | C] () -- C:\Users\Freddy\Desktop\MBR.dat [2013.06.19 13:43:49 | 013,169,742 | ---- | C] () -- C:\Users\Freddy\Desktop\mbar-1.06.0.1003.zip [2013.06.19 11:27:58 | 000,000,854 | ---- | C] () -- C:\Users\Freddy\Documents\AVG_22-05-13.csv [2013.06.18 11:59:33 | 000,000,299 | ---- | C] () -- C:\Users\Freddy\Freddy - Verknüpfung.lnk [2013.06.06 23:28:31 | 000,001,629 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.06.04 16:36:41 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013.06.03 19:09:08 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job [2013.05.30 21:54:53 | 000,001,691 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2013.04.30 02:26:03 | 000,000,087 | ---- | C] () -- C:\Windows\SIERRA.INI [2013.01.30 00:13:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.02.28 17:21:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.02.28 17:21:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.02.28 17:21:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.02.28 17:21:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.02.28 17:21:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.02.24 17:54:29 | 000,000,156 | ---- | C] () -- C:\Users\Freddy\defogger_reenable [2011.11.11 04:04:47 | 000,000,094 | ---- | C] () -- C:\Users\Freddy\AppData\Local\fusioncache.dat [2011.10.12 03:20:55 | 000,000,206 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.04.23 20:07:00 | 000,000,120 | ---- | C] () -- C:\Users\Freddy\AppData\Local\Mnubiwa.dat [2011.04.23 20:07:00 | 000,000,000 | ---- | C] () -- C:\Users\Freddy\AppData\Local\Jjuyi.bin [2010.11.26 11:09:06 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2010.08.31 18:22:50 | 000,139,152 | ---- | C] () -- C:\Users\Freddy\AppData\Roaming\PnkBstrK.sys [2010.03.11 21:15:39 | 000,017,408 | ---- | C] () -- C:\Users\Freddy\AppData\Local\WebpageIcons.db [2010.02.28 18:29:30 | 000,000,600 | ---- | C] () -- C:\Users\Freddy\PUTTY.RND [2010.01.23 03:48:05 | 000,008,026 | ---- | C] () -- C:\Users\Freddy\AppData\Roaming\.civclientrc [2009.11.23 14:03:32 | 000,001,356 | ---- | C] () -- C:\Users\Freddy\AppData\Local\d3d9caps.dat [2009.02.10 22:33:53 | 000,000,016 | ---- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2 [2008.01.05 19:51:14 | 000,175,104 | ---- | C] () -- C:\Users\Freddy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.11.15 19:33:52 | 000,000,016 | ---- | C] () -- C:\Users\Freddy\AppData\Roaming\mxfilerelatedcache.mxc2 [2007.11.15 19:33:52 | 000,000,016 | ---- | C] () -- C:\Users\Freddy\AppData\Local\mxfilerelatedcache.mxc2 [2007.11.15 19:33:48 | 000,000,016 | ---- | C] () -- C:\Users\Freddy\mxfilerelatedcache.mxc2 [2007.11.01 17:45:16 | 000,000,016 | ---- | C] () -- C:\Users\Freddy\persistent_state ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.06.2013 04:18:03 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Freddy\Desktop\V-Scanner
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 36,89% Memory free
4,22 Gb Paging File | 2,69 Gb Available in Paging File | 63,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 13,42 Gb Free Space | 18,01% Space Free | Partition Type: NTFS
Drive E: | 73,06 Gb Total Space | 55,69 Gb Free Space | 76,23% Space Free | Partition Type: NTFS
Computer Name: HOME-PC | User Name: Freddy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1500827056-3957875689-2215453943-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13C90E0E-A629-41BC-AF98-66CE148B5C2D}" = rport=137 | protocol=17 | dir=out | app=system |
"{1883CDEA-9102-40A3-8D17-926662DF66A4}" = lport=139 | protocol=6 | dir=in | app=system |
"{1F02F3D2-9D38-410F-9EB3-430A9B395037}" = lport=138 | protocol=17 | dir=in | app=system |
"{63731208-F33B-44A9-880B-946F947B1083}" = rport=138 | protocol=17 | dir=out | app=system |
"{6551E1B4-B1B1-4234-88F5-FBE5349B0EC1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8CEC1E07-0E7A-42A8-8F2C-FF403B01C2E2}" = lport=445 | protocol=6 | dir=in | app=system |
"{9B1A6857-391A-42DE-B45C-32C3C31E88AE}" = rport=445 | protocol=6 | dir=out | app=system |
"{BA1B3DA4-0C4A-4348-A3C4-0A94853C71D0}" = rport=139 | protocol=6 | dir=out | app=system |
