| |
| |||||||
Log-Analyse und Auswertung: Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> LogfilesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.11.2011, 13:21
| #1 |
 |  Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles Gestern schlug Antivir bei mir Alarm. Auf 3 Partitionen wurde jeweils die Datei pcwelt.scr gefunden, die angeblich den Trojaner TR/Gendal.2.4609 enthält. Im selben Verzeichnis war eine autorun.inf, die die Dateien starten sollte (was unter Windows 7 ja nicht passiert). 2 der Partitionen waren mit Truecrypt verschlüsselt und der Alarm schlug an, als die Platten gemounted wurden. Ich habe die scr-Datei bei einem Online-Checker hochgeladen, die hälfte der Programme identifizierte ihn als Malware (allerdings immer eine andere), die andere Hälfte sagte, die Datei sei sauber. Ich hab die Dateien gelöscht und sie sind auch nach einem Neustart nicht wieder gekommen. Auf der Systempartiotion waren keine infizierten Dateien. Ich habe mein System nun gescannt (während alle verschlüsselten Partitionen offen waren). Hier die Logfiles: Defogger_disable: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:38 on 10/11/2011 (Antestor)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 10.11.2011 12:49:09 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Antestor\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 65,88% Memory free 8,00 Gb Paging File | 6,26 Gb Available in Paging File | 78,23% Paging File free Paging file location(s): o:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 69,23 Gb Total Space | 3,99 Gb Free Space | 5,77% Space Free | Partition Type: NTFS Drive D: | 200,00 Gb Total Space | 19,51 Gb Free Space | 9,76% Space Free | Partition Type: NTFS Drive E: | 600,00 Gb Total Space | 176,94 Gb Free Space | 29,49% Space Free | Partition Type: NTFS Drive M: | 1000,00 Gb Total Space | 6,60 Gb Free Space | 0,66% Space Free | Partition Type: NTFS Drive O: | 31,51 Gb Total Space | 5,47 Gb Free Space | 17,35% Space Free | Partition Type: NTFS Drive S: | 7,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive W: | 100,00 Gb Total Space | 5,59 Gb Free Space | 5,59% Space Free | Partition Type: NTFS Drive Y: | 397,26 Gb Total Space | 372,87 Gb Free Space | 93,86% Space Free | Partition Type: NTFS Computer Name: GRAMHEIM-PC | User Name: Antestor | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.10 12:32:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Antestor\Downloads\OTL.exe PRC - [2011.09.19 18:13:53 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\Antestor\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe PRC - [2011.08.25 15:35:06 | 000,095,640 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\AppHookx86.exe PRC - [2011.01.27 16:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.12.11 18:05:10 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2010.10.29 13:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2010.04.28 22:28:18 | 003,727,411 | ---- | M] (FreeDownloadManager.ORG) -- C:\PROGRA~2\FREEDO~1\fdm.exe PRC - [2010.03.26 08:40:46 | 005,805,216 | ---- | M] (Salfeld Computer) -- C:\Windows\tray\wintmr.exe PRC - [2010.03.26 08:40:44 | 005,558,432 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cc32\webtmr.exe PRC - [2010.01.27 17:00:16 | 001,595,032 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cchservice.exe PRC - [2010.01.22 20:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2010.01.22 20:56:46 | 000,064,048 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe PRC - [2010.01.22 20:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2010.01.22 20:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe PRC - [2010.01.22 20:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2009.12.15 09:33:28 | 000,370,688 | ---- | M] (BAUM Retec AG) -- C:\Program Files (x86)\Common Files\BAUM Retec\BrailleServer\1.0\BralMiniServer.exe PRC - [2009.11.12 05:42:56 | 000,362,032 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2009.11.12 05:42:20 | 005,140,960 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2009.11.07 23:26:50 | 001,412,552 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt.exe PRC - [2009.10.15 13:33:02 | 000,136,520 | ---- | M] (BAUM Retec AG) -- C:\Program Files (x86)\BAUM Retec\COBRA\9.0\CobraProxy.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.12.19 11:18:42 | 000,405,504 | ---- | M] (BAUM Retec AG) -- C:\Program Files (x86)\Common Files\BAUM Retec\BrailleServer\1.0\BralMiniSrv_Service.exe PRC - [2007.04.24 19:19:54 | 003,581,680 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe PRC - [2007.03.08 18:48:16 | 001,081,344 | ---- | M] (Pantone & X-Rite) -- C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe PRC - [2003.06.30 17:30:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe ========== Modules (No Company Name) ========== MOD - [2010.01.22 20:57:04 | 000,970,288 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll MOD - [2010.01.22 20:56:46 | 000,068,656 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll MOD - [2008.12.30 01:03:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\iefdm2.dll MOD - [2007.04.24 15:22:12 | 000,112,400 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll MOD - [2007.04.23 00:19:28 | 000,026,392 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\Docklets\Calendar\Calendar.dll MOD - [2007.04.21 13:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\zlib.dll MOD - [2007.04.19 14:23:48 | 000,095,944 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\CrashRpt.dll MOD - [2004.07.26 19:03:50 | 000,249,856 | ---- | M] () -- C:\Program Files (x86)\ScanWizard 5\SFRes.dll MOD - [2003.06.30 17:30:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe MOD - [2002.11.19 14:11:40 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Common Files\Stardock\ODImg.