Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschen (https://www.trojaner-board.de/107114-tabs-oeffnen-automatisch-reg-eintrag-laesst-mbam-loeschen.html)

joebacka 28.12.2011 19:36
tabs öffnen sich automatisch, reg-Eintrag lässt sich mit mbam nicht löschen
 
Hallo Leute,

Ich glaube ich habe mir einen Virus eingefangen, der nicht so leicht zu entfernen ist. Es hat vor ein paar Tagen angefangen und zwar meldete sich avira dauernd zu wort:

In der Datei 'C:\Users\Johannes\AppData\Local\2bde10f3\U\800000cb.@'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Löschen oder in Quarantäne verschieben hat nicht geholfen. Daraufhin habe ich mir mbam runtergeladen und einen scan laufen lassen und alle Funde gelöscht.
Jetzt kommt zwar nicht mehr die avira meldung, aber den Virus bin ich immer noch nicht los.

Zum Einen öffnet sich in regelmäßigen Abständen automatisch ein Tab (irgendwas mit mediashifting.com/...). Zum Anderen findet mbam immer wieder den selben Regestryeintrag der nicht verschwindet (HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\Johannes\AppData\Local\2bde10f3\X). Komischerweise gibts den Ordner 2bde10f3 gar nicht unter ..\Local\.

Ich hoffe ihr könnt mir weiterhelfen, denn ich würde nur sehr ungern mein System neu aufsetzen.

PS: Mein Betriebssystem ist Win 7 Professional SP1 64-bit

Chris4You 28.12.2011 20:37
Hi,
Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

chris

joebacka 29.12.2011 00:46
mbam log:

Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.28.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Johannes :: JOE [Administrator]

28.12.2011 23:16:24
mbam-log-2011-12-28 (23-16-24).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 421071
Laufzeit: 1 Stunde(n), 24 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\Johannes\AppData\Local\2bde10f3\X -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
OLT-log
Code:
OTL logfile created on: 28.12.2011 23:18:09 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Johannes\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 38,45% Memory free
8,00 Gb Paging File | 5,21 Gb Available in Paging File | 65,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 500,00 Gb Total Space | 373,68 Gb Free Space | 74,74% Space Free | Partition Type: NTFS
Drive D: | 1363,01 Gb Total Space | 556,32 Gb Free Space | 40,82% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 465,38 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
 
Computer Name: JOE | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Johannes\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe (ROCCAT GmbH)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\0k9685op.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko8\WINNT_x86-msvc\SSSLauncher.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Java\jre6\bin\jp2native.dll ()
MOD - C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AODService) -- C:\Program Files (x86)\Tuning\AMD Overdrive\AODAssist.exe ()
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.)
DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.)
DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.)
DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (asusgsb) -- C:\Windows\SysNative\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV:64bit: - (KoneFltr) -- C:\Windows\SysNative\drivers\Kone.sys (ROCCAT Ltd)
DRV - (AODDriver4.01) -- C:\Program Files (x86)\Tuning\AMD Overdrive\amd64\AODDriver2.sys (Advanced Micro Devices)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 0B 82 1E F8 BF CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "hxxp://www.hsv.de/index.php?id=16043"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.8
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.02.09 19:50:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.02.09 19:50:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.29 08:39:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.28 21:49:53 | 000,000,000 | ---D | M]
 
[2011.03.30 19:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions
[2011.03.30 19:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.27 11:31:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions
[2011.12.16 22:44:15 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.12.21 20:53:13 | 000,000,000 | ---D | M] ("UltraSurf Firefox Tool") -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2011.05.15 09:25:16 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.12.21 20:53:12 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\firefox@tvunetworks.com
[2010.12.21 20:53:13 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\moveplayer@movenetworks.com
[2011.04.02 17:42:58 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\vshare@toolbar
[2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\0k9685op.default\searchplugins\conduit.xml
[2011.11.29 08:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0K9685OP.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0K9685OP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0K9685OP.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
() (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0K9685OP.DEFAULT\EXTENSIONS\{E0204BD5-9D31-402B-A99D-A6AA8FFEBDCA}.XPI
[2011.11.29 08:39:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.12.22 15:57:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.23 02:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.23 02:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.23 02:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.23 02:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.23 02:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.23 02:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E578DDC-AFD0-42A7-B617-DDBB64557420}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Johannes\AppData\Local\2bde10f3\X) -C:\Users\Johannes\AppData\Local\2bde10f3\X ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cd6a2aeb-0d4e-11e0-867e-6c626d85fadc}\Shell - "" = AutoRun
O33 - MountPoints2\{cd6a2aeb-0d4e-11e0-867e-6c626d85fadc}\Shell\AutoRun\command - "" = L:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.28 23:16:49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2011.12.22 09:23:41 | 000,000,000 | -HSD | C] -- C:\Users\Johannes\AppData\Local\2bde10f3
[2011.12.14 09:24:25 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.12.14 09:24:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.12.14 09:24:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.12.14 09:24:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.12.14 09:24:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.12.14 09:24:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.12.14 09:24:23 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.12.14 09:24:23 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.12.14 09:24:23 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.12.14 09:24:22 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.12.14 09:24:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.12.14 09:22:08 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011.12.14 09:21:53 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.12.14 09:21:53 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.12.12 22:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.12.12 22:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011.12.12 22:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.12.09 16:11:52 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\Sky
[2011.12.08 20:08:50 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\2011_12_08
[2011.12.08 00:39:26 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Tor
[2011.12.08 00:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bundle
[2011.12.08 00:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vidalia Bundle
[2011.12.08 00:39:25 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Vidalia
[2011.12.08 00:37:03 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tor
[2011.12.08 00:12:47 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\utmp
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.28 23:16:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2011.12.28 20:18:40 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.28 20:18:40 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.28 17:45:11 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011.12.28 14:12:02 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.12.28 13:47:24 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.28 13:47:24 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.28 13:47:24 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.28 13:47:24 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.28 13:47:24 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.28 13:43:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.28 13:42:59 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.27 22:42:01 | 000,538,052 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_3.JPG
[2011.12.27 22:41:57 | 000,569,812 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_2.JPG
[2011.12.27 22:41:54 | 000,565,191 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_1.JPG
[2011.12.27 22:41:50 | 000,572,077 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_3.jpg
[2011.12.27 22:41:47 | 000,511,469 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_2.jpg
[2011.12.27 22:41:45 | 000,568,741 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_1.JPG
[2011.12.21 16:49:03 | 000,000,600 | ---- | M] () -- C:\Users\Johannes\PUTTY.RND
[2011.12.20 19:36:53 | 000,139,966 | ---- | M] () -- C:\Users\Johannes\Desktop\Targobank.pdf
[2011.12.20 15:16:00 | 000,000,213 | ---- | M] () -- C:\Users\Johannes\Desktop\u.ini
[2011.12.14 15:59:31 | 000,339,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.08 19:44:19 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.08 00:12:13 | 001,249,280 | ---- | M] () -- C:\Users\Johannes\Desktop\U1103.exe
[2011.12.06 23:40:50 | 001,671,629 | ---- | M] () -- C:\Users\Johannes\Desktop\Marktuebersicht_CI+_geeigneter_Empfangsgeraete.pdf
[2011.12.03 10:39:59 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.28 17:45:11 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011.12.27 22:42:01 | 000,538,052 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_3.JPG
[2011.12.27 22:41:57 | 000,569,812 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_2.JPG
[2011.12.27 22:41:54 | 000,565,191 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_1.JPG
[2011.12.27 22:41:50 | 000,572,077 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_3.jpg
[2011.12.27 22:41:47 | 000,511,469 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_2.jpg
[2011.12.27 22:41:45 | 000,568,741 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_1.JPG
[2011.12.20 19:36:53 | 000,139,966 | ---- | C] () -- C:\Users\Johannes\Desktop\Targobank.pdf
[2011.12.08 00:20:40 | 000,000,213 | ---- | C] () -- C:\Users\Johannes\Desktop\u.ini
[2011.12.08 00:12:13 | 001,249,280 | ---- | C] () -- C:\Users\Johannes\Desktop\U1103.exe
[2011.12.08 00:08:07 | 000,000,600 | ---- | C] () -- C:\Users\Johannes\PUTTY.RND
[2011.12.06 23:40:50 | 001,671,629 | ---- | C] () -- C:\Users\Johannes\Desktop\Marktuebersicht_CI+_geeigneter_Empfangsgeraete.pdf
[2011.12.03 10:39:59 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.18 18:04:04 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.09.20 18:28:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011.09.20 18:28:58 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011.09.02 12:42:42 | 000,000,843 | ---- | C] () -- C:\Windows\wiso.ini
[2011.07.17 22:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.05.16 07:30:28 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.26 12:19:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.01.26 20:21:26 | 000,000,000 | ---- | C] () -- C:\Users\Johannes\AppData\Local\STAR.trace
[2011.01.26 13:56:35 | 000,003,278 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\SerialClonerPrefs
[2010.12.27 15:31:39 | 000,000,017 | ---- | C] () -- C:\Users\Johannes\AppData\Local\resmon.resmoncfg
[2010.12.22 17:45:19 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.12.21 21:29:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.10.05 00:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

< End of report >
OLT-Extras log:
Code:
OTL Extras logfile created on: 28.12.2011 23:18:09 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Johannes\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 38,45% Memory free
8,00 Gb Paging File | 5,21 Gb Available in Paging File | 65,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 500,00 Gb Total Space | 373,68 Gb Free Space | 74,74% Space Free | Partition Type: NTFS
Drive D: | 1363,01 Gb Total Space | 556,32 Gb Free Space | 40,82% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 465,38 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
 
Computer Name: JOE | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10ADF519-706B-6EC7-A1A7-A2580D920457}" = AMD Catalyst Install Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series" = Canon MX320 series MP Drivers
"{2AF2EABE-CF18-CACB-E57C-A4902A3C36C8}" = AMD Media Foundation Decoders
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5DF57DB1-D971-3DA3-B4BB-F6FC7D73A997}" = AMD Drag and Drop Transcoding
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C95F41B-70D9-7EF8-BC80-B1C896B5B747}" = AMD Fuel
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90AB246D-A0A0-29EA-199A-4B07841E0737}" = ATI AVIVO64 Codecs
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D79C2CD4-7BCC-60AC-76C9-834CEEF1CDBE}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.00 Beta 3 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer 2011
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo
"{1DA27F36-93EB-E82F-2DA3-48F13C0153CD}" = Catalyst Control Center InstallProxy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.0
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{330D5210-3C4F-E632-2714-BE23C7C10B9F}" = Catalyst Control Center Graphics Previews Common
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{434D0FA0-AB8C-497F-B30A-7A1000018201}" = DiRT 3
"{43544FB5-BC1D-939A-7FDA-F7F3E5AEC35B}" = AMD VISION Engine Control Center
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F6F7929-56E8-4FAE-92A8-6B86108D07C1}" = LG United Mobile Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{78D2854E-5DBF-11E7-B41F-47D203C8ED66}" = CCC Help English
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5676-5A64-A00000000003}" = Adobe Reader Extended Language Support Font Pack
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B99CB207-4704-4C51-9309-0FA90AA26DD4}" = ROCCAT Kone[+] Mouse Driver
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D7AF16E7-5938-4369-BA54-B1ABD541BC32}" = Utility
"{DAD5AC93-8518-4F46-A5FE-E63FEE791B6F}" = AMD OverDrive
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Afterburner" = MSI Afterburner 2.0.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Call of Duty Black Ops GERMAN Uncut 1.00" = Call of Duty Black Ops GERMAN Uncut 1.00
"Core Damage 0.8h" = Core Damage 0.8h
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"DivX Setup.divx.com" = DivX-Setup
"Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
"Fraps" = Fraps
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Mafia II_is1" = Mafia II DLC Joe's Adventures
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"OpenAL" = OpenAL
"Polipo" = Polipo 1.0.4.1
"Postal 2_is1" = Portal 2
"PyMOL" = PyMOL
"SopCast" = SopCast 3.3.2
"SpeedFan" = SpeedFan (remove only)
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 33230" = Assassin's Creed II
"Tor" = Tor 0.2.2.34
"Veetle TV" = Veetle TV 0.9.18
"Vidalia" = Vidalia 0.2.15
"VLC media player" = VLC media player 1.1.11
"xvid" = XviD MPEG-4 Video Codec
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.12.2011 05:32:17 | Computer Name = Joe | Source = Windows Search Service | ID = 3029
Description =
 