"{BFD6E303-DB27-4094-942E-E6BC1BAB9472}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C6CD8ABA-946F-4D5D-BCED-3C45483FA016}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06CCD0B2-C7F1-4A62-9B3A-73B95ACD4DB7}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{0A9484CD-46EF-4948-8BFB-AA54D0CDDD01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D75D503-B355-4FDF-9A60-A2667FE98EFE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{1A0B3620-F847-417C-B537-BB0939F1CF11}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{28BA928A-1C7C-4F3E-A200-8A5B6187E3FC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2A63B805-44A2-44FD-BBD1-8F4B19EABE8E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{31CEDA88-B26A-42E3-B99A-195991F04A51}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{337387A3-FE6E-4D8C-B124-C8C9CCCD2526}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{35B8F017-0308-42C7-8288-AED729463C45}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3C662165-808C-465C-B2CE-7AEDC7207482}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{3FA5E4D3-6309-4853-9D55-67EA81FE3DEB}" = protocol=17 | dir=in | app=f:\alicesetup.exe |
"{4A501CF4-EBDB-4832-AAC1-62033138E4D7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4DD7B992-9E23-4586-AB40-5F545C1DD21A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{5B98C980-EBEA-4315-990C-8E850F5C606F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{5D631426-89F2-411B-8E11-DF9C95D08B29}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{6018F1E6-D394-4B9B-BB20-2E300C1008CC}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{62F03426-8092-420F-84DA-0B147EE8166F}" = protocol=17 | dir=in | app=c:\users\freddy\appdata\roaming\dropbox\bin\dropbox.exe |
"{632C0B95-42D1-4ABF-B913-A7E09FAFA8DA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{6892DCCC-FEA0-4E61-8756-E76F0CC47CA9}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{72B43C2F-DCD6-4CC9-A385-BAF223D41387}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{7777196C-419C-4858-A2F8-849A376DEA6A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{7BE75BFB-99A7-4269-BA41-FF31F9FE9F43}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{8B584AA0-83FB-445E-A588-AD48AA13AB42}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{8C7C004A-DEA0-4C4E-A525-28A3DB3C73B9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{8EC10E0C-6163-44AE-91F0-3A69B7B7C1A3}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{9274595B-99D2-4CDA-B569-A05221864E38}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{97B17415-EC7F-482E-A4D3-EAB239895F93}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{98F7CA46-7B41-435F-954A-524652A56FBB}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{9E6B0D20-204D-44BA-BFD1-2E86DCAB1EE1}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{A63584E5-3726-47FB-9435-3A636E043651}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{ACBE206E-1A36-4484-B9F3-AC74FC613A45}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{AD90903D-FCBC-4CDA-88E7-E6F204AAA191}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{B1A6D0D0-2C0D-4794-BE35-09A16070D4A4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{BAB92817-AD63-4FC3-B97E-11E9489C027C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BF6B7563-2013-4C09-BA00-274A50FBE300}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{C263444B-EF16-4D6D-8711-B51938BD21BB}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{D1B5D380-95BC-4D55-899E-B8C54BBA5904}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{D1D6B5C5-642D-47F9-94E8-FFDA274CDDA2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{D576EE70-8F74-4D5D-9508-FB2CAD1AE921}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D6AB8B5B-A33C-4819-A6A1-613DFBE0FA7C}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{D82F9709-A617-4BF9-A567-C9DCAFB7B1BD}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{D8DE3341-0E5F-4AC2-8DEB-0697701CE72A}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{D96F2A99-BBAF-4B64-8157-4E5D35BEC389}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DBF2A352-1EB1-414D-A9CC-00552DC9FCA9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DD718E12-5055-4FCC-A091-183EBDD845A8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DEB658C9-39F3-493E-97B9-5A721131F47D}" = protocol=6 | dir=in | app=c:\users\freddy\appdata\roaming\dropbox\bin\dropbox.exe |