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.09.23 23:28:02 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.07.15 16:28:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.01.27 16:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.27 17:00:16 | 001,595,032 | ---- | M] (Salfeld Computer) [Auto | Running] -- C:\Windows\SysWOW64\cchservice.exe -- (Windows-CCHook-Service) SRV - [2010.01.22 20:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2010.01.22 20:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010.01.22 20:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2010.01.22 20:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2010.01.08 11:33:12 | 002,480,048 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2009.11.12 05:43:16 | 000,894,544 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2009.10.12 13:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.07.14 00:15:34 | 000,730,264 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\ksupmgr.exe -- (ksupmgr) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.12.19 11:18:42 | 000,405,504 | ---- | M] (BAUM Retec AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\BAUM Retec\BrailleServer\1.0\BralMiniSrv_Service.exe -- (BralMiniServer Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.29 20:09:14 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2010.09.29 20:09:14 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2010.02.08 00:41:48 | 000,038,512 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFEHashRIPEMD.sys -- (FreeOTFEHashRIPEMD) DRV:64bit: - [2010.02.08 00:41:48 | 000,035,440 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherTwofish_ltc.sys -- (FreeOTFECypherTwofish_ltc) DRV:64bit: - [2010.02.08 00:41:48 | 000,034,928 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFEHashWhirlpool.sys -- (FreeOTFEHashWhirlpool) DRV:64bit: - [2010.02.08 00:41:48 | 000,029,296 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFEHashSHA.sys -- (FreeOTFEHashSHA) DRV:64bit: - [2010.02.08 00:41:48 | 000,026,224 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFEHashTiger.sys -- (FreeOTFEHashTiger) DRV:64bit: - [2010.02.08 00:41:48 | 000,022,640 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFEHashMD.sys -- (FreeOTFEHashMD) DRV:64bit: - [2010.02.08 00:41:46 | 000,060,016 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherDES.sys -- (FreeOTFECypherDES) DRV:64bit: - [2010.02.08 00:41:46 | 000,035,952 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherSerpent_Gladman.sys -- (FreeOTFECypherSerpent_Gladman) DRV:64bit: - [2010.02.08 00:41:46 | 000,034,928 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherCAST6_Gladman.sys -- (FreeOTFECypherCAST6_Gladman) DRV:64bit: - [2010.02.08 00:41:46 | 000,030,832 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherMARS_Gladman.sys -- (FreeOTFECypherMARS_Gladman) DRV:64bit: - [2010.02.08 00:41:46 | 000,029,296 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherRC6_ltc.sys -- (FreeOTFECypherRC6_ltc) DRV:64bit: - [2010.02.08 00:41:44 | 000,050,800 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherAES_ltc.sys -- (FreeOTFECypherAES_ltc) DRV:64bit: - [2010.02.08 00:41:44 | 000,038,512 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFE.sys -- (FreeOTFE) DRV:64bit: - [2010.02.08 00:41:44 | 000,034,928 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherCAST5.sys -- (FreeOTFECypherCAST5) DRV:64bit: - [2010.02.08 00:41:44 | 000,027,760 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherBlowfish.sys -- (FreeOTFECypherBlowfish) DRV:64bit: - [2010.01.22 20:58:24 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport) DRV:64bit: - [2010.01.22 20:58:22 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2010.01.22 20:58:20 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2010.01.22 20:58:16 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2010.01.22 20:58:16 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2010.01.22 20:00:44 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2010.01.22 16:13:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2010.01.22 16:12:58 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2010.01.22 16:12:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2010.01.20 00:12:00 | 000,045,648 | ---- | M] (BAUM RETEC AG) [Kernel | System | Running] -- C:\Windows\SysNative\CbrVidA.sys -- (CbrVidA) DRV:64bit: - [2010.01.08 11:33:13 | 000,251,488 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2010.01.08 11:33:11 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) DRV:64bit: - [2010.01.08 11:33:10 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2010.01.08 11:33:01 | 000,257,120 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2009.12.08 22:23:57 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2009.10.23 12:19:20 | 000,043,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JulaWDM.sys -- (JulaWDM.sys) DRV:64bit: - [2009.10.23 12:19:18 | 000,058,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Jula.sys -- (Jula.sys) DRV:64bit: - [2009.10.07 19:26:24 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.09.24 00:01:24 | 006,175,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.09.17 14:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64) DRV:64bit: - [2008.05.16 10:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm) DRV:64bit: - [2008.05.16 10:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) DRV:64bit: - [2008.05.16 10:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2008.05.16 10:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex) DRV:64bit: - [2008.05.16 10:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) DRV:64bit: - [2008.05.16 10:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl) DRV:64bit: - [2008.05.16 10:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) DRV:64bit: - [2007.07.24 03:53:04 | 000,125,992 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PnP680r.sys -- (Pnp680r) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.10.12 13:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.03.19 16:14:52 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\BurnInTest\DirectIo.sys -- (DIRECTIO) DRV - [2006.01.13 14:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\vd_filedisk.sys -- (VD_FileDisk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 39 96 E8 B5 8D F7 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: {ca8b7b3d-b6e6-438f-b935-601b3de48d66}:1.1.6 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.5 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.1.3 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:3.2 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Antestor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.10 12:22:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.10 12:22:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.10.17 21:18:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.12.11 18:05:28 | 000,000,000 | ---D | M] [2010.01.19 22:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antestor\AppData\Roaming\mozilla\Extensions [2010.01.19 22:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antestor\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.11.10 12:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions [2011.04.04 20:13:21 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.10.06 19:34:33 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2011.09.02 17:57:53 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2010.03.20 