Error - 04.12.2011 05:32:17 | Computer Name = Joe | Source = Windows Search Service | ID = 3028
Description =
 
Error - 04.12.2011 05:32:17 | Computer Name = Joe | Source = Windows Search Service | ID = 3058
Description =
 
Error - 04.12.2011 05:32:17 | Computer Name = Joe | Source = Windows Search Service | ID = 7010
Description =
 
Error - 07.12.2011 19:16:56 | Computer Name = Joe | Source = Application Hang | ID = 1002
Description = Programm U1103.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1154    Startzeit:
 01ccb535bb52298e    Endzeit: 5    Anwendungspfad: C:\Users\Johannes\Desktop\U1103.exe    Berichts-ID:
 8bfa7f7e-2129-11e1-ae48-6c626d85fadc 
 
Error - 07.12.2011 19:18:33 | Computer Name = Joe | Source = Application Hang | ID = 1002
Description = Programm U1103.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 4cc    Startzeit:
01ccb5365bb08003    Endzeit: 16    Anwendungspfad: C:\Users\Johannes\Desktop\U1103.exe    Berichts-ID:
 c5efef55-2129-11e1-ae48-6c626d85fadc 
 
Error - 11.12.2011 17:54:37 | Computer Name = Joe | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 8.0.1.4341 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 624    Startzeit:
01ccb796e716a229    Endzeit: 41    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 
 
Error - 19.12.2011 17:51:40 | Computer Name = Joe | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 8.0.1.4341 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e0c    Startzeit:
01ccbe186f0fda78    Endzeit: 18    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 9e928b07-2a8b-11e1-8dcb-6c626d85fadc 
 
Error - 28.12.2011 09:20:56 | Computer Name = Joe | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000070a02ad000
ID
 des fehlerhaften Prozesses: 0x738  Startzeit der fehlerhaften Anwendung: 0x01ccc563159d8383
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: c5c780a5-3156-11e1-817f-6c626d85fadc
 
Error - 28.12.2011 12:19:56 | Computer Name = Joe | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.51.0.1118, Zeitstempel:
 0x4e5e8e67  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x61746144  ID des fehlerhaften Prozesses:
 0xb50  Startzeit der fehlerhaften Anwendung: 0x01ccc57c842cf7ad  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: c72e6532-316f-11e1-817f-6c626d85fadc
 
[ System Events ]
Error - 27.12.2011 06:18:09 | Computer Name = Joe | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 27.12.2011 06:18:09 | Computer Name = Joe | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 27.12.2011 06:18:09 | Computer Name = Joe | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 27.12.2011 06:18:09 | Computer Name = Joe | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 27.12.2011 06:18:09 | Computer Name = Joe | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 27.12.2011 06:18:09 | Computer Name = Joe | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 27.12.2011 06:20:13 | Computer Name = Joe | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 27.12.2011 17:58:40 | Computer Name = Joe | Source = DCOM | ID = 10010
Description =
 
Error - 28.12.2011 08:43:59 | Computer Name = Joe | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 28.12.2011 08:55:49 | Computer Name = Joe | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows-Fehlerberichterstattungsdienst erreicht.
 
 
< End of report >

Chris4You 29.12.2011 07:30
Hi,

Dateien Online überprüfen lassen
  • Suche die Seite Virustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
C:\Users\Johannes\Desktop\U1103.exe
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Fix für OTL
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O20 - HKCU Winlogon: Shell - (C:\Users\Johannes\AppData\Local\2bde10f3\X) -C:\Users\Johannes\AppData\Local\2bde10f3\X ()
[2011.12.22 09:23:41 | 000,000,000 | -HSD | C] -- C:\Users\Johannes\AppData\Local\2bde10f3
:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

Superantispyware (SASW):
http://www.trojaner-board.de/51871-a...tispyware.html

chris

joebacka 29.12.2011 11:20
VirusTotal:

Code:
Antivirus        Version        Last Update        Result
AhnLab-V3        2011.12.28.03        2011.12.28        -
AntiVir        7.11.20.64        2011.12.29        -
Antiy-AVL        2.0.3.7        2011.12.29        NetTool/Win32.UltraSurf.gen
Avast        6.0.1289.0        2011.12.28        -
AVG        10.0.0.1190        2011.12.29        -
BitDefender        7.2        2011.12.29        -
ByteHero        1.0.0.1        2011.12.07        -
CAT-QuickHeal        12.00        2011.12.29        NetTool.UltraSurf.ku (Not a Virus)
ClamAV        0.97.3.0        2011.12.29        -
Commtouch        5.3.2.6        2011.12.29        W32/MalCrypt.E.gen!Eldorado
Comodo        11126        2011.12.29        Application.Win32.NetTool.UltraSurf.KU
DrWeb        5.0.2.03300        2011.12.29        -
Emsisoft        5.1.0.11        2011.12.29        -
eSafe        7.0.17.0        2011.12.29        -
eTrust-Vet        37.0.9652        2011.12.29        -
F-Prot        4.6.5.141        2011.12.28        W32/MalCrypt.E.gen!Eldorado
F-Secure        9.0.16440.0        2011.12.29        -
Fortinet        4.3.388.0        2011.12.29        -
GData        22        2011.12.29        -
Ikarus        T3.1.1.109.0        2011.12.29        -
Jiangmin        13.0.900        2011.12.28        -
K7AntiVirus        9.120.5796        2011.12.28        -
Kaspersky        9.0.0.837        2011.12.29        not-a-virus:NetTool.Win32.UltraSurf.ku
McAfee        5.400.0.1158        2011.12.29        -
McAfee-GW-Edition        2010.1E        2011.12.29        -
Microsoft        1.7903        2011.12.29        -
NOD32        6751        2011.12.29        Win32/UltraReach
Norman        6.07.13        2011.12.28        -
nProtect        2011-12-29.01        2011.12.29        -
Panda        10.0.3.5        2011.12.29        Generic Malware
PCTools        8.0.0.5        2011.12.29        -
Prevx        3.0        2011.12.29        -
Rising        23.90.03.02        2011.12.29        Trojan.Win32.Generic.12ACD4D8
Sophos        4.72.0        2011.12.29        -
SUPERAntiSpyware        4.40.0.1006        2011.12.28        -
Symantec        20111.2.0.82        2011.12.29        -
TheHacker        6.7.0.1.367        2011.12.29        -
TrendMicro        9.500.0.1008        2011.12.29        ADW_SCANNER
TrendMicro-HouseCall        9.500.0.1008        2011.12.29        ADW_SCANNER
VIPRE        11319        2011.12.29        Trojan.Win32.Generic!BT
ViRobot        2011.12.29.4853        2011.12.29        -
VirusBuster        14.1.138.0        2011.12.28        HackTool.UltraSurf!icgEMaAh37E
Additional information
MD5  : 0fa5a44db46d695514eb288203ed3f15
SHA1  : 08a234aa86036fcd1a208994b88668ee5ac0b851
SHA256: 0c6b0c57b33d031a0e4937022c1ee1f180692740251e8c8339a5b449219e5bb9
ssdeep: 24576:2htOJF7fjodcrAh2LbBa4QhdvdL6sgMUQhG+oomy0r0DO/:2LO3LjouAh2LbOLdLAqooE
File size : 1249280 bytes
First seen: 2011-11-23 04:31:17
Last seen : 2011-12-29 09:44:49
TrID:
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x691000
timedatestamp....: 0x4ECC7489 (Wed Nov 23 04:20:25 2011)
machinetype......: 0x14c (I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
, 0x1000, 0x4CB000, 0x61000, 7.96, dda8d09658e5fbb538a590eb86fc6eca
.rsrc, 0x4CC000, 0xD020, 0x5000, 6.43, 08220ce3b1c2cef59c519706ac685aaf
.idata , 0x4DA000, 0x1000, 0x1000, 0.22, 4383b2c57892fbcd1ce69670ce301e9c
, 0x4DB000, 0xEF000, 0x1000, 0.04, 343714dcf6ce58d153a8389ff7942a39
pemhjtco, 0x5CA000, 0xC7000, 0xC7000, 7.84, 82660e9f89c41e9908dfd5c819eef669
goqgwarp, 0x691000, 0x1000, 0x1000, 0.84, 7bbb0aaf7fd4216935ca76cb1a512d88

[[ 2 import(s) ]]
kernel32.dll: lstrcpy
comctl32.dll: InitCommonControls

[[ 2 export(s) ]]
_EXECryptor_GetHardwareID@0, _EXECryptor_IsAppProtected@0
ExifTool:
file metadata
CodeSize: 348160
EntryPoint: 0x691000
FileSize: 1220 kB
FileType: Win32 EXE
ImageVersion: 0.0
InitializedDataSize: 4734976
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2011:11:23 05:20:25+01:00
UninitializedDataSize: 0

VT Community

    User:
    Anonymous
    Reputation:
    1 credits
    Comment date:
    2011-11-25 05:13:12 (UTC)
    Tags: Goodware, eldorado, themida, malcrypt

Was this comment helpful? Yes (2) | No (0) | Report abuse

    User:
    Anonymous
    Reputation:
    1 credits
    Comment date:
    2011-11-26 15:16:43 (UTC)
    xylitol reported the previous edition as a malware

    so be carful
    Tags: ultrasurf, nettool, eldorado

Was this comment helpful? Yes (0) | No (4) | Report abuse

    User:
    Anonymous
    Reputation:
    1 credits
    Comment date:
    2011-12-20 21:27:26 (UTC)
    Tags: Malware, ultrasurf, nettool, eldorado

Was this comment helpful? Yes (0) | No (2) | Report abuse

    User:
    Anonymous
    Reputation:
    1 credits
    Comment date:
    2011-12-21 14:39:48 (UTC)
    UltraSurf. Tool to browse the web with a proxy. Goodware.
    Tags: Goodware, ultrasurf, nettool, eldorado

Was this comment helpful? Yes (1) | No (0) | Report abuse

    User:
    Drexter
    Reputation:
    27129 credits
    Comment date:
    2011-12-27 14:38:35 (UTC)
    Goodware

    Ultrasurf is a product of Ultrareach Internet Corporation. Originally created to help
    internet users in China find security and freedom online, Ultrasurf has now become the
    world's most popular pro-privacy, anti-censorship software, with millions of people using
    it to bypass firewalls and protect their identity online.
OLT-Fix-Log (Result-Fenster gabs nicht, nach dem automatischen Neustart kam nur die Fix-Log):