"{E1826C71-58D1-4897-A106-AB183FDE55CF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{E3DD6F57-B910-406E-A1A9-48E294CDF9DD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{E4666163-A852-4C5B-BAE3-F548C3311ACA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E4F2C630-8DE2-4CFE-9F3C-36F7DF597A9D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{E569FB48-6B51-49CB-8230-4A611A4035DA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E8D72D61-3F8F-49D1-B0FA-4D5C992193F8}" = protocol=6 | dir=in | app=f:\alicesetup.exe |
"{F951C6EB-CFAD-43F8-9C0C-79408F159DC3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{FC9834A8-CCD8-48FB-AD1E-EAA497728486}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{FCBC7F67-9439-42E3-8477-D583DA907653}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"TCP Query User{0CE5C2EE-1913-4A82-8BE8-12C1993A4FDB}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{0F3DD217-9C93-420F-9090-F47CD81D22EC}C:\program files\proengineer student edition\i486_nt\obj\ptcvconf.exe" = protocol=6 | dir=in | app=c:\program files\proengineer student edition\i486_nt\obj\ptcvconf.exe |
"TCP Query User{143AA5D3-E184-47BD-A3B1-25F6B92BEB6A}C:\program files\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe |
"TCP Query User{2151C05B-3CB1-4487-A62A-BB11F0367D59}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{21661621-8D6A-4B09-AB41-15C14049EFD1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{24DCDC03-A16E-4DDD-BE10-E3A8F405AF58}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{2B97F9DA-4A0A-41FE-B4B3-1D53B1F5CDB7}C:\program files\joost\xulrunner\tvprunner.exe" = protocol=6 | dir=in | app=c:\program files\joost\xulrunner\tvprunner.exe |
"TCP Query User{327AE9FA-6869-4546-B4C7-59534E40DADE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3C6D926A-E179-47A7-AC54-35B36263AB59}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{3ED8DF9A-9A9F-49D7-A5DA-DB8152A0812B}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{454710FA-A973-4A2D-A62B-9A6EA24A2DCB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4676846A-3C67-4489-A074-0FD4097A7E28}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{4AAC6EE0-337A-4E51-8DB9-8491212D9665}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{4B2A6FAF-933C-4E93-B5B9-7907912AA96D}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{4C8DDB83-AEE6-4B97-AC95-5C68B1917ADB}C:\users\freddy\downloads\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\freddy\downloads\eclipse\eclipse.exe |
"TCP Query User{4DA57036-83FF-483B-B2D6-784EA5C6570F}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe |
"TCP Query User{596EA95A-ED98-44CD-995D-D6F0B7F08570}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{5A8C498E-10E4-43B1-AB29-33E07DD63ED8}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{6DE47BDE-B9E6-49D7-9487-8A18C1DB0979}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{70F2394D-230F-410B-862A-78D5C66E8871}C:\program files\proengineer student edition\i486_nt\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\proengineer student edition\i486_nt\nms\nmsd.exe |
"TCP Query User{7D452FC9-4FDD-4B00-8C0F-18AAA77934FF}C:\users\freddy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\freddy\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{842A9EEC-FBAB-4BA0-8F4E-C88C0E757C2F}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{8D1DD487-8923-4A9B-AE4B-473FE8CC3A32}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{8E3075BD-A91B-46A5-84AC-6D846AA285B1}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{9271C334-6C83-4AA8-805C-9664395305DA}C:\program files\rockstar games\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe |
"TCP Query User{971CD4D3-5379-4D23-BD7A-B5C6812C7FA6}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{A4478816-F809-4ACE-BC20-95863E2197FF}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{A8E894FC-3EA9-46EA-BD55-B928AF539548}C:\program files\proengineer student edition\i486_nt\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\proengineer student edition\i486_nt\obj\xtop.exe |
"TCP Query User{AE02C50F-6BC9-4E5A-932C-57F389B7D6FB}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{B4A39896-6636-4A63-AE26-63591F33D281}C:\program files\proengineer student edition\i486_nt\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\proengineer student edition\i486_nt\obj\pro_comm_msg.exe |