12:21:56 | 000,000,000 | ---D | M] (Firefox Throttle) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66} [2010.05.07 17:00:07 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2011.06.24 20:12:41 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\firebug@software.joehewitt.com [2011.01.29 15:23:56 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\firefox@tvunetworks.com [2011.09.11 10:42:09 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\foxyproxy@eric.h.jung [2010.12.11 18:22:47 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\vshare@toolbar [2010.01.16 14:01:19 | 000,001,340 | ---- | M] () -- C:\Users\Antestor\AppData\Roaming\Mozilla\Firefox\Profiles\yu5646sy.default\searchplugins\wikipedia-en.xml [2009.11.08 15:16:44 | 000,004,153 | ---- | M] () -- C:\Users\Antestor\AppData\Roaming\Mozilla\Firefox\Profiles\yu5646sy.default\searchplugins\youtube.xml [2011.11.09 22:28:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.05.08 19:47:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.20 17:13:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.12.24 15:19:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.11 19:17:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.07.07 14:19:09 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES (X86)\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION [2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009.11.08 16:49:41 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2011.08.17 17:54:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.08.17 17:54:06 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.05.26 18:51:58 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2011.08.17 17:54:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.17 17:54:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.08.17 17:54:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [Cobra_chkRDP] C:\Program Files (x86)\BAUM Retec\COBRA\9.0\RegSetCobraRDP.exe (BAUM Retec AG) O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project) O4:64bit: - HKLM..\Run: [JulaPAN.exe] C:\Windows\SysNative\JulaPAN.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ati\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.) O4 - HKCU..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software) O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found O4 - HKCU..\Run: [SansaDispatch] C:\Users\Antestor\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation) O4 - Startup: C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0 O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( ) O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( ) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2579BE8-B389-4030-9D62-31B2CEDC2CE7}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\cdo - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {6979AAD7-86EE-481F-B591-152A33E86ECB} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {6979AAD7-86EE-481F-B591-152A33E86ECB} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.07.02 10:39:37 | 000,000,000 | ---D | M] - E:\auto -- [ NTFS ] O32 - AutoRun File - [2008.08.22 06:57:52 | 000,230,728 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - S:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.05.30 07:54:04 | 000,000,047 | R--- | M] () - S:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{461de88b-cbf0-11de-bb5b-001d60763add}\Shell - "" = AutoRun O33 - MountPoints2\{461de88b-cbf0-11de-bb5b-001d60763add}\Shell\AutoRun\command - "" = S:\autorun.exe -- [2008.08.22 06:57:52 | 000,230,728 | R--- | M] (Konami Digital Entertainment Co., Ltd.) O33 - MountPoints2\{7bcf7ce0-cbe8-11de-8ba3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7bcf7ce0-cbe8-11de-8ba3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\Assetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1E41233D-FEC5-F818-6F11-87D34A06FBA2} - Browser Customizations ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2DA739F5-B89A-4961-E003-578BE113FBDF} - Browser Customizations ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8E2CC5F7-DD51-14A1-A16F-FF3624BFA4CA} - Browser Customizations ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.11.04 18:42:13 | 000,000,000 | ---D | C] -- C:\Users\Antestor\AppData\Local\Unity [2011.10.12 19:09:58 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.10.12 19:09:58 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.10.12 19:09:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.10.12 19:09:57 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.10.12 19:09:57 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.10.12 19:09:57 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.10.12 19:09:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.10.12 19:09:32 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2011.10.12 19:09:32 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2011.10.12 19:09:32 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2011.10.12 19:09:31 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax [2011.10.12 19:09:20 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2011.10.12 19:09:20 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2011.06.20 20:04:11 | 000,925,696 | ---- | C] (GSpot Appliance Corp, a unit of GSp0t Heavy Industries) -- C:\Program Files (x86)\GSpot.exe [2009.11.07 23:26:50 | 003,358,808 | ---- | C] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt Setup.exe [2009.11.07 23:26:50 | 001,559,496 | ---- | C] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt Format.exe [2009.11.07 23:26:50 | 001,412,552 | ---- | C] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt.exe [2009.11.07 23:26:50 | 000,223,432 | ---- | C] (TrueCrypt Foundation) -- C:\Program Files (x86)\truecrypt.sys [2009.11.07 23:26:50 | 000,222,152 | ---- | C] (TrueCrypt Foundation) -- C:\Program Files (x86)\truecrypt-x64.sys [5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.10 12:52:34 | 000,003,862 | -H-- | M] () -- C:\NET.INI [2011.11.10 12:41:07 | 001,506,860 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.10 12:41:07 | 000,658,728 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.10 12:41:07 | 000,619,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.10 12:41:07 | 000,131,886 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.10 12:41:07 | 000,108,180 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.10 12:33:39 | 000,000,000 | ---- | M] () -- C:\Users\Antestor\defogger_reenable [2011.11.10 12:25:38 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.10 12:25:38 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.10 12:19:46 | 000,000,146 | ---- | M] () -- C:\Windows\SysWow64\swctl.dll [2011.11.10 12:18:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.10 12:18:14 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys [2011.11.09 19:55:36 | 003,234,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.11.03 19:16:45 | 000,002,034 | -H-- | M] () -- C:\Users\Antestor\Documents\Default.rdp [2011.11.03 19:12:49 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\DisplayFusion.lnk [2011.10.20 18:35:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.10 12:33:39 | 000,000,000 | ---- | C] () -- C:\Users\Antestor\defogger_reenable [2011.10.17 21:18:04 | 000,002,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2011.07.17 10:44:49 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.07.17 10:44:14 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe [2011.07.17 10:43:16 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.07.17 10:43:16 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.01.15 22:37:27 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll [2011.01.15 22:37:27 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat [2010.11.21 13:54:32 | 000,695,642 | ---- | C] () -- C:\Windows\unins000.exe [2010.11.21 13:54:32 | 000,011,205 | ---- | C] () -- C:\Windows\unins000.dat [2010.07.09 21:26:52 | 000,017,408 | ---- | C] () -- C:\Users\Antestor\AppData\Local\WebpageIcons.db [2010.06.05 01:46:32 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.04.10 19:29:47 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys [2010.04.10 19:27:45 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg [2010.04.10 19:27:44 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe [2010.03.29 22:22:23 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2010.03.26 20:55:32 | 000,730,264 | ---- | C] () -- C:\Windows\SysWow64\ksupmgr.exe [2010.03.26 20:55:28 | 000,041,912 | ---- | C] () -- C:\Windows\SysWow64\drivers\ccinj64.sys [2010.03.26 20:55:28 | 000,009,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\mchccinj.sys [2010.01.30 19:59:58 | 001,048,576 | ---- | C] () -- C:\Windows\SysWow64\BCLIENT.DLL [2010.01.29 19:13:58 | 000,000,480 | ---- | C] () -- C:\Windows\SysWow64\setup.dat [2010.01.29 19:13:58 | 000,000,092 | ---- | C] () -- C:\Windows\SysWow64\lock.dat [2010.01.29 19:11:56 | 000,227,840 | R--- | C] () -- C:\Windows\SysWow64\SVTOOLS.DLL [2009.12.16 20:25:29 | 000,009,216 | ---- | C] () -- C:\Users\Antestor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.16 20:18:24 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2009.11.27 22:40:58 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2009.11.13 20:54:32 | 000,285,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsio.sys [2009.11.13 20:54:32 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsreged.sys [2009.11.08 17:14:06 | 007,035,645 | ---- | C] () -- C:\Windows\SysWow64\httpsurl.dat [2009.11.08 17:14:06 | 000,059,671 | ---- | C] () -- C:\Windows\SysWow64\httpuurl.dat [2009.11.08 17:14:06 | 000,001,548 | ---- | C] () -- C:\Windows\SysWow64\nogoapp.dat [2009.11.08 17:14:06 | 000,000,146 | ---- | C] () -- C:\Windows\SysWow64\swctl.dll [2009.11.08 17:14:06 | 000,000,145 | -H-- | C] () -- C:\Windows\SysWow64\CTLSW.INI [2009.11.08 17:14:04 | 000,000,050 | ---- | C] () -- C:\Windows\SysWow64\ccwt64.dat [2009.11.08 17:14:03 | 000,000,590 | ---- | C] () -- C:\Windows\SysWow64\nochook.ini [2009.11.08 15:02:18 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.11.08 14:44:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.11.08 00:48:50 | 000,092,704 | ---- | C] () -- C:\Windows\SysWow64\JulaASIO32.dll [2009.11.07 23:26:50 | 001,066,371 | ---- | C] () -- C:\Program Files (x86)\TrueCrypt User Guide.pdf [2009.11.07 22:59:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2006.10.11 04:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2002.06.11 10:23:34 | 000,046,080 | R--- | C] () -- C:\Windows\SysWow64\BSYSTEM.DLL ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.11.07 23:06:45 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009.11.08 17:49:29 | 000,000,000 | ---D | M] -- C:\ATI [2011.02.26 13:41:35 | 000,000,000 | -HSD | M] -- C:\Boot [2009.11.28 17:06:31 | 000,000,000 | ---D | M] -- C:\BurnInTest test files [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.11.07 23:06:29 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.08.28 20:38:54 | 000,000,000 | ---D | M] -- C:\Downloads [2011.03.22 22:02:52 | 000,000,000 | ---D | M] -- C:\HP Universal Print Driver [2009.11.27 23:08:26 | 000,000,000 | ---D | M] -- C:\Intel [2009.11.13 20:54:31 | 000,000,000 | ---D | M] -- C:\Kpcms [2011.01.09 22:28:43 | 000,000,000 | ---D | M] -- C:\OptiPNG-UI_TEMP [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.05.24 07:32:17 | 000,000,000 | R--D | M] -- C:\Program Files [2011.08.29 21:31:08 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.08.27 20:11:40 | 000,000,000 | ---D | M] -- C:\ProgramData [2009.11.07 23:06:29 | 000,000,000 | -HSD | M] -- C:\Programme [2009.11.08 00:08:36 | 000,000,000 | ---D | M] -- C:\RaidTool [2009.11.07 23:06:29 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.11.10 12:51:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.08.29 21:35:18 | 000,000,000 | ---D | M] -- C:\temp [2009.11.07 23:06:35 | 000,000,000 | R--D | M] -- C:\Users [2011.10.26 18:08:53 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > [2007.02.22 20:08:08 | 000,925,696 | ---- | M] (GSpot Appliance Corp, a unit of GSp0t Heavy Industries) -- C:\Program Files (x86)\GSpot.exe [2009.11.07 23:26:50 | 001,559,496 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt Format.exe [2009.11.07 20:46:04 | 003,358,808 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt Setup.exe [2009.11.07 23:26:50 | 001,412,552 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt.exe < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > Code:
ATTFilter OTL Extras logfile created on: 10.11.2011 12:49:09 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Antestor\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 65,88% Memory free
8,00 Gb Paging File | 6,26 Gb Available in Paging File | 78,23% Paging File free
Paging file location(s): o:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69,23 Gb Total Space | 3,99 Gb Free Space | 5,77% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 19,51 Gb Free Space | 9,76% Space Free | Partition Type: NTFS
Drive E: | 600,00 Gb Total Space | 176,94 Gb Free Space | 29,49% Space Free | Partition Type: NTFS
Drive M: | 1000,00 Gb Total Space | 6,60 Gb Free Space | 0,66% Space Free | Partition Type: NTFS
Drive O: | 31,51 Gb Total Space | 5,47 Gb Free Space | 17,35% Space Free | Partition Type: NTFS