Code:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Johannes\AppData\Local\2bde10f3\X deleted successfully.
File \Users\Johannes\AppData\Local\2bde10f3\X) -C:\Users\Johannes\AppData\Local\2bde10f3\X not found.
C:\Users\Johannes\AppData\Local\2bde10f3\U folder moved successfully.
Folder move failed. C:\Users\Johannes\AppData\Local\2bde10f3 scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Johannes
->Temp folder emptied: 5877111 bytes
->Temporary Internet Files folder emptied: 184336299 bytes
->Java cache emptied: 6407004 bytes
->FireFox cache emptied: 58980912 bytes
->Flash cache emptied: 746 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4857232 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 895895 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 8936800501 bytes
 
Total Files Cleaned = 8.772,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 12292011_110152

Files\Folders moved on Reboot...
C:\Users\Johannes\AppData\Local\2bde10f3 folder moved successfully.
C:\Users\Johannes\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
TDSS-Report:
Code:
11:13:16.0531 1708        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
11:13:16.0718 1708        ============================================================
11:13:16.0718 1708        Current date / time: 2011/12/29 11:13:16.0718
11:13:16.0718 1708        SystemInfo:
11:13:16.0718 1708       
11:13:16.0719 1708        OS Version: 6.1.7601 ServicePack: 1.0
11:13:16.0719 1708        Product type: Workstation
11:13:16.0719 1708        ComputerName: JOE
11:13:16.0719 1708        UserName: Johannes
11:13:16.0719 1708        Windows directory: C:\Windows
11:13:16.0719 1708        System windows directory: C:\Windows
11:13:16.0719 1708        Running under WOW64
11:13:16.0719 1708        Processor architecture: Intel x64
11:13:16.0719 1708        Number of processors: 4
11:13:16.0719 1708        Page size: 0x1000
11:13:16.0719 1708        Boot type: Normal boot
11:13:16.0719 1708        ============================================================
11:13:18.0601 1708        Initialize success
11:13:48.0726 3628        ============================================================
11:13:48.0726 3628        Scan started
11:13:48.0726 3628        Mode: Manual;
11:13:48.0726 3628        ============================================================
11:13:50.0151 3628        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:13:50.0164 3628        1394ohci - ok
11:13:50.0217 3628        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:13:50.0220 3628        ACPI - ok
11:13:50.0233 3628        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:13:50.0236 3628        AcpiPmi - ok
11:13:50.0399 3628        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:13:50.0422 3628        adp94xx - ok
11:13:50.0448 3628        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:13:50.0462 3628        adpahci - ok
11:13:50.0485 3628        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:13:50.0491 3628        adpu320 - ok
11:13:50.0536 3628        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
11:13:50.0550 3628        AFD - ok
11:13:50.0573 3628        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:13:50.0578 3628        agp440 - ok
11:13:50.0611 3628        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:13:50.0614 3628        aliide - ok
11:13:50.0699 3628        ALSysIO - ok
11:13:50.0748 3628        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:13:50.0752 3628        amdide - ok
11:13:50.0777 3628        amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
11:13:50.0781 3628        amdiox64 - ok
11:13:50.0797 3628        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:13:50.0802 3628        AmdK8 - ok
11:13:51.0245 3628        amdkmdag        (5b03217859b014b090cb5060c1d96875) C:\Windows\system32\DRIVERS\atikmdag.sys
11:13:51.0369 3628        amdkmdag - ok
11:13:51.0413 3628        amdkmdap        (35d2184a99ad4cd5d17284d6c9f382c9) C:\Windows\system32\DRIVERS\atikmpag.sys
11:13:51.0417 3628        amdkmdap - ok
11:13:51.0452 3628        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:13:51.0454 3628        AmdPPM - ok
11:13:51.0512 3628        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:13:51.0518 3628        amdsata - ok
11:13:51.0543 3628        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:13:51.0557 3628        amdsbs - ok
11:13:51.0571 3628        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:13:51.0575 3628        amdxata - ok
11:13:51.0606 3628        Andbus          (48cd7e6520d47d62eab0e6ce3ec30c65) C:\Windows\system32\DRIVERS\lgandbus64.sys
11:13:51.0612 3628        Andbus - ok
11:13:51.0655 3628        AndDiag        (08cbacc00d15dcdbbaae1a7c8f231c61) C:\Windows\system32\DRIVERS\lganddiag64.sys
11:13:51.0679 3628        AndDiag - ok
11:13:51.0697 3628        AndGps          (cea9a4cd6b3a83428ce8501240833668) C:\Windows\system32\DRIVERS\lgandgps64.sys
11:13:51.0704 3628        AndGps - ok
11:13:51.0774 3628        ANDModem        (e2b5663e547fa5e756b253efa8ec8286) C:\Windows\system32\DRIVERS\lgandmodem64.sys
11:13:51.0778 3628        ANDModem - ok
11:13:51.0950 3628        AODDriver4.01  (b6b9f2c57193409c8b692ffaf509d21b) C:\Program Files (x86)\Tuning\AMD Overdrive\amd64\AODDriver2.sys
11:13:51.0989 3628        AODDriver4.01 - ok
11:13:52.0076 3628        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:13:52.0103 3628        AppID - ok
11:13:52.0147 3628        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:13:52.0153 3628        arc - ok
11:13:52.0167 3628        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:13:52.0172 3628        arcsas - ok
11:13:52.0214 3628        asusgsb        (a4398a8914c32f18ec2ab562cba3caaf) C:\Windows\system32\drivers\asusgsb.sys
11:13:52.0217 3628        asusgsb - ok
11:13:52.0246 3628        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:13:52.0249 3628        AsyncMac - ok
11:13:52.0279 3628        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:13:52.0280 3628        atapi - ok
11:13:52.0362 3628        AtiHDAudioService (dbb487d09f56c674430ac454fd8bcab9) C:\Windows\system32\drivers\AtihdW76.sys
11:13:52.0378 3628        AtiHDAudioService - ok
11:13:52.0381 3628        atillk64 - ok
11:13:52.0416 3628        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
11:13:52.0422 3628        avgntflt - ok
11:13:52.0455 3628        avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
11:13:52.0461 3628        avipbb - ok
11:13:52.0500 3628        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
11:13:52.0504 3628        avkmgr - ok
11:13:52.0530 3628        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:13:52.0540 3628        b06bdrv - ok
11:13:52.0574 3628        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:13:52.0582 3628        b57nd60a - ok
11:13:52.0593 3628        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:13:52.0595 3628        Beep - ok
11:13:52.0631 3628        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:13:52.0636 3628        blbdrive - ok
11:13:52.0664 3628        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:13:52.0676 3628        bowser - ok
11:13:52.0692 3628        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:13:52.0698 3628        BrFiltLo - ok
11:13:52.0720 3628        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:13:52.0730 3628        BrFiltUp - ok
11:13:52.0756 3628        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:13:52.0765 3628        Brserid - ok
11:13:52.0784 3628        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:13:52.0789 3628        BrSerWdm - ok
11:13:52.0803 3628        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:13:52.0805 3628        BrUsbMdm - ok
11:13:52.0812 3628        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:13:52.0815 3628        BrUsbSer - ok
11:13:52.0836 3628        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:13:52.0841 3628        BTHMODEM - ok
11:13:52.0866 3628        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:13:52.0871 3628        cdfs - ok
11:13:52.0897 3628        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:13:52.0904 3628        cdrom - ok
11:13:52.0930 3628        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:13:52.0935 3628        circlass - ok
11:13:52.0962 3628        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:13:52.0966 3628        CLFS - ok
11:13:53.0006 3628        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:13:53.0009 3628        CmBatt - ok
11:13:53.0037 3628        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:13:53.0043 3628        cmdide - ok
11:13:53.0079 3628        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
11:13:53.0104 3628        CNG - ok
11:13:53.0123 3628        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:13:53.0130 3628        Compbatt - ok
11:13:53.0145 3628        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:13:53.0149 3628        CompositeBus - ok
11:13:53.0233 3628        cpuz134        (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys
11:13:53.0257 3628        cpuz134 - ok
11:13:53.0285 3628        cpuz135 - ok
11:13:53.0306 3628        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:13:53.0315 3628        crcdisk - ok
11:13:53.0357 3628        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:13:53.0368 3628        CSC - ok
11:13:53.0410 3628        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:13:53.0416 3628        DfsC - ok
11:13:53.0437 3628        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:13:53.0441 3628        discache - ok
11:13:53.0464 3628        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:13:53.0476 3628        Disk - ok
11:13:53.0528 3628        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:13:53.0539 3628        drmkaud - ok
11:13:53.0576 3628        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:13:53.0589 3628        DXGKrnl - ok
11:13:53.0692 3628        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:13:53.0726 3628        ebdrv - ok
11:13:53.0735 3628        EIO64 - ok
11:13:53.0773 3628        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:13:53.0781 3628        elxstor - ok
11:13:53.0805 3628        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:13:53.0808 3628        ErrDev - ok
11:13:53.0835 3628        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:13:53.0840 3628        exfat - ok
11:13:53.0858 3628        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:13:53.0871 3628        fastfat - ok
11:13:53.0912 3628        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:13:53.0919 3628        fdc - ok
11:13:53.0946 3628        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:13:53.0963 3628        FileInfo - ok
11:13:53.0977 3628        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:13:53.0985 3628        Filetrace - ok
11:13:54.0005 3628        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:13:54.0008 3628        flpydisk - ok
11:13:54.0050 3628        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:13:54.0060 3628        FltMgr - ok
11:13:54.0082 3628        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:13:54.0087 3628        FsDepends - ok
11:13:54.0101 3628        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:13:54.0105 3628        Fs_Rec - ok
11:13:54.0153 3628        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:13:54.0202 3628        fvevol - ok
11:13:54.0222 3628        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:13:54.0228 3628        gagp30kx - ok
11:13:54.0244 3628        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:13:54.0249 3628        hcw85cir - ok
11:13:54.0292 3628        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:13:54.0315 3628        HdAudAddService - ok
11:13:54.0355 3628        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:13:54.0356 3628        HDAudBus - ok
11:13:54.0371 3628        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:13:54.0379 3628        HidBatt - ok
11:13:54.0400 3628        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:13:54.0405 3628        HidBth - ok
11:13:54.0427 3628        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:13:54.0431 3628        HidIr - ok
11:13:54.0452 3628        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:13:54.0455 3628        HidUsb - ok
11:13:54.0480 3628        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:13:54.0485 3628        HpSAMD - ok
11:13:54.0544 3628        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:13:54.0559 3628        HTTP - ok
11:13:54.0586 3628        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:13:54.0597 3628        hwpolicy - ok
11:13:54.0625 3628        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:13:54.0633 3628        i8042prt - ok
11:13:54.0670 3628        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:13:54.0677 3628        iaStorV - ok
11:13:54.0711 3628        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:13:54.0720 3628        iirsp - ok
11:13:54.0896 3628        IntcAzAudAddService (a0c2c3d4c03c4fb896cfc53873784178) C:\Windows\system32\drivers\RTKVHD64.sys
11:13:54.0914 3628        IntcAzAudAddService - ok
11:13:54.0966 3628        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:13:54.0993 3628        intelide - ok
11:13:55.0020 3628        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:13:55.0025 3628        intelppm - ok
11:13:55.0056 3628        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:13:55.0072 3628        IpFilterDriver - ok
11:13:55.0110 3628        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:13:55.0115 3628        IPMIDRV - ok
11:13:55.0128 3628        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:13:55.0133 3628        IPNAT - ok
11:13:55.0159 3628        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:13:55.0162 3628        IRENUM - ok
11:13:55.0186 3628        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:13:55.0190 3628        isapnp - ok
11:13:55.0203 3628        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:13:55.0210 3628        iScsiPrt - ok
11:13:55.0239 3628        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:13:55.0243 3628        kbdclass - ok
11:13:55.0266 3628        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:13:55.0269 3628        kbdhid - ok
11:13:55.0314 3628        KoneFltr        (b6d6f12c214de823fa22709f7bd0eb0b) C:\Windows\system32\drivers\Kone.sys
11:13:55.0320 3628        KoneFltr - ok
11:13:55.0343 3628        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
11:13:55.0349 3628        KSecDD - ok
11:13:55.0372 3628        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
11:13:55.0379 3628        KSecPkg - ok
11:13:55.0392 3628        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:13:55.0396 3628        ksthunk - ok
11:13:55.0422 3628        LgBttPort - ok
11:13:55.0430 3628        lgbusenum - ok
11:13:55.0438 3628        LGVMODEM - ok
11:13:55.0477 3628        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:13:55.0482 3628        lltdio - ok
11:13:55.0513 3628        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:13:55.0519 3628        LSI_FC - ok
11:13:55.0532 3628        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:13:55.0538 3628        LSI_SAS - ok
11:13:55.0563 3628        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:13:55.0568 3628        LSI_SAS2 - ok
11:13:55.0582 3628        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:13:55.0588 3628        LSI_SCSI - ok
11:13:55.0611 3628        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:13:55.0617 3628        luafv - ok
11:13:55.0629 3628        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:13:55.0634 3628        megasas - ok
11:13:55.0654 3628        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:13:55.0662 3628        MegaSR - ok
11:13:55.0757 3628        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:13:55.0770 3628        Modem - ok
11:13:55.0805 3628        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:13:55.0806 3628        monitor - ok
11:13:55.0841 3628        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:13:55.0846 3628        mouclass - ok
11:13:55.0874 3628        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:13:55.0877 3628        mouhid - ok
11:13:55.0910 3628        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:13:55.0914 3628        mountmgr - ok
11:13:55.0929 3628        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:13:55.0947 3628        mpio - ok
11:13:55.0963 3628        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:13:55.0973 3628        mpsdrv - ok
11:13:56.0002 3628        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:13:56.0030 3628        MRxDAV - ok
11:13:56.0061 3628        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:13:56.0067 3628        mrxsmb - ok
11:13:56.0109 3628        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:13:56.0133 3628        mrxsmb10 - ok
11:13:56.0150 3628        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:13:56.0155 3628        mrxsmb20 - ok
11:13:56.0192 3628        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:13:56.0196 3628        msahci - ok