"TCP Query User{BD8130A5-F066-4F63-B3C1-DE917E52F244}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{BFD4193B-0213-437B-BBA9-E88C4CE4E834}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{C5408C30-E361-46D6-89A5-65168B2EDE13}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"TCP Query User{CDB9818B-D67E-4492-9D1D-1A6C513107BE}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{D4D6836B-3B16-428A-8C7D-C195475486BC}C:\program files\ea sports\fifa online\nfe.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe |
"TCP Query User{D8048D03-7424-465F-A6FB-63B2C29CF213}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{DE9E363C-1029-44A9-B86C-8DCD89C0759F}C:\program files\freeciv-2.1.10-win32\civserver.exe" = protocol=6 | dir=in | app=c:\program files\freeciv-2.1.10-win32\civserver.exe |
"TCP Query User{E3CCF07E-7539-4A88-BA4E-97DEE2854C5A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{E71FB915-E2F4-48D2-AA63-C5652FC662A5}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{F0689AD7-6E9B-47B4-807E-5EB4991454F9}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{F8E7FFD5-D32E-4355-8E30-8FD5960F4AB8}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{01711F82-84B5-4989-A445-5EDEA4FB9BE0}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{0D867EAF-E124-4BFA-B0B9-AB0609CB549C}C:\program files\proengineer student edition\i486_nt\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\proengineer student edition\i486_nt\nms\nmsd.exe |
"UDP Query User{12B496D2-52D1-4620-9584-F2365A5E2920}C:\program files\rockstar games\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe |
"UDP Query User{13A02B25-B1F0-40B8-82C3-5BFC4B00536F}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{1C2EFC75-88C7-4DCB-ACFC-7D117C06331E}C:\users\freddy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\freddy\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{1CB853DD-B950-4860-A11A-72CAB94A0B53}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1CE3E483-356F-424C-A65F-09EB09F26DED}C:\program files\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe |
"UDP Query User{2AC5750E-F106-4CE6-A688-41FFB51345B3}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"UDP Query User{2F2B7767-46D1-4595-B937-4E5EE0F27FC5}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{304D4439-66CF-4B74-A305-EEA74269B0E3}C:\users\freddy\downloads\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\freddy\downloads\eclipse\eclipse.exe |
"UDP Query User{30D28C3E-74F4-483B-9496-0CB432975EA5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{3C189BAD-FC8A-4E3E-8B1A-CED630FEE84D}C:\program files\proengineer student edition\i486_nt\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\proengineer student edition\i486_nt\obj\xtop.exe |
"UDP Query User{47C04BD5-21A7-4F76-9F5F-85664EDCB845}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4AA9C47C-D99E-4D14-9184-D2D0D42D5534}C:\program files\ea sports\fifa online\nfe.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa online\nfe.exe |
"UDP Query User{4D5C115B-CDBF-442C-B4CD-D415135243D4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{538D4552-4D8F-4FF2-9795-39D5D3FDF222}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{5402C0FA-AC1D-4865-8D73-5D7F39519DE1}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{6B722157-A7D6-440F-83E4-BDC09482F795}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{84778502-597E-4240-91A3-4EB89941D9B9}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{87F7227B-1474-4C99-BCC4-8889E2A1F425}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{8E381227-A30D-41B9-987B-D6C56D48C648}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{9292DBA6-BB5B-4B63-89FF-3BD014FB6AF0}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{9BD874E3-2F52-4D39-BCE6-CE21773034A6}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{A109BCDE-C38B-4005-A5B4-7C383F66BB9C}C:\program files\proengineer student edition\i486_nt\obj\ptcvconf.exe" = protocol=17 | dir=in | app=c:\program files\proengineer student edition\i486_nt\obj\ptcvconf.exe |
"UDP Query User{AC0926DA-5ADC-4325-9B38-E213760FCCB1}C:\program files\freeciv-2.1.10-win32\civserver.exe" = protocol=17 | dir=in | app=c:\program files\freeciv-2.1.10-win32\civserver.exe |
"UDP Query User{B691683B-EB2B-437F-938C-959379CA1607}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{B741FFFD-C46F-4124-9859-D43B2D991ADC}C:\program files\joost\xulrunner\tvprunner.exe" = protocol=17 | dir=in | app=c:\program files\joost\xulrunner\tvprunner.exe |