Drive S: | 7,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive W: | 100,00 Gb Total Space | 5,59 Gb Free Space | 5,59% Space Free | Partition Type: NTFS
Drive Y: | 397,26 Gb Total Space | 372,87 Gb Free Space | 93,86% Space Free | Partition Type: NTFS
Computer Name: GRAMHEIM-PC | User Name: Antestor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5324EDAC-DED3-3A65-6881-84B4B8A8A7F9}" = ATI Catalyst Install Manager
"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
"{B71779A7-9931-A01C-FE36-26D30133B3A1}" = ccc-utility64
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CAF01FE2-3E7D-4EEA-B04C-6561D64BB3D0}" = Independence Pro Software Suite 3.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2BEB1D72D273FA04AF79FA3C4E0B1BD7C0B1F627" = Windows-Treiberpaket - BAUM Retec AG USB Driver Package - V7 (02/17/2009 2.04.16)
"CCleaner" = CCleaner
"CFB93035BA5D9AEFE8B947832E4FB4996B507C7C" = Windows-Treiberpaket - BAUM Retec AG USB Driver Package - V7 (02/17/2009 2.04.16)
"CobraSetup_is1" = BAUM Retec COBRA 9.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Recuva" = Recuva
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0978A841-2E44-4A85-922B-36D96F0BAE0E}_is1" = 3GP Player 2009
"{0F52FBBC-D076-9A9A-5A0F-FFC6D46361B0}" = Catalyst Control Center Graphics Previews Common
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{186FC6A7-3E47-67AB-BF01-B2D86A1FA34B}" = CCC Help Thai
"{1E132C9D-042E-E68D-9A85-5273085FBF75}" = Catalyst Control Center Graphics Full Existing
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{269FC1B2-92D3-1AA7-CC2E-E3BFB141ED08}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E094936-B6D2-67FC-9680-7D83FD9722EA}" = CCC Help Chinese Standard
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine
"{36C1B8B9-35CE-4B2A-B598-5FA16B795949}" = buzzroom KeyMaker
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3ACFF226-3D86-422D-A151-1582DA1231C5}" = Samplitude 11 Silver
"{3D8D8094-9789-402E-BD28-337343F1DE6F}" = Samplitude Music Studio 17 Download-Version
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41F1BC2D-182A-706D-B48D-F88B097CAA3C}" = CCC Help Chinese Traditional
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3E4DFA-6AC2-8E80-AF5C-DF34CC97FEA5}" = Catalyst Control Center HydraVision Full
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}" = Steinberg Cubase LE 5
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5866520C-8857-4986-833A-039F4584C3F7}" = Toontrack solo
"{5F837C12-F45A-ADC7-DF59-3CF43C228226}" = ccc-core-static
"{6559654F-2F38-491F-8411-211517C3E635}" = SampleTank FREE
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{77082BFF-AFC4-CDFD-26C1-79AD8CCC9452}" = CCC Help Korean
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{785740DF-DC05-F730-4309-09DDC7848A40}" = Catalyst Control Center Graphics Full New
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{86925C00-AB04-17B3-D9FB-373943F39DE0}" = Catalyst Control Center Core Implementation
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{95B47464-20BD-4450-BF0F-8F1773EF3F2D}" = MAGIX Speed burnR (MSI)
"{96173BCD-08AC-57B1-FCE3-E7A9018BE585}" = Catalyst Control Center Localization All
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B582947F-F34D-4081-A5B9-24CBF09F8C15}" = Adobe Setup
"{B6FE6F0D-688B-458B-9E12-0F55E4009561}" = Samplitude Music Studio 17 Content Pack
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C04D5974-F528-4347-A494-EAF56124CC1A}" = Steinberg HALionOne Essential Set
"{C162E1F7-56C6-49DC-8DA6-216CF651A502}" = MAGIX Screenshare
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D222C5F9-C8A4-A32F-8A58-EFAF7178F5ED}" = CCC Help Japanese
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D42E3F13-E45C-33A1-7FBF-FB84419858E1}" = Catalyst Control Center Graphics Previews Vista
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DCEBE43A-834D-67B5-306E-E95E9180D5B7}" = CCC Help English
"{DCED01E8-8BFA-4E36-BEC7-25DE676D833C}" = AM Track SE
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E80B34EE-F3E5-4F60-AE89-FF0D717554A2}" = EZdrummer Lite Installer
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EAA14B41-B8FC-4B0B-934E-B9A3D46E885D}" = FindInMidi
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F4F365AB-BD66-4775-A36A-E3D8055873FD}" = EZXMetalHeads
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"1489-3350-5074-6281" = JDownloader 0.9
"1489-3350-5074-6281-1" = JDownloader 0.9
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"ADUSB Treiber Pre-Installation_is1" = ADUSB Treiber Pre-Installation 1.0
"Allway Sync_is1" = Allway Sync version 9.4.11
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Artisteer 2" = Artisteer 2
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"ASIO4ALL" = ASIO4ALL
"Avi2Dvd" = Avi2Dvd 0.6.2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.4.0
"BrailleServerSetup_is1" = BAUM Retec Braille Server 1.0
"Briz Video Joiner_is1" = Briz Video Joiner
"BurnInTest_is1" = BurnInTest v6.0 Standard
"CDex" = CDex extraction audio
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"DVS Guitar_is1" = DVS Guitar v1.04
"eLicenser Control" = eLicenser Control
"energyXT 2.5.4 Beat Edition_is1" = energyXT 2.5.4
"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
"Filter Forge 2_is1" = Filter Forge 2.009
"Filter Forge_is1" = Filter Forge 1.021
"FLV Player" = FLV Player 2.0 (build 25)
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Download Manager_is1" = Free Download Manager 3.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"FreeOTFE" = FreeOTFE
"HaaliMkx" = Haali Media Splitter
"Halls Of Fame Free - Origami Edition 2.5.2" = Halls Of Fame Free - Origami Edition 2.5.2
"HammerHead Rhythm Station" = HammerHead Rhythm Station
"huey_is1" = hueyPRO 1.5.0
"Hydrogen" = Hydrogen
"Independence Pro Software Suite 3.0" = Independence Pro Software Suite 3.0
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"International TTS" = International TTS
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.16
"Kindersicherung_is1" = Kindersicherung 2010
"LastFM_is1" = Last.fm 1.5.4.27091
"lgx4.lgx.server" = G DATA Logox 4 Speechengine
"LogiEdit" = LogiEdit (remove only)
"MAGIX_MSI_AMTrackSE" = AM Track SE
"MAGIX_MSI_ms17dlx" = Samplitude Music Studio 17 Download-Version
"MAGIX_MSI_sam11silver" = Samplitude 11 Silver
"Miranda IM" = Miranda IM 0.9.17
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"Notepad++" = Notepad++
"ObjectDock Plus" = ObjectDock Plus
"OpenAL" = OpenAL
"Opera 11.10.2092" = Opera 11.10
"OptiPNG-UI1.0.0.2" = OptiPNG-UI
"Organ One v. 2.10" = Organ One v. 2.10
"PPLive" = PPLive 1.9
"RealPlayer 12.0" = RealPlayer
"REAPER" = REAPER