11:13:56.0240 3628        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:13:56.0261 3628        msdsm - ok
11:13:56.0298 3628        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:13:56.0301 3628        Msfs - ok
11:13:56.0317 3628        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:13:56.0320 3628        mshidkmdf - ok
11:13:56.0350 3628        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:13:56.0354 3628        msisadrv - ok
11:13:56.0395 3628        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:13:56.0398 3628        MSKSSRV - ok
11:13:56.0416 3628        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:13:56.0418 3628        MSPCLOCK - ok
11:13:56.0434 3628        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:13:56.0437 3628        MSPQM - ok
11:13:56.0484 3628        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:13:56.0513 3628        MsRPC - ok
11:13:56.0536 3628        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:13:56.0536 3628        mssmbios - ok
11:13:56.0543 3628        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:13:56.0546 3628        MSTEE - ok
11:13:56.0560 3628        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:13:56.0564 3628        MTConfig - ok
11:13:56.0598 3628        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:13:56.0604 3628        Mup - ok
11:13:56.0667 3628        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:13:56.0686 3628        NativeWifiP - ok
11:13:56.0784 3628        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:13:56.0802 3628        NDIS - ok
11:13:56.0819 3628        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:13:56.0823 3628        NdisCap - ok
11:13:56.0839 3628        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:13:56.0842 3628        NdisTapi - ok
11:13:56.0871 3628        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:13:56.0890 3628        Ndisuio - ok
11:13:56.0918 3628        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:13:56.0926 3628        NdisWan - ok
11:13:56.0956 3628        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:13:56.0961 3628        NDProxy - ok
11:13:56.0980 3628        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:13:56.0984 3628        NetBIOS - ok
11:13:57.0016 3628        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:13:57.0025 3628        NetBT - ok
11:13:57.0065 3628        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:13:57.0070 3628        nfrd960 - ok
11:13:57.0091 3628        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:13:57.0095 3628        Npfs - ok
11:13:57.0111 3628        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:13:57.0115 3628        nsiproxy - ok
11:13:57.0236 3628        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:13:57.0264 3628        Ntfs - ok
11:13:57.0277 3628        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:13:57.0280 3628        Null - ok
11:13:57.0308 3628        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:13:57.0315 3628        nvraid - ok
11:13:57.0334 3628        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:13:57.0341 3628        nvstor - ok
11:13:57.0387 3628        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:13:57.0401 3628        nv_agp - ok
11:13:57.0439 3628        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:13:57.0465 3628        ohci1394 - ok
11:13:57.0513 3628        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:13:57.0518 3628        Parport - ok
11:13:57.0542 3628        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:13:57.0569 3628        partmgr - ok
11:13:57.0616 3628        pccsmcfd - ok
11:13:57.0656 3628        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:13:57.0673 3628        pci - ok
11:13:57.0711 3628        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:13:57.0715 3628        pciide - ok
11:13:57.0731 3628        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:13:57.0749 3628        pcmcia - ok
11:13:57.0762 3628        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:13:57.0767 3628        pcw - ok
11:13:57.0786 3628        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:13:57.0802 3628        PEAUTH - ok
11:13:57.0854 3628        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:13:57.0859 3628        PptpMiniport - ok
11:13:57.0886 3628        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:13:57.0891 3628        Processor - ok
11:13:57.0933 3628        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:13:57.0936 3628        Psched - ok
11:13:57.0998 3628        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:13:58.0029 3628        ql2300 - ok
11:13:58.0056 3628        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:13:58.0081 3628        ql40xx - ok
11:13:58.0123 3628        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:13:58.0133 3628        QWAVEdrv - ok
11:13:58.0156 3628        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:13:58.0158 3628        RasAcd - ok
11:13:58.0193 3628        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:13:58.0198 3628        RasAgileVpn - ok
11:13:58.0238 3628        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:13:58.0258 3628        Rasl2tp - ok
11:13:58.0282 3628        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:13:58.0288 3628        RasPppoe - ok
11:13:58.0297 3628        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:13:58.0302 3628        RasSstp - ok
11:13:58.0335 3628        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:13:58.0345 3628        rdbss - ok
11:13:58.0365 3628        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:13:58.0369 3628        rdpbus - ok
11:13:58.0382 3628        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:13:58.0384 3628        RDPCDD - ok
11:13:58.0440 3628        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:13:58.0457 3628        RDPDR - ok
11:13:58.0494 3628        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:13:58.0497 3628        RDPENCDD - ok
11:13:58.0512 3628        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:13:58.0515 3628        RDPREFMP - ok
11:13:58.0551 3628        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
11:13:58.0558 3628        RDPWD - ok
11:13:58.0583 3628        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:13:58.0592 3628        rdyboost - ok
11:13:58.0630 3628        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:13:58.0635 3628        rspndr - ok
11:13:58.0716 3628        RTL8167        (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:13:58.0735 3628        RTL8167 - ok
11:13:58.0783 3628        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:13:58.0801 3628        s3cap - ok
11:13:58.0829 3628        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:13:58.0834 3628        sbp2port - ok
11:13:58.0881 3628        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:13:58.0884 3628        scfilter - ok
11:13:58.0904 3628        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:13:58.0912 3628        secdrv - ok
11:13:58.0938 3628        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:13:58.0941 3628        Serenum - ok
11:13:58.0954 3628        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:13:58.0960 3628        Serial - ok
11:13:58.0986 3628        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:13:58.0989 3628        sermouse - ok
11:13:59.0019 3628        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:13:59.0022 3628        sffdisk - ok
11:13:59.0042 3628        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:13:59.0045 3628        sffp_mmc - ok
11:13:59.0062 3628        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:13:59.0065 3628        sffp_sd - ok
11:13:59.0071 3628        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:13:59.0074 3628        sfloppy - ok
11:13:59.0110 3628        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:13:59.0115 3628        SiSRaid2 - ok
11:13:59.0134 3628        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:13:59.0139 3628        SiSRaid4 - ok
11:13:59.0184 3628        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:13:59.0189 3628        Smb - ok
11:13:59.0208 3628        speedfan - ok
11:13:59.0234 3628        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:13:59.0238 3628        spldr - ok
11:13:59.0287 3628        sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
11:13:59.0287 3628        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
11:13:59.0289 3628        sptd ( LockedFile.Multi.Generic ) - warning
11:13:59.0289 3628        sptd - detected LockedFile.Multi.Generic (1)
11:13:59.0322 3628        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:13:59.0330 3628        srv - ok
11:13:59.0343 3628        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:13:59.0353 3628        srv2 - ok
11:13:59.0360 3628        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:13:59.0366 3628        srvnet - ok
11:13:59.0403 3628        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:13:59.0407 3628        stexstor - ok
11:13:59.0436 3628        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
11:13:59.0440 3628        storflt - ok
11:13:59.0464 3628        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:13:59.0474 3628        storvsc - ok
11:13:59.0499 3628        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:13:59.0507 3628        swenum - ok
11:13:59.0698 3628        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:13:59.0732 3628        Tcpip - ok
11:13:59.0760 3628        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:13:59.0767 3628        TCPIP6 - ok
11:13:59.0789 3628        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:13:59.0793 3628        tcpipreg - ok
11:13:59.0811 3628        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:13:59.0814 3628        TDPIPE - ok
11:13:59.0832 3628        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:13:59.0835 3628        TDTCP - ok
11:13:59.0863 3628        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:13:59.0868 3628        tdx - ok
11:13:59.0893 3628        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:13:59.0896 3628        TermDD - ok
11:13:59.0975 3628        TFsExDisk      (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
11:13:59.0978 3628        TFsExDisk - ok
11:14:00.0004 3628        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:14:00.0007 3628        tssecsrv - ok
11:14:00.0058 3628        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:14:00.0062 3628        TsUsbFlt - ok
11:14:00.0107 3628        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:14:00.0112 3628        tunnel - ok
11:14:00.0195 3628        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:14:00.0244 3628        uagp35 - ok
11:14:00.0287 3628        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:14:00.0306 3628        udfs - ok
11:14:00.0371 3628        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:14:00.0376 3628        uliagpkx - ok
11:14:00.0417 3628        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:14:00.0422 3628        umbus - ok
11:14:00.0444 3628        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:14:00.0448 3628        UmPass - ok
11:14:00.0501 3628        usbbus          (c85b8247fadd432fa54fe11667c8d97d) C:\Windows\system32\DRIVERS\lgx64bus.sys
11:14:00.0554 3628        usbbus - ok
11:14:00.0591 3628        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:14:00.0596 3628        usbccgp - ok
11:14:00.0638 3628        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:14:00.0644 3628        usbcir - ok
11:14:00.0678 3628        UsbDiag        (d8cdc12f5429878f23ddb3785a0fdf95) C:\Windows\system32\DRIVERS\lgx64diag.sys
11:14:00.0681 3628        UsbDiag - ok
11:14:00.0709 3628        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:14:00.0713 3628        usbehci - ok
11:14:00.0731 3628        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:14:00.0739 3628        usbhub - ok
11:14:00.0754 3628        USBModem        (79fa7a22b0f6f0082f640cbc82a00fce) C:\Windows\system32\DRIVERS\lgx64modem.sys
11:14:00.0757 3628        USBModem - ok
11:14:00.0776 3628        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
11:14:00.0779 3628        usbohci - ok
11:14:00.0796 3628        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:14:00.0803 3628        usbprint - ok
11:14:00.0846 3628        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:14:00.0855 3628        usbscan - ok
11:14:00.0884 3628        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:14:00.0897 3628        USBSTOR - ok
11:14:00.0921 3628        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:14:00.0924 3628        usbuhci - ok
11:14:00.0944 3628        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:14:00.0949 3628        vdrvroot - ok
11:14:00.0981 3628        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:14:00.0984 3628        vga - ok
11:14:01.0002 3628        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:14:01.0005 3628        VgaSave - ok
11:14:01.0038 3628        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:14:01.0059 3628        vhdmp - ok
11:14:01.0076 3628        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:14:01.0085 3628        viaide - ok
11:14:01.0117 3628        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
11:14:01.0136 3628        vmbus - ok
11:14:01.0161 3628        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:14:01.0168 3628        VMBusHID - ok
11:14:01.0205 3628        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:14:01.0232 3628        volmgr - ok
11:14:01.0279 3628        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:14:01.0316 3628        volmgrx - ok
11:14:01.0340 3628        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:14:01.0351 3628        volsnap - ok
11:14:01.0371 3628        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:14:01.0377 3628        vsmraid - ok
11:14:01.0399 3628        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:14:01.0403 3628        vwifibus - ok
11:14:01.0435 3628        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:14:01.0479 3628        WacomPen - ok
11:14:01.0520 3628        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:14:01.0525 3628        WANARP - ok
11:14:01.0529 3628        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:14:01.0530 3628        Wanarpv6 - ok
11:14:01.0548 3628        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:14:01.0552 3628        Wd - ok
11:14:01.0576 3628        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:14:01.0637 3628        Wdf01000 - ok
11:14:01.0692 3628        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:14:01.0694 3628        WfpLwf - ok
11:14:01.0719 3628        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:14:01.0723 3628        WIMMount - ok
11:14:01.0805 3628        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:14:01.0837 3628        WinUsb - ok
11:14:01.0878 3628        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:14:01.0881 3628        WmiAcpi - ok
11:14:01.0906 3628        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:14:01.0910 3628        ws2ifsl - ok
11:14:01.0969 3628        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:14:01.0981 3628        WudfPf - ok
11:14:02.0037 3628        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:14:02.0052 3628        WUDFRd - ok
11:14:02.0121 3628        xnacc          (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
11:14:02.0141 3628        xnacc - ok
11:14:02.0170 3628        xusb21          (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
11:14:02.0175 3628        xusb21 - ok
11:14:02.0194 3628        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
11:14:02.0256 3628        \Device\Harddisk1\DR1 - ok
11:14:02.0273 3628        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:14:02.0278 3628        \Device\Harddisk0\DR0 - ok
11:14:02.0288 3628        Boot (0x1200)  (23f67fea6f7a949bb1701eb5ac0cc823) \Device\Harddisk1\DR1\Partition0
11:14:02.0289 3628        \Device\Harddisk1\DR1\Partition0 - ok
11:14:02.0316 3628        Boot (0x1200)  (1483c8c0ee12b6b6ea2ab41eeedf5d4c) \Device\Harddisk1\DR1\Partition1
11:14:02.0356 3628        \Device\Harddisk1\DR1\Partition1 - ok
11:14:02.0364 3628        Boot (0x1200)  (b8914d1491fa4696f9755e5ef4dfdc7c) \Device\Harddisk0\DR0\Partition0
11:14:02.0367 3628        \Device\Harddisk0\DR0\Partition0 - ok
11:14:02.0368 3628        ============================================================
11:14:02.0368 3628        Scan finished
11:14:02.0368 3628        ============================================================
11:14:02.0379 1840        Detected object count: 1
11:14:02.0380 1840        Actual detected object count: 1
11:15:07.0726 1840        sptd ( LockedFile.Multi.Generic ) - skipped by user
11:15:07.0726 1840        sptd ( LockedFile.Multi.Generic ) - User select action: Skip
Könntest du deinen letzten Punkt (Superantispyware (SASW)) noch etwas erläutern? Soll ich die Anweisungen des Links befolgen?