"UDP Query User{BD936C70-1FEA-4B74-8FF9-34CDB1B19378}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{C0A0D508-09EB-48EE-92D3-40B2E62E8FB0}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{C0ADA884-B580-425B-B4BD-70A5E3884C57}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{C12E53B7-78DE-490F-A59D-728C89889CEF}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{C8195DB6-6E81-4FA6-BC7D-F926B028C4C6}C:\program files\proengineer student edition\i486_nt\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\proengineer student edition\i486_nt\obj\pro_comm_msg.exe |
"UDP Query User{C9F8F3D5-B77D-4562-BD7B-04BF015B2584}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{DCFEC4BD-DD64-4A18-ACDE-CB2968E4B201}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{E5282760-BADD-4D50-8B2E-5611A92FCBD6}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{E8EB1139-6795-448F-82A2-A98FA56EABE5}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{ECBAA96E-C645-4C1C-846D-A88E7840B41C}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{EFBC227C-1904-46BA-9350-632FD297DC54}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{F61E57F0-83A0-4B98-91D4-BFA9A17ABBEA}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe |
"UDP Query User{F703FDE7-3D14-4068-AB6A-7F6BE9777A41}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{FF54B688-3519-4712-844F-CE8B1C8B336A}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2AE79B77-E3FA-4F9C-93D7-4FC643516D6A}" = AVG 2013
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C679F9B9-C65D-4C65-BD6C-BF90B859E281}" = USB PC Camera
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D774186B-031F-4186-BC4D-B256B9831B85}" = AVG 2013
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AVG" = AVG 2013
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF Blender" = PDF Blender
"Picasa 3" = Picasa 3
"realMYST Interactive 3D Edition" = realMYST Interactive 3D Edition
"RealPlayer 15.0" = RealPlayer
"ScummVM_is1" = ScummVM 1.5.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TQVault_is1" = TQVault 2.11
"Update Engine" = Sony Ericsson Update Engine
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 2.0.2
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinRAR archiver" = WinRAR
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1500827056-3957875689-2215453943-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks Setup Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.06.2013 22:07:38 | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 19.06.2013 22:07:38 | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18805203
Error - 19.06.2013 22:07:38 | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18805203
[ OSession Events ]
Error - 23.06.2010 05:05:37 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 580
seconds with 420 seconds of active time. This session ended with a crash.
Error - 30.11.2010 11:18:21 | Computer Name = Home-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 347353
seconds with 16680 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 19.06.2013 16:49:11 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7006
Description =
Error - 19.06.2013 16:52:19 | Computer Name = Home-PC | Source = DCOM | ID = 10016
Description =
Error - 19.06.2013 16:52:19 | Computer Name = Home-PC | Source = DCOM | ID = 10016
Description =
Error - 19.06.2013 16:52:22 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.06.2013 16:52:22 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.06.2013 16:52:22 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
20.06.2013, 10:12
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in FirefoxFixen mit OTL
Code:
ATTFilter :OTL
[2011.04.23 20:07:00 | 000,000,120 | ---- | C] () -- C:\Users\Freddy\AppData\Local\Mnubiwa.dat
[2011.04.23 20:07:00 | 000,000,000 | ---- | C] () -- C:\Users\Freddy\AppData\Local\Jjuyi.bin
[2013.06.19 14:54:10 | 000,000,512 | ---- | C] () -- C:\Users\Freddy\Desktop\MBR.dat
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.06.2013, 10:36
| #11 |
| | Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in FirefoxCode:
ATTFilter All processes killed
========== OTL ==========
C:\Users\Freddy\AppData\Local\Mnubiwa.dat moved successfully.
C:\Users\Freddy\AppData\Local\Jjuyi.bin moved successfully.