"rgc:audio sfz VSTi_is1" = rgc:audio sfz VSTi v1.96
"SopCast" = SopCast 3.2.9
"SpeechServerSetup_is1" = BAUM Retec Speech Server 3.0
"Steinberg Cubase LE" = Steinberg Cubase LE
"Studio Devil BVC_is1" = Studio Devil BVC 1.1
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"TC UP" = Total Commander Ultima Prime 5.0.0.0
"TeamViewer 6" = TeamViewer 6
"TFSETTOP_is1" = Top Set 2.00
"TmNationsForever_is1" = TmNationsForever
"Totalcmd" = Total Commander (Remove or Repair)
"TrueCrypt" = TrueCrypt
"TVUPlayer" = TVUPlayer 2.5.3.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.3
"VMware_Player" = VMware Player
"WaveLabLE7" = WaveLab LE 7
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"WinUAE" = WinUAE 2.3.0
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.4
"ws4.webspeech" = G DATA WebSpeech 4
"Xvid_is1" = Xvid 1.2.2 final uninstall
"yellow tools Independence Free 2.5.3 32bit" = yellow tools Independence Free 2.5.3 32bit
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 1.9
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Magical Glass" = Magical Glass
"Sansa Updater" = Sansa Updater
"UnityWebPlayer" = Unity Web Player
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.11.2011 16:08:01 | Computer Name = Gramheim-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Real\RealPlayer\plugins\rmxrend.dll". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 05.11.2011 17:28:23 | Computer Name = Gramheim-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\baum retec\COBRA\9.0\Srv.exe". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 05.11.2011 17:29:57 | Computer Name = Gramheim-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\TC UP\PLUGINS\Media\SiMail\DelphiZip.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\TC UP\PLUGINS\Media\SiMail\DelphiZip.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 06.11.2011 16:38:36 | Computer Name = Gramheim-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Real\RealPlayer\plugins\rmxrend.dll". Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 08.11.2011 15:35:08 | Computer Name = Gramheim-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\baum retec\COBRA\9.0\Srv.exe". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 08.11.2011 15:36:33 | Computer Name = Gramheim-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\TC UP\PLUGINS\Media\SiMail\DelphiZip.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\TC UP\PLUGINS\Media\SiMail\DelphiZip.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 08.11.2011 16:09:15 | Computer Name = Gramheim-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: javaw.exe, Version: 6.0.240.7, Zeitstempel:
0x4d4a0b98 Name des fehlerhaften Moduls: java.dll, Version: 6.0.240.7, Zeitstempel:
0x4d4a3fad Ausnahmecode: 0xc0000005 Fehleroffset: 0x00004e2f ID des fehlerhaften Prozesses:
0x119c Startzeit der fehlerhaften Anwendung: 0x01cc9e5247d6aa52 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Java\jre6\bin\javaw.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Java\jre6\bin\java.dll Berichtskennung: 877cd252-0a45-11e1-93a2-005056c00008
Error - 09.11.2011 15:28:09 | Computer Name = Gramheim-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\baum retec\COBRA\9.0\Srv.exe". Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 09.11.2011 15:29:48 | Computer Name = Gramheim-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\TC UP\PLUGINS\Media\SiMail\DelphiZip.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\TC UP\PLUGINS\Media\SiMail\DelphiZip.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 10.11.2011 07:47:27 | Computer Name = Gramheim-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.31.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ab4 Startzeit:
01cc9f9d9e6d051b Endzeit: 29 Anwendungspfad: C:\Users\Antestor\Downloads\OTL.exe Berichts-ID:
[ System Events ]
Error - 09.11.2011 14:12:44 | Computer Name = Gramheim-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWOW64\drivers\mchccinj.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 09.11.2011 14:12:48 | Computer Name = Gramheim-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
FreeOTFE FreeOTFECypherAES_ltc FreeOTFECypherBlowfish FreeOTFECypherCAST5 FreeOTFECypherCAST6_Gladman
FreeOTFECypherDES
FreeOTFECypherMARS_Gladman
FreeOTFECypherRC6_ltc
FreeOTFECypherSerpent_Gladman
FreeOTFECypherTwofish_ltc
FreeOTFEHashMD
FreeOTFEHashRIPEMD
FreeOTFEHashSHA
FreeOTFEHashTiger
FreeOTFEHashWhirlpool
VD_FileDisk
Error - 09.11.2011 14:54:57 | Computer Name = Gramheim-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\VD_FileDisk.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 09.11.2011 14:55:42 | Computer Name = Gramheim-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "File-/Update Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 09.11.2011 14:55:43 | Computer Name = Gramheim-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWOW64\drivers\mchccinj.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 09.11.2011 14:55:49 | Computer Name = Gramheim-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
FreeOTFE FreeOTFECypherAES_ltc FreeOTFECypherBlowfish FreeOTFECypherCAST5 FreeOTFECypherCAST6_Gladman
FreeOTFECypherDES
FreeOTFECypherMARS_Gladman
FreeOTFECypherRC6_ltc
FreeOTFECypherSerpent_Gladman
FreeOTFECypherTwofish_ltc
FreeOTFEHashMD
FreeOTFEHashRIPEMD
FreeOTFEHashSHA
FreeOTFEHashTiger
FreeOTFEHashWhirlpool
VD_FileDisk
Error - 10.11.2011 07:18:00 | Computer Name = Gramheim-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\VD_FileDisk.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 10.11.2011 07:18:29 | Computer Name = Gramheim-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "File-/Update Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 10.11.2011 07:18:30 | Computer Name = Gramheim-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWOW64\drivers\mchccinj.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 10.11.2011 07:18:34 | Computer Name = Gramheim-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
FreeOTFE FreeOTFECypherAES_ltc FreeOTFECypherBlowfish FreeOTFECypherCAST5 FreeOTFECypherCAST6_Gladman
FreeOTFECypherDES
FreeOTFECypherMARS_Gladman
FreeOTFECypherRC6_ltc
FreeOTFECypherSerpent_Gladman
FreeOTFECypherTwofish_ltc
FreeOTFEHashMD
FreeOTFEHashRIPEMD
FreeOTFEHashSHA
FreeOTFEHashTiger
FreeOTFEHashWhirlpool
VD_FileDisk
< End of report >
Vielen Dank! |
|
10.11.2011, 16:47
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
__________________ |
|
10.11.2011, 16:53
| #3 |
| | Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles Danke, werd ich heut abend machen. Muss ich im defogger vorher schon wieder enablen?