Chris4You 29.12.2011 11:36
Hi,

ja... die bei Virustotal.com gescannte Datgei löschen...

chris

joebacka 29.12.2011 13:40
Habe UltraSurf gelöscht. Ist das im Allgemeinen potentiell gefährlich oder lag es nur an der Herkunft der .exe?

SASW-Log:
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/29/2011 at 01:27 PM

Application Version : 5.0.1142

Core Rules Database Version : 8089
Trace Rules Database Version: 5901

Scan type      : Complete Scan
Total Scan Time : 02:00:02

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 675
Memory threats detected  : 0
Registry items scanned    : 71044
Registry threats detected : 0
File items scanned        : 188985
File threats detected    : 224

Adware.Tracking Cookie
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\CUGQ7QBI.txt [ /ad.adnet.de ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\G6PZZ6JB.txt [ /bizzclick.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\SBO0T9FO.txt [ /findesop.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\6UYW2FT2.txt [ /ads.gamersmedia.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\B0VWSXZU.txt [ /tracking.mindshare.de ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\RHX08C7C.txt [ /adultfriendfinder.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\DF2W5XV9.txt [ /ru4.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\PEJUPBWV.txt [ /advertise.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\9GU9P101.txt [ /tacoda.at.atwola.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\4E6JH71P.txt [ /ad1.adfarm1.adition.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\65TROBVA.txt [ /content.yieldmanager.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\NEUJKXBS.txt [ /ad.adc-serv.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\LWCB81X1.txt [ /ads.pixfuture.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\JYBLZE0I.txt [ /media6degrees.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\AXN91MCF.txt [ /tracking.mlsat02.de ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\I2M2LGKK.txt [ /ad3.adfarm1.adition.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\WVAV14ES.txt [ /at.atwola.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\OLBHPF99.txt [ /adserver.eclickz.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\4Y0GQXM4.txt [ /adxpose.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\3JHKWKUZ.txt [ /guj.122.2o7.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\HCPH6ABC.txt [ /ads.ad4game.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\S2BG0818.txt [ /interclick.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\ZSEBF10I.txt [ /myroitracking.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\P28D4K2Q.txt [ /ads.pubmatic.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\KML2CY69.txt [ /www.etracker.de ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\8JZ2OZNM.txt [ /findedclik.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\ZWMC3DQK.txt [ /casalemedia.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\ZZOQG6QU.txt [ /tracking.quisma.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\THEETCXT.txt [ /ads.creative-serving.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\4DBF7GK8.txt [ /ad.360yield.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\9170WV6I.txt [ /ad.ad-srv.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\RXCYS5OF.txt [ /overture.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\0PU1DE9G.txt [ /adtech.de ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\EGKX03NH.txt [ /adbrite.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\ANTBMDHQ.txt [ /ads.adk2.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\U8LGI4TL.txt [ /mediaplex.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\20VI7K28.txt [ /webmasterplan.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\2HQJ65W8.txt [ /es.pornhub.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\1ROFF9UH.txt [ /www.usenext.de ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\I7MYCDRY.txt [ /trafficno.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\R1XB474P.txt [ /ox-d.enveromedia.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\HMLEGB4L.txt [ /zanox.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\QIKIOBAG.txt [ /fastclick.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\RC1J6MAW.txt [ /ads.247activemedia.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\VVCJM3AG.txt [ /cpcadnet.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\IBE617V4.txt [ /traffictrack.de ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\DPYY6OS0.txt [ /tmtraffic.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\25USSAOX.txt [ /findsimle.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\A6QR9A0Z.txt [ /ad.adition.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\BRA7FPK0.txt [ /questionmarket.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\YR08GZKJ.txt [ /ad4.adfarm1.adition.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\4G3L16TB.txt [ /my.enveromedia.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\IUC0OM8Z.txt [ /tradedoubler.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\2HS7E05I.txt [ /ad2.adfarm1.adition.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\3TDQGW05.txt [ /sysufind.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\DHO4M4E3.txt [ /unitymedia.de ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\X3Z1SVPE.txt [ /adsrv1.admediate.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\BJI2B09G.txt [ /mediatraffic.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\5UX363EN.txt [ /adfarm1.adition.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\WMM0N3QH.txt [ /www.traffective-tracking.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\8RHDO4I7.txt [ /ad.zanox.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\QU0K4328.txt [ /pro-market.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\N5GO8TI2.txt [ /dephfind.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\SZAW9SCV.txt [ /adform.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\SB61XBFD.txt [ /trafficengine.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\2TS9REXX.txt [ /linksynergy.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\O49U62IO.txt [ /eas.apm.emediate.eu ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\5Q01B890.txt [ /fidelity.rotator.hadj7.adjuggler.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\W0O7JGF9.txt [ /track.effiliation.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\OUSZBFUA.txt [ /server.cpmstar.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\FW77U9UI.txt [ /www.cpcadnet.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\F0WL2BOE.txt [ /ads.weboost.it ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\12N9VINH.txt [ /atdmt.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\G3KAPO18.txt [ /revsci.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\Q98QDGAR.txt [ /serving-sys.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\JKA1BROV.txt [ /aim4media.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\ESFU1GB4.txt [ /track.adform.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\DJHS1PGM.txt [ /ww251.smartadserver.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\H6YD78VE.txt [ /yieldmanager.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\KKYWJ5AV.txt [ /collective-media.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\XANY65VK.txt [ /doubleclick.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\3QTFFVTW.txt [ /specificclick.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\3ULSX9QT.txt [ /ad.yieldmanager.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\G1Y82H1R.txt [ /mellfind.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\L4FE4C1I.txt [ /lokyfind.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\XVZU7NJA.txt [ /filescanner.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\QQYSNANX.txt [ /vidasco.rotator.hadj7.adjuggler.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\1DX9NOG6.txt [ /accounts.google.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\CCXSUN5N.txt [ /xm.xtendmedia.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\PRK139BS.txt [ /accounts.google.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\MTT5HTS6.txt [ /harrenmedianetwork.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\UUUCYPV5.txt [ /track.effiliation.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\LT60WBAZ.txt [ /ads.cnn.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\4PTMKGH4.txt [ /mifind.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\F6N0UX24.txt [ /smartadserver.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\00VVE8TI.txt [ /advertising.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\FBYOKLLQ.txt [ /invitemedia.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\A424283N.txt [ /zieltrack.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\Y54VD4PA.txt [ /apmebf.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\2GD8DZCP.txt [ /xml.trafficengine.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\9W1SZ1JJ.txt [ /realmedia.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\6I28UOQF.txt [ /imrworldwide.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\GGMMY4G8.txt [ /ad.jokeroo.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\G28L4EH4.txt [ /clicksor.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\5YF26MS1.txt [ /intfind.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\CQG4T5UT.txt [ /r1-ads.ace.advertising.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\8WGKGYXJ.txt [ /clickfuse.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\KO6U0KKT.txt [ /ads.lzjl.