C:\Users\Freddy\Desktop\MBR.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Freddy\Desktop\V-Scanner\cmd.bat deleted successfully.
C:\Users\Freddy\Desktop\V-Scanner\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Freddy
->Temp folder emptied: 154093125 bytes
->Temporary Internet Files folder emptied: 808031 bytes
->Java cache emptied: 350042 bytes
->FireFox cache emptied: 48701991 bytes
->Flash cache emptied: 3245 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 103283 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46022 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 31493479 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 225,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 06202013_111732
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
20.06.2013, 11:09
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.06.2013, 19:56
| #13 |
| | Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox mbam-log: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.20.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Freddy :: HOME-PC [Administrator] 20.06.2013 12:24:55 mbam-log-2013-06-20 (12-24-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 378836 Laufzeit: 3 Stunde(n), 52 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=57186669914d8345ba07cdf08e744cf9
# engine=14115
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-20 06:30:50
# local_time=2013-06-20 08:30:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1039 16777213 100 92 34711 58887034 0 0
# compatibility_mode=5892 16776574 100 100 81219163 209285778 0 0
# scanned=196524
# found=3
# cleaned=0
# scan_time=12975
sh=CDE683A5E86BE1C26519AF3D1E7DCCCA60D92FC8 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\_OTL\MovedFiles\02272012_235541\C_Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\e785aca-15b7cbe4"
sh=69E79853C4227AF902A71A53F82CF1CCD2D03DC2 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\_OTL\MovedFiles\02272012_235541\C_Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\c669a2-39a01378"
sh=9344652CAED7F50C0B4C3C03CA16A1EFAC4EB5FC ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\_OTL\MovedFiles\02272012_235541\C_Users\Freddy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\448bc1ac-22f7fb7c"
|
|
20.06.2013, 20:10
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox Sieht soweit ok aus, nur Funde in der Q von OTL  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.06.2013, 21:20
| #15 |
| | Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox Super, vielen Dank schonmal! Zu den Cookies: Ich lasse sowieso nie meine Passwörter vom Brwoser speichern. Daher wäre es auch kein Problem für mich, mich jedes Mal wieder komplett neu einzuloggen. Wusste bisher nichts von dieser Möglichkeit, habe jetzt aber unter Einstellungen > Datenschutz > Chronik "Cookies akzeptieren" sowie "Cookies von Drittanbietern akzeptieren" angehakt. Darunter habe ich eingestellt: "Behalten bis: Firefox geschlossen wird". Ist das so, wie du es gemeint hast? Und sollte ich den Haken bei den Drittanbietern auch noch entfernen (was bedeutet das überhaupt genau?)? Wären außerdem die anderen Schritte, die du vorgeschlagen hast, damit überflüssig? Wenn ich das richtig verstanden habe, wäre dieses MVPS Host Files dennoch sinnvoll, oder? Dann wäre da noch eine weitere Sache, die mir vorhin erst wieder aufgefallen ist: Auf einigen Seiten mit Eingabefeldern, wie zum Beispiel bei der Bahnseite, öffnet sich bei mir ein spezielles Such-Tool (im Beispiel der Bahnseite, wenn ich Start- und Zielbahnhof eingeben möchte). Bisher habe ich immer gedacht, das sei von Firefox selbst. Jetzt bin ich mal darauf gekommen, das genauer zu untersuchen und habe festgestellt, dass sich dahinter etwas names "searchcompletion.com" verbirgt. Über google habe ich zumindest schonmal erfahren, dass das an sich nicht schädlich ist, aber einige Lücken für Malware bringt. Weißt du, wie ich das noch loswerden könnte? Viele Grüße Freddy |
|
| Themen zu Yontoo 2.053 lässt sich nicht deinstallieren / Werbebanner in Firefox |
| autorun, avg, avg secure search, avg security toolbar, bho, bonjour, cid, converter, defender, desktop, error, fehler, firefox, flash player, format, home, install.exe, logfile, mozilla, nodrives, object, plug-in, programm, realtek, registry, secure search, security, software, vista, vtoolbarupdater, werbung |
Textbox. 
Linear-Darstellung