__________________ |
|
10.11.2011, 21:27
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles Hallo? Wie kommst du darauf, wir haben noch nichtmal angefangen mit der Analyse. Defogger reaktivieren kommt ganz zum Schluss!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.11.2011, 21:35
| #5 | |
| | Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> LogfilesZitat:
Hier ist das Malwarebytes Logfile: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8133
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
10.11.2011 21:24:51
mbam-log-2011-11-10 (21-24-51).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|M:\|O:\|W:\|Y:\|)
Durchsuchte Objekte: 804448
Laufzeit: 1 Stunde(n), 54 Minute(n), 1 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
c:\program files (x86)\windv (Adware.WinDV) -> Quarantined and deleted successfully.
Infizierte Dateien:
c:\Users\Antestor\downloads\pantsoff.exe (PUP.PSWFinder) -> Not selected for removal.
m:\Antestor\downloads\pantsoff.exe (PUP.PSWFinder) -> Not selected for removal.
w:\survive\diesdas\survive98\tools\elchtest.exe (Application.Joke) -> Quarantined and deleted successfully.
c:\program files (x86)\windv\Readme.txt (Adware.WinDV) -> Quarantined and deleted successfully.
c:\program files (x86)\windv\WinDV.exe (Adware.WinDV) -> Quarantined and deleted successfully.
Warum er bei WinDV rummeckert, weiß ich auch nicht. Auch dieses Programm benutze ich schon seit fast 10 Jahren um Daten von meiner Kamera zu ziehen. Was meint ihr? |
|
11.11.2011, 20:31
| #6 |
| | Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles Hier noch der ESET Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1b5d91a30ea3c846a34c4ca1945b8231
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-11 07:25:10
# local_time=2011-11-11 08:25:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 4290 96535735 62458 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 4133 72653878 0 0
# compatibility_mode=8192 67108863 100 0 3753 3753 0 0
# scanned=647543
# found=7
# cleaned=0
# scan_time=15482
C:\Users\Antestor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\1cc304f-770818d9 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Antestor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\706d619-7dcab737 a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Antestor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\7beb3c22-1a54ed43 a variant of Java/Exploit.Agent.NAC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Antestor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\21d050c6-43695ebc Java/TrojanDownloader.Agent.NCJ trojan (unable to clean) 00000000000000000000000000000000 I
M:\Antestor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\1cc304f-770818d9 multiple threats (unable to clean) 00000000000000000000000000000000 I
M:\Antestor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\7beb3c22-1a54ed43 a variant of Java/Exploit.Agent.NAC trojan (unable to clean) 00000000000000000000000000000000 I
M:\Antestor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\21d050c6-43695ebc Java/TrojanDownloader.Agent.NCJ trojan (unable to clean) 00000000000000000000000000000000 I
Vielen Dank! |
|
11.11.2011, 20:42
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles Mach bitte ein neues OTL-Log CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.11.2011, 21:14
| #8 |
| | Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles Danke für die schnelle Antwort! Habe eben den OTL Scan gemacht. Hier ist der Log: Code:
ATTFilter OTL logfile created on: 11.11.2011 20:45:05 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Antestor\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 48,81% Memory free 8,00 Gb Paging File | 5,90 Gb Available in Paging File | 73,75% Paging File free Paging file location(s): o:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 69,23 Gb Total Space | 3,49 Gb Free Space | 5,04% Space Free | Partition Type: NTFS Drive D: | 200,00 Gb Total Space | 19,51 Gb Free Space | 9,76% Space Free | Partition Type: NTFS Drive E: | 600,00 Gb Total Space | 176,94 Gb Free Space | 29,49% Space Free | Partition Type: NTFS Drive M: | 1000,00 Gb Total Space | 6,60 Gb Free Space | 0,66% Space Free | Partition Type: NTFS Drive O: | 31,51 Gb Total Space | 5,49 Gb Free Space | 17,42% Space Free | Partition Type: NTFS Drive S: | 7,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive W: | 100,00 Gb Total Space | 7,45 Gb Free Space | 7,45% Space Free | Partition Type: NTFS Drive Y: | 397,26 Gb Total Space | 372,87 Gb Free Space | 93,86% Space Free | Partition Type: NTFS Computer Name: GRAMHEIM-PC | User Name: Antestor | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.10 12:32:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Antestor\Downloads\OTL.exe PRC - [2011.09.19 18:13:53 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\Antestor\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.08.25 15:35:06 | 000,095,640 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\AppHookx86.exe PRC - [2011.01.27 16:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.12.11 18:05:10 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2010.10.29 13:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe PRC - [2010.10.27 21:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe PRC - [2010.04.28 22:28:18 | 003,727,411 | ---- | M] (FreeDownloadManager.ORG) -- C:\PROGRA~2\FREEDO~1\fdm.exe PRC - [2010.03.26 08:40:46 | 005,805,216 | ---- | M] (Salfeld Computer) -- C:\Windows\tray\wintmr.exe PRC - [2010.03.26 08:40:44 | 005,558,432 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cc32\webtmr.exe PRC - [2010.01.27 17:00:16 | 001,595,032 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cchservice.exe PRC - [2010.01.22 20:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2010.01.22 20:56:46 | 000,064,048 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe PRC - [2010.01.22 20:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2010.01.22 20:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe PRC - [2010.01.22 20:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2009.12.15 09:33:28 | 000,370,688 | ---- | M] (BAUM Retec AG) -- C:\Program Files (x86)\Common Files\BAUM Retec\BrailleServer\1.0\BralMiniServer.exe PRC - [2009.11.12 05:42:56 | 000,362,032 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2009.11.12 05:42:20 | 005,140,960 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2009.11.07 23:26:50 | 001,412,552 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt.exe PRC - [2009.10.15 13:33:02 | 000,136,520 | ---- | M] (BAUM Retec AG) -- C:\Program Files (x86)\BAUM Retec\COBRA\9.0\CobraProxy.