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\FTAGFFSQ.txt [ /bizrate.co.uk ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\826JX6T9.txt [ /openx1.overadmedia.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\W764HUIM.txt [ /statcounter.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\9UIW105V.txt [ /pornhub.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\4NZL9VR0.txt [ /clicks.thespecialsearch.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\O43XOSV8.txt [ /friendfinder.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\89D8EEKC.txt [ /klpfind.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\VEV7ARLX.txt [ /realyfinded.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\BLDQPEMV.txt [ /ads2.zeusclicks.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\49X4EPP2.txt [ /www.pornhub.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\DJ6E3831.txt [ /content.yieldmanager.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\1POAS9Z5.txt [ /gostats.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\PQ3L7OFO.txt [ /ads.crakmedia.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\D4ZL59JY.txt [ /bs.serving-sys.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\DQFBEI03.txt [ /adjuggler.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\WEQK1Y6Y.txt [ /zanox-affiliate.de ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\294HPVUY.txt [ /mm.chitika.net ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\54U4BTTI.txt [ /ads.cpxcenter.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\8NIGNZS1.txt [ /im.banner.t-online.de ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\D2484VS5.txt [ /tribalfusion.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\P1UXY3V6.txt [ /it.pornhub.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\YCOHKLDI.txt [ /beta-ads.ace.advertising.com ]
        C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Cookies\K297DI4I.txt [ /adserver2.eclickz.com ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\03816VDE.txt [ Cookie:johannes@www.videobash.com/toplist/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\NIR32IEL.txt [ Cookie:johannes@google.com/accounts/ ]
        C:\USERS\JOHANNES\AppData\Roaming\Microsoft\Windows\Cookies\725X5UPN.txt [ Cookie:johannes@google.com/accounts/recovery/ ]
        C:\USERS\JOHANNES\Cookies\CUGQ7QBI.txt [ Cookie:johannes@ad.adnet.de/ ]
        C:\USERS\JOHANNES\Cookies\G6PZZ6JB.txt [ Cookie:johannes@bizzclick.com/ ]
        C:\USERS\JOHANNES\Cookies\6UYW2FT2.txt [ Cookie:johannes@ads.gamersmedia.com/ ]
        C:\USERS\JOHANNES\Cookies\B0VWSXZU.txt [ Cookie:johannes@tracking.mindshare.de/ ]
        C:\USERS\JOHANNES\Cookies\RHX08C7C.txt [ Cookie:johannes@adultfriendfinder.com/ ]
        C:\USERS\JOHANNES\Cookies\DF2W5XV9.txt [ Cookie:johannes@ru4.com/ ]
        C:\USERS\JOHANNES\Cookies\PEJUPBWV.txt [ Cookie:johannes@advertise.com/ ]
        C:\USERS\JOHANNES\Cookies\03816VDE.txt [ Cookie:johannes@www.videobash.com/toplist/ ]
        C:\USERS\JOHANNES\Cookies\65TROBVA.txt [ Cookie:johannes@content.yieldmanager.com/ak/ ]
        C:\USERS\JOHANNES\Cookies\JYBLZE0I.txt [ Cookie:johannes@media6degrees.com/ ]
        C:\USERS\JOHANNES\Cookies\WVAV14ES.txt [ Cookie:johannes@at.atwola.com/ ]
        C:\USERS\JOHANNES\Cookies\OLBHPF99.txt [ Cookie:johannes@adserver.eclickz.com/ ]
        C:\USERS\JOHANNES\Cookies\3JHKWKUZ.txt [ Cookie:johannes@guj.122.2o7.net/ ]
        C:\USERS\JOHANNES\Cookies\S2BG0818.txt [ Cookie:johannes@interclick.com/ ]
        C:\USERS\JOHANNES\Cookies\ZSEBF10I.txt [ Cookie:johannes@myroitracking.com/ ]
        C:\USERS\JOHANNES\Cookies\8JZ2OZNM.txt [ Cookie:johannes@findedclik.com/ ]
        C:\USERS\JOHANNES\Cookies\ZWMC3DQK.txt [ Cookie:johannes@casalemedia.com/ ]
        C:\USERS\JOHANNES\Cookies\RXCYS5OF.txt [ Cookie:johannes@overture.com/ ]
        C:\USERS\JOHANNES\Cookies\0PU1DE9G.txt [ Cookie:johannes@adtech.de/ ]
        C:\USERS\JOHANNES\Cookies\EGKX03NH.txt [ Cookie:johannes@adbrite.com/ ]
        C:\USERS\JOHANNES\Cookies\NIR32IEL.txt [ Cookie:johannes@google.com/accounts/ ]
        C:\USERS\JOHANNES\Cookies\U8LGI4TL.txt [ Cookie:johannes@mediaplex.com/ ]
        C:\USERS\JOHANNES\Cookies\20VI7K28.txt [ Cookie:johannes@webmasterplan.com/ ]
        C:\USERS\JOHANNES\Cookies\1ROFF9UH.txt [ Cookie:johannes@www.usenext.de/ ]
        C:\USERS\JOHANNES\Cookies\HMLEGB4L.txt [ Cookie:johannes@zanox.com/ ]
        C:\USERS\JOHANNES\Cookies\VVCJM3AG.txt [ Cookie:johannes@cpcadnet.com/ ]
        C:\USERS\JOHANNES\Cookies\IBE617V4.txt [ Cookie:johannes@traffictrack.de/ ]
        C:\USERS\JOHANNES\Cookies\DPYY6OS0.txt [ Cookie:johannes@tmtraffic.com/ ]
        C:\USERS\JOHANNES\Cookies\25USSAOX.txt [ Cookie:johannes@findsimle.com/ ]
        C:\USERS\JOHANNES\Cookies\4G3L16TB.txt [ Cookie:johannes@my.enveromedia.com/ ]
        C:\USERS\JOHANNES\Cookies\IUC0OM8Z.txt [ Cookie:johannes@tradedoubler.com/ ]
        C:\USERS\JOHANNES\Cookies\2HS7E05I.txt [ Cookie:johannes@ad2.adfarm1.adition.com/ ]
        C:\USERS\JOHANNES\Cookies\DHO4M4E3.txt [ Cookie:johannes@unitymedia.de/ ]
        C:\USERS\JOHANNES\Cookies\X3Z1SVPE.txt [ Cookie:johannes@adsrv1.admediate.com/ ]
        C:\USERS\JOHANNES\Cookies\5UX363EN.txt [ Cookie:johannes@adfarm1.adition.com/ ]
        C:\USERS\JOHANNES\Cookies\8RHDO4I7.txt [ Cookie:johannes@ad.zanox.com/ ]
        C:\USERS\JOHANNES\Cookies\QU0K4328.txt [ Cookie:johannes@pro-market.net/ ]
        C:\USERS\JOHANNES\Cookies\N5GO8TI2.txt [ Cookie:johannes@dephfind.com/ ]
        C:\USERS\JOHANNES\Cookies\SB61XBFD.txt [ Cookie:johannes@trafficengine.net/ ]
        C:\USERS\JOHANNES\Cookies\2TS9REXX.txt [ Cookie:johannes@linksynergy.com/ ]
        C:\USERS\JOHANNES\Cookies\O49U62IO.txt [ Cookie:johannes@eas.apm.emediate.eu/ ]
        C:\USERS\JOHANNES\Cookies\W0O7JGF9.txt [ Cookie:johannes@track.effiliation.com/ ]
        C:\USERS\JOHANNES\Cookies\OUSZBFUA.txt [ Cookie:johannes@server.cpmstar.com/ ]
        C:\USERS\JOHANNES\Cookies\FW77U9UI.txt [ Cookie:johannes@www.cpcadnet.com/track/ ]
        C:\USERS\JOHANNES\Cookies\G3KAPO18.txt [ Cookie:johannes@revsci.net/ ]
        C:\USERS\JOHANNES\Cookies\Q98QDGAR.txt [ Cookie:johannes@serving-sys.com/ ]
        C:\USERS\JOHANNES\Cookies\JKA1BROV.txt [ Cookie:johannes@aim4media.com/ ]
        C:\USERS\JOHANNES\Cookies\ESFU1GB4.txt [ Cookie:johannes@track.adform.net/ ]
        C:\USERS\JOHANNES\Cookies\DJHS1PGM.txt [ Cookie:johannes@ww251.smartadserver.com/ ]
        C:\USERS\JOHANNES\Cookies\H6YD78VE.txt [ Cookie:johannes@yieldmanager.net/ ]
        C:\USERS\JOHANNES\Cookies\KKYWJ5AV.txt [ Cookie:johannes@collective-media.net/ ]
        C:\USERS\JOHANNES\Cookies\XANY65VK.txt [ Cookie:johannes@doubleclick.net/ ]
        C:\USERS\JOHANNES\Cookies\3QTFFVTW.txt [ Cookie:johannes@specificclick.net/ ]
        C:\USERS\JOHANNES\Cookies\3ULSX9QT.txt [ Cookie:johannes@ad.yieldmanager.com/ ]
        C:\USERS\JOHANNES\Cookies\L4FE4C1I.txt [ Cookie:johannes@lokyfind.com/ ]
        C:\USERS\JOHANNES\Cookies\XVZU7NJA.txt [ Cookie:johannes@filescanner.net/ ]
        C:\USERS\JOHANNES\Cookies\QQYSNANX.txt [ Cookie:johannes@vidasco.rotator.hadj7.adjuggler.net/ ]
        C:\USERS\JOHANNES\Cookies\1DX9NOG6.txt [ Cookie:johannes@accounts.google.com/intl/en/ ]
        C:\USERS\JOHANNES\Cookies\MTT5HTS6.txt [ Cookie:johannes@harrenmedianetwork.com/ ]
        C:\USERS\JOHANNES\Cookies\UUUCYPV5.txt [ Cookie:johannes@track.effiliation.com/servlet/ ]
        C:\USERS\JOHANNES\Cookies\4PTMKGH4.txt [ Cookie:johannes@mifind.net/ ]
        C:\USERS\JOHANNES\Cookies\F6N0UX24.txt [ Cookie:johannes@smartadserver.com/ ]
        C:\USERS\JOHANNES\Cookies\00VVE8TI.txt [ Cookie:johannes@advertising.com/ ]
        C:\USERS\JOHANNES\Cookies\FBYOKLLQ.txt [ Cookie:johannes@invitemedia.com/ ]
        C:\USERS\JOHANNES\Cookies\Y54VD4PA.txt [ Cookie:johannes@apmebf.com/ ]
        C:\USERS\JOHANNES\Cookies\2GD8DZCP.txt [ Cookie:johannes@xml.trafficengine.net/ ]
        C:\USERS\JOHANNES\Cookies\G28L4EH4.txt [ Cookie:johannes@clicksor.com/ ]
        C:\USERS\JOHANNES\Cookies\5YF26MS1.txt [ Cookie:johannes@intfind.net/ ]
        C:\USERS\JOHANNES\Cookies\8WGKGYXJ.txt [ Cookie:johannes@clickfuse.com/ ]
        C:\USERS\JOHANNES\Cookies\826JX6T9.txt [ Cookie:johannes@openx1.overadmedia.com/ ]
        C:\USERS\JOHANNES\Cookies\W764HUIM.txt [ Cookie:johannes@statcounter.com/ ]
        C:\USERS\JOHANNES\Cookies\9UIW105V.txt [ Cookie:johannes@pornhub.com/ ]
        C:\USERS\JOHANNES\Cookies\O43XOSV8.txt [ Cookie:johannes@friendfinder.com/ ]
        C:\USERS\JOHANNES\Cookies\89D8EEKC.txt [ Cookie:johannes@klpfind.com/ ]
        C:\USERS\JOHANNES\Cookies\VEV7ARLX.txt [ Cookie:johannes@realyfinded.com/ ]
        C:\USERS\JOHANNES\Cookies\49X4EPP2.txt [ Cookie:johannes@www.pornhub.com/ ]
        C:\USERS\JOHANNES\Cookies\DJ6E3831.txt [ Cookie:johannes@content.yieldmanager.com/ ]
        C:\USERS\JOHANNES\Cookies\1POAS9Z5.txt [ Cookie:johannes@gostats.com/ ]
        C:\USERS\JOHANNES\Cookies\PQ3L7OFO.txt [ Cookie:johannes@ads.crakmedia.com/ ]
        C:\USERS\JOHANNES\Cookies\D4ZL59JY.txt [ Cookie:johannes@bs.serving-sys.com/ ]
        C:\USERS\JOHANNES\Cookies\DQFBEI03.txt [ Cookie:johannes@adjuggler.net/ ]
        C:\USERS\JOHANNES\Cookies\725X5UPN.txt [ Cookie:johannes@google.com/accounts/recovery/ ]
        C:\USERS\JOHANNES\Cookies\WEQK1Y6Y.txt [ Cookie:johannes@zanox-affiliate.de/ ]
        C:\USERS\JOHANNES\Cookies\8NIGNZS1.txt [ Cookie:johannes@im.banner.t-online.de/ ]
        C:\USERS\JOHANNES\Cookies\D2484VS5.txt [ Cookie:johannes@tribalfusion.com/ ]
        C:\USERS\JOHANNES\Cookies\P1UXY3V6.txt [ Cookie:johannes@it.pornhub.com/ ]
        C:\USERS\JOHANNES\Cookies\K297DI4I.txt [ Cookie:johannes@adserver2.eclickz.com/ ]

Heur.Agent/Gen-WhiteBox
        ZIP ARCHIVE( D:\DOWNLOADS\MEMTEST86+-4.10.USB.INSTALLER.ZIP )/MEMTEST86+ 4.10 USB INSTALLER.EXE
        D:\DOWNLOADS\MEMTEST86+-4.10.USB.INSTALLER.ZIP

Trojan.Agent/Gen-SoftonicDownloader
        D:\DOWNLOADS\SOFTONICDOWNLOADER_FUER_SCAN2PDF.EXE

Chris4You 29.12.2011 14:14
Hi,

beides...

Wie verhält sich der Rechner? Noch Auffälligkeiten?

chris

joebacka 29.12.2011 14:28
Hi

Sieht soweit ganz gut aus (Tabs öffnen sich nicht mehr). Was genau war das für ein Virus? Muss ich jetzt irgendetwas befürchten?

mbam findet aber immer noch diesen Eintrag:
Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.29.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Johannes :: JOE [Administrator]

29.12.2011 14:18:25
mbam-log-2011-12-29 (14-18-25).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 175817
Laufzeit: 2 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Backdoor.Agent) -> Daten: C:\Users\Johannes\AppData\Local\2bde10f3\X -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Chris4You 29.12.2011 15:12
Hi,

diesen Eintrag habe ich auch schon mit OTL gefixt, es ist also immer noch was da, was ihn immer wieder erstellt...

Bitte MAM updaten und Fullscan, Log posten...

Bitte neues OTL-Log...

chris

joebacka 29.12.2011 17:45
Hi,

Beim 2. Druchlauf hat mbam nicht mehr gefunden.

Hier die OLT Logs:
Code:
OTL logfile created on: 29.12.2011 15:31:51 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Johannes\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 41,49% Memory free
8,00 Gb Paging File | 5,07 Gb Available in Paging File | 63,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 500,00 Gb Total Space | 373,72 Gb Free Space | 74,74% Space Free | Partition Type: NTFS
Drive D: | 1363,01 Gb Total Space | 567,55 Gb Free Space | 41,64% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 465,38 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
 
Computer Name: JOE | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Johannes\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Tuning\AMD Overdrive\AODAssist.exe ()
PRC - C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe (ROCCAT GmbH)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\0k9685op.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko8\WINNT_x86-msvc\SSSLauncher.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvorbis_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libzvbi_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libxml_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtaglib_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libx264_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_rtp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_raop_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtheora_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libswscale_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvout_sdl_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtwolame_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libts_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libzip_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_transcode_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvisual_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvod_rtsp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwingdi_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libty_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsubtitle_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvcd_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsubsdec_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwaveout_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvobsub_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsubsusf_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_record_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_mosaic_bridge_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvideo_filter_wrapper_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtransform_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_standard_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvout_wrapper_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwav_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsvcdsub_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwall_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvoc_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_smem_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvmem_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libxtag_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtta_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwave_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvc1_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtrivial_channel_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_gather_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libxa_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuvp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtrivial_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libt140_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libqt4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libskins2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libschroedinger_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libremoteosd_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librtp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsdl_image_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libspeex_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libspatializer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsap_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libreal_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librss_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscreen_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_bridge_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libspudec_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_es_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsmf_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscaletempo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librotate_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librawvid_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscene_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libquicktime_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_duplicate_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librealvideo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstats_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librawdv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librawaud_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_display_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsharpen_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libripple_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librawvideo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_autodel_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscale_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\librv32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_description_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libspdif_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_out_dummy_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libprojectm_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmkv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmod_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpng_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmp4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_ts_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libplaylist_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liboldhttp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpc_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_ps_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libportaudio_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libogg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpostproc_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_h264_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liboldrc_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpanoramix_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mpeg4audio_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_ogg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_mp4_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_asf_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libps_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmosaic_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_dirac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libosd_parser_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_vc1_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liboldtelnet_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libnuv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_avi_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mpegvideo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmotiondetect_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mpeg4video_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_flac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpuzzle_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_mlp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmono_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libosdmenu_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpodcast_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpva_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libntservice_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libnsv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libparam_eq_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libnetsync_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpsychedelic_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpacketizer_copy_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libnsc_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libnormvol_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_wav_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmsn_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmotionblur_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libnoise_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_mpjpeg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmux_dummy_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibass_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgnutls_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblive555_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgme_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblua_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgoom_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibmpeg2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libkate_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libglwin32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgradient_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblogo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmarq_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmagnify_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libheadphone_channel_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgestures_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmirror_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmediadirs_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblpcm_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmjpeg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblogger_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpy3dn_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libinvmem_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_i420_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgrain_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libh264_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libinvert_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfreetype_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfaad_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libflac_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfluidsynth_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdnav_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdshow_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdread_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvbsub_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdeinterlace_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirectx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirect3d_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdmo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcrop_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libequalizer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libflacsys_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libes_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libextract_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdummy_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfilesystem_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdts_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libexport_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfake_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcvdsub_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcroppadd_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liberase_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgaussianblur_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdemuxdump_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdemux_cdg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfolder_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdrawable_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libavcodec_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcaca_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_sdl_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libatmo_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libbda_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcdda_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libavi_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libasf_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libblend_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudiobargraph_v_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libadjust_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_directx_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaraw_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libball_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudioscrobbler_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudio_format_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcc_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libadpcm_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaudiobargraph_a_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libchorus_flanger_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libbluescreen_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcanvas_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libblendbench_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcolorthres_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_file_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcdg_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaiff_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libclone_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libalphamask_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaes3_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libchain_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_udp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libau_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_output_shout_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_http_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_mms_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_realrtsp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_imem_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_ftp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_output_udp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_output_http_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_smb_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_fake_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_output_file_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_tcp_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_attachment_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_output_dummy_plugin.dll ()
MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AODService) -- C:\Program Files (x86)\Tuning\AMD Overdrive\AODAssist.exe ()
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\drivers\lgandmodem64.sys (LG Electronics Inc.)
DRV:64bit: - (AndGps) -- C:\Windows\SysNative\drivers\lgandgps64.sys (LG Electronics Inc.)
DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\drivers\lganddiag64.sys (LG Electronics Inc.)
DRV:64bit: - (Andbus) -- C:\Windows\SysNative\drivers\lgandbus64.sys (LG Electronics Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (cpuz134) -- C:\Windows\SysNative\drivers\cpuz134_x64.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (asusgsb) -- C:\Windows\SysNative\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV:64bit: - (KoneFltr) -- C:\Windows\SysNative\drivers\Kone.sys (ROCCAT Ltd)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AODDriver4.01) -- C:\Program Files (x86)\Tuning\AMD Overdrive\amd64\AODDriver2.sys (Advanced Micro Devices)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 0B 82 1E F8 BF CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "hxxp://www.hsv.de/index.php?id=16043"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.8
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.88
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.02.09 19:50:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.02.09 19:50:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.29 08:39:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.28 21:49:53 | 000,000,000 | ---D | M]
 
[2011.03.30 19:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions
[2011.03.30 19:03:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.27 11:31:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions
[2011.12.16 22:44:15 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.12.21 20:53:13 | 000,000,000 | ---D | M] ("UltraSurf Firefox Tool") -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2011.05.15 09:25:16 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.12.21 20:53:12 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\firefox@tvunetworks.com
[2010.12.21 20:53:13 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\moveplayer@movenetworks.com
[2011.04.02 17:42:58 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Johannes\AppData\Roaming\mozilla\Firefox\Profiles\0k9685op.default\extensions\vshare@toolbar
[2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Users\Johannes\AppData\Roaming\Mozilla\Firefox\Profiles\0k9685op.default\searchplugins\conduit.xml
[2011.11.29 08:39:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0K9685OP.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0K9685OP.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0K9685OP.DEFAULT\EXTENSIONS\{DD05FD3D-18DF-4CE4-AE53-E795339C5F01}.XPI
() (No name found) -- C:\USERS\JOHANNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0K9685OP.DEFAULT\EXTENSIONS\{E0204BD5-9D31-402B-A99D-A6AA8FFEBDCA}.XPI
[2011.11.29 08:39:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.12.22 15:57:39 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.23 02:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.23 02:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.23 02:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.23 02:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.23 02:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.23 02:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E578DDC-AFD0-42A7-B617-DDBB64557420}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cd6a2aeb-0d4e-11e0-867e-6c626d85fadc}\Shell - "" = AutoRun
O33 - MountPoints2\{cd6a2aeb-0d4e-11e0-867e-6c626d85fadc}\Shell\AutoRun\command - "" = L:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.29 11:22:38 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\SUPERAntiSpyware.com
[2011.12.29 11:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.12.29 11:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.12.29 11:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.12.29 11:12:26 | 000,000,000 | ---D | C] -- C:\TDSS
[2011.12.29 11:01:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.28 23:16:49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2011.12.14 09:24:25 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.12.14 09:24:25 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.12.14 09:24:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.12.14 09:24:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.12.14 09:24:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.12.14 09:24:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.12.14 09:24:23 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.12.14 09:24:23 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.12.14 09:24:23 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.12.14 09:24:22 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.12.14 09:24:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.12.14 09:22:08 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011.12.14 09:21:53 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.12.14 09:21:53 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.12.12 22:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.12.12 22:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011.12.12 22:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.12.09 16:11:52 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\Sky
[2011.12.08 20:08:50 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\2011_12_08
[2011.12.08 00:39:26 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Tor
[2011.12.08 00:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bundle
[2011.12.08 00:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vidalia Bundle
[2011.12.08 00:39:25 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Vidalia
[2011.12.08 00:37:03 | 000,000,000 | ---D | C] -- C:\Users\Johannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tor
[2011.12.08 00:12:47 | 000,000,000 | ---D | C] -- C:\Users\Johannes\Desktop\utmp
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.29 13:40:26 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.29 13:40:26 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.29 13:37:31 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.29 13:37:31 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.29 13:37:31 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.29 13:37:31 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.29 13:37:31 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.29 13:33:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.29 13:33:03 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.29 11:21:44 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.29 10:43:58 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.12.28 23:16:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes\Desktop\OTL.exe
[2011.12.28 17:45:11 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011.12.27 22:42:01 | 000,538,052 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_3.JPG
[2011.12.27 22:41:57 | 000,569,812 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_2.JPG
[2011.12.27 22:41:54 | 000,565,191 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_1.JPG
[2011.12.27 22:41:50 | 000,572,077 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_3.jpg
[2011.12.27 22:41:47 | 000,511,469 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_2.jpg
[2011.12.27 22:41:45 | 000,568,741 | ---- | M] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_1.JPG
[2011.12.21 16:49:03 | 000,000,600 | ---- | M] () -- C:\Users\Johannes\PUTTY.RND
[2011.12.20 19:36:53 | 000,139,966 | ---- | M] () -- C:\Users\Johannes\Desktop\Targobank.pdf
[2011.12.20 15:16:00 | 000,000,213 | ---- | M] () -- C:\Users\Johannes\Desktop\u.ini
[2011.12.14 15:59:31 | 000,339,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.08 19:44:19 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.06 23:40:50 | 001,671,629 | ---- | M] () -- C:\Users\Johannes\Desktop\Marktuebersicht_CI+_geeigneter_Empfangsgeraete.pdf
[2011.12.03 10:39:59 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
 
========== Files Created - No Company Name ==========
 
[2011.12.29 11:21:44 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.28 17:45:11 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011.12.27 22:42:01 | 000,538,052 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_3.JPG
[2011.12.27 22:41:57 | 000,569,812 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_2.JPG
[2011.12.27 22:41:54 | 000,565,191 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 19.12.11 SDO2_1.JPG
[2011.12.27 22:41:50 | 000,572,077 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_3.jpg
[2011.12.27 22:41:47 | 000,511,469 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_2.jpg
[2011.12.27 22:41:45 | 000,568,741 | ---- | C] () -- C:\Users\Johannes\Desktop\IEF_SDS Tower 13.12.11 Col-0_1.JPG
[2011.12.20 19:36:53 | 000,139,966 | ---- | C] () -- C:\Users\Johannes\Desktop\Targobank.pdf
[2011.12.08 00:20:40 | 000,000,213 | ---- | C] () -- C:\Users\Johannes\Desktop\u.ini
[2011.12.08 00:08:07 | 000,000,600 | ---- | C] () -- C:\Users\Johannes\PUTTY.RND
[2011.12.06 23:40:50 | 001,671,629 | ---- | C] () -- C:\Users\Johannes\Desktop\Marktuebersicht_CI+_geeigneter_Empfangsgeraete.pdf
[2011.12.03 10:39:59 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.18 18:04:04 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.09.20 18:28:58 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011.09.20 18:28:58 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011.09.02 12:42:42 | 000,000,843 | ---- | C] () -- C:\Windows\wiso.ini
[2011.07.17 22:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.05.16 07:30:28 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.26 12:19:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.01.26 20:21:26 | 000,000,000 | ---- | C] () -- C:\Users\Johannes\AppData\Local\STAR.trace
[2011.01.26 13:56:35 | 000,003,278 | ---- | C] () -- C:\Users\Johannes\AppData\Roaming\SerialClonerPrefs
[2010.12.27 15:31:39 | 000,000,017 | ---- | C] () -- C:\Users\Johannes\AppData\Local\resmon.resmoncfg
[2010.12.22 17:45:19 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.12.21 21:29:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.10.05 00:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

< End of report >
Code:
OTL Extras logfile created on: 29.12.2011 15:31:51 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Johannes\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,66 Gb Available Physical Memory | 41,49% Memory free
8,00 Gb Paging File | 5,07 Gb Available in Paging File | 63,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 500,00 Gb Total Space | 373,72 Gb Free Space | 74,74% Space Free | Partition Type: NTFS
Drive D: | 1363,01 Gb Total Space | 567,55 Gb Free Space | 41,64% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 465,38 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
 
Computer Name: JOE | User Name: Johannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.8
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{10ADF519-706B-6EC7-A1A7-A2580D920457}" = AMD Catalyst Install Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series" = Canon MX320 series MP Drivers
"{2AF2EABE-CF18-CACB-E57C-A4902A3C36C8}" = AMD Media Foundation Decoders
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5DF57DB1-D971-3DA3-B4BB-F6FC7D73A997}" = AMD Drag and Drop Transcoding
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C95F41B-70D9-7EF8-BC80-B1C896B5B747}" = AMD Fuel
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90AB246D-A0A0-29EA-199A-4B07841E0737}" = ATI AVIVO64 Codecs
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D79C2CD4-7BCC-60AC-76C9-834CEEF1CDBE}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.00 Beta 3 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer 2011
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BF4CB15-6055-452A-8487-021AE2D91208}" = Crysis® 2 Demo
"{1DA27F36-93EB-E82F-2DA3-48F13C0153CD}" = Catalyst Control Center InstallProxy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.0
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{330D5210-3C4F-E632-2714-BE23C7C10B9F}" = Catalyst Control Center Graphics Previews Common
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{434D0820-3AA6-493A-80B9-301000028501}" = DiRT2
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{434D0FA0-AB8C-497F-B30A-7A1000018201}" = DiRT 3
"{43544FB5-BC1D-939A-7FDA-F7F3E5AEC35B}" = AMD VISION Engine Control Center
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F6F7929-56E8-4FAE-92A8-6B86108D07C1}" = LG United Mobile Drivers
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{78D2854E-5DBF-11E7-B41F-47D203C8ED66}" = CCC Help English
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.0.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5676-5A64-A00000000003}" = Adobe Reader Extended Language Support Font Pack
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B99CB207-4704-4C51-9309-0FA90AA26DD4}" = ROCCAT Kone[+] Mouse Driver
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D7AF16E7-5938-4369-BA54-B1ABD541BC32}" = Utility
"{DAD5AC93-8518-4F46-A5FE-E63FEE791B6F}" = AMD OverDrive
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Afterburner" = MSI Afterburner 2.0.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Call of Duty Black Ops GERMAN Uncut 1.00" = Call of Duty Black Ops GERMAN Uncut 1.00
"Core Damage 0.8h" = Core Damage 0.8h
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"DivX Setup.divx.com" = DivX-Setup
"Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
"Fraps" = Fraps
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Mafia II_is1" = Mafia II DLC Joe's Adventures
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"OpenAL" = OpenAL
"Polipo" = Polipo 1.0.4.1
"Postal 2_is1" = Portal 2
"PyMOL" = PyMOL
"SopCast" = SopCast 3.3.2
"SpeedFan" = SpeedFan (remove only)
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 33230" = Assassin's Creed II
"Tor" = Tor 0.2.2.34
"Veetle TV" = Veetle TV 0.9.18
"Vidalia" = Vidalia 0.2.15
"VLC media player" = VLC media player 1.1.11
"xvid" = XviD MPEG-4 Video Codec
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.12.2011 05:32:17 | Computer Name = Joe | Source = Windows Search Service | ID = 3029
Description =
 
Error - 04.12.2011 05:32:17 | Computer Name = Joe | Source = Windows Search Service | ID = 3028
Description =
 
Error - 04.12.2011 05:32:17 | Computer Name = Joe | Source = Windows Search Service | ID = 3058
Description =
 
Error - 04.12.2011 05:32:17 | Computer Name = Joe | Source = Windows Search Service | ID = 7010
Description =
 
Error - 07.12.2011 19:16:56 | Computer Name = Joe | Source = Application Hang | ID = 1002
Description = Programm U1103.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1154    Startzeit:
 01ccb535bb52298e    Endzeit: 5    Anwendungspfad: C:\Users\Johannes\Desktop\U1103.exe    Berichts-ID:
 8bfa7f7e-2129-11e1-ae48-6c626d85fadc 
 
Error - 07.12.2011 19:18:33 | Computer Name = Joe | Source = Application Hang | ID = 1002
Description = Programm U1103.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 4cc    Startzeit:
01ccb5365bb08003    Endzeit: 16    Anwendungspfad: C:\Users\Johannes\Desktop\U1103.exe    Berichts-ID:
 c5efef55-2129-11e1-ae48-6c626d85fadc 
 
Error - 11.12.2011 17:54:37 | Computer Name = Joe | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 8.0.1.4341 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 624    Startzeit:
01ccb796e716a229    Endzeit: 41    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 
 
Error - 19.12.2011 17:51:40 | Computer Name = Joe | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 8.0.1.4341 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e0c    Startzeit:
01ccbe186f0fda78    Endzeit: 18    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 9e928b07-2a8b-11e1-8dcb-6c626d85fadc 
 
Error - 28.12.2011 09:20:56 | Computer Name = Joe | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc3c1  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000070a02ad000
ID
 des fehlerhaften Prozesses: 0x738  Startzeit der fehlerhaften Anwendung: 0x01ccc563159d8383
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: c5c780a5-3156-11e1-817f-6c626d85fadc
 
Error - 28.12.2011 12:19:56 | Computer Name = Joe | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mbam.exe, Version: 1.51.0.1118, Zeitstempel:
 0x4e5e8e67  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x61746144  ID des fehlerhaften Prozesses:
 0xb50  Startzeit der fehlerhaften Anwendung: 0x01ccc57c842cf7ad  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: c72e6532-316f-11e1-817f-6c626d85fadc
 
[ System Events ]
Error - 27.12.2011 06:20:13 | Computer Name = Joe | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 27.12.2011 17:58:40 | Computer Name = Joe | Source = DCOM | ID = 10010
Description =
 
Error - 28.12.2011 08:43:59 | Computer Name = Joe | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 28.12.2011 08:55:49 | Computer Name = Joe | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows-Fehlerberichterstattungsdienst erreicht.
 
Error - 28.12.2011 20:08:14 | Computer Name = Joe | Source = DCOM | ID = 10010
Description =
 
Error - 29.12.2011 05:40:47 | Computer Name = Joe | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 29.12.2011 06:03:24 | Computer Name = Joe | Source = DCOM | ID = 10010
Description =
 
Error - 29.12.2011 06:05:18 | Computer Name = Joe | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 29.12.2011 08:32:15 | Computer Name = Joe | Source = DCOM | ID = 10010
Description =
 
Error - 29.12.2011 08:34:08 | Computer Name = Joe | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
 
< End of report >

Chris4You 29.12.2011 17:55
Hi,

das sieht jetzt ok aus...

chris

joebacka 29.12.2011 17:57
Vielen Dank für deine Hilfe!

Wäre es möglich den Thread zu löschen? Muss ja nicht meine Logs sehen...

Chris4You 29.12.2011 18:27
Hi,

ist nicht üblich, musst Du einen Admin (Da Guru) fragen...

Ich würde abschließen noch Dr. Web scannen lassen...
Cureit
Folge der Anleitung: http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:24 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129