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.12.19 11:18:42 | 000,405,504 | ---- | M] (BAUM Retec AG) -- C:\Program Files (x86)\Common Files\BAUM Retec\BrailleServer\1.0\BralMiniSrv_Service.exe PRC - [2007.04.24 19:19:54 | 003,581,680 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe PRC - [2007.03.08 18:48:16 | 001,081,344 | ---- | M] (Pantone & X-Rite) -- C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe PRC - [2003.06.30 17:30:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe ========== Modules (No Company Name) ========== MOD - [2010.10.27 21:23:04 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_rtaudioplayback.dll MOD - [2010.10.27 21:22:52 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_messengernotify.dll MOD - [2010.10.27 21:22:42 | 000,058,880 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_skypenotify.dll MOD - [2010.10.27 21:22:08 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_madtranscode.dll MOD - [2010.10.27 21:22:00 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_httpinput.dll MOD - [2010.10.27 21:19:28 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmFingerprint1.dll MOD - [2010.10.27 21:19:06 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Last.fm\breakpad.dll MOD - [2010.10.27 21:18:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Last.fm\Moose1.dll MOD - [2010.10.27 21:18:34 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmTools1.dll MOD - [2010.10.27 21:13:52 | 001,382,507 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libfftw3f-3.dll MOD - [2010.10.27 21:13:52 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\Last.fm\zlibwapi.dll MOD - [2010.01.22 20:57:04 | 000,970,288 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll MOD - [2010.01.22 20:56:46 | 000,068,656 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll MOD - [2008.12.30 01:03:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\iefdm2.dll MOD - [2008.04.16 17:42:30 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtNetwork4.dll MOD - [2008.04.16 17:42:16 | 000,524,288 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtSql4.dll MOD - [2008.04.16 17:42:02 | 006,701,056 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtGui4.dll MOD - [2008.04.16 17:36:38 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtXml4.dll MOD - [2008.04.16 17:36:34 | 001,654,784 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtCore4.dll MOD - [2008.04.02 14:26:50 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qmng4.dll MOD - [2008.04.02 14:26:34 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qgif4.dll MOD - [2008.04.02 14:26:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qjpeg4.dll MOD - [2007.04.24 15:22:12 | 000,112,400 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll MOD - [2007.04.23 00:19:28 | 000,026,392 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\Docklets\Calendar\Calendar.dll MOD - [2007.04.21 13:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\zlib.dll MOD - [2007.04.19 14:23:48 | 000,095,944 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\CrashRpt.dll MOD - [2004.07.26 19:03:50 | 000,249,856 | ---- | M] () -- C:\Program Files (x86)\ScanWizard 5\SFRes.dll MOD - [2003.06.30 17:30:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe MOD - [2002.11.19 14:11:40 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Common Files\Stardock\ODImg.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.09.23 23:28:02 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.07.15 16:28:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.01.27 16:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.27 17:00:16 | 001,595,032 | ---- | M] (Salfeld Computer) [Auto | Running] -- C:\Windows\SysWOW64\cchservice.exe -- (Windows-CCHook-Service) SRV - [2010.01.22 20:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2010.01.22 20:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010.01.22 20:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2010.01.22 20:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2010.01.08 11:33:12 | 002,480,048 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2009.11.12 05:43:16 | 000,894,544 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2009.10.12 13:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.07.14 00:15:34 | 000,730,264 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\ksupmgr.exe -- (ksupmgr) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.12.19 11:18:42 | 000,405,504 | ---- | M] (BAUM Retec AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\BAUM Retec\BrailleServer\1.0\BralMiniSrv_Service.exe -- (BralMiniServer Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.29 20:09:14 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2010.09.29 20:09:14 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2010.02.08 00:41:48 | 000,038,512 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFEHashRIPEMD.sys -- (FreeOTFEHashRIPEMD) DRV:64bit: - [2010.02.08 00:41:48 | 000,035,440 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherTwofish_ltc.sys -- (FreeOTFECypherTwofish_ltc) DRV:64bit: - [2010.02.08 00:41:48 | 000,034,928 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFEHashWhirlpool.sys -- (FreeOTFEHashWhirlpool) DRV:64bit: - [2010.02.08 00:41:48 | 000,029,296 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFEHashSHA.sys -- (FreeOTFEHashSHA) DRV:64bit: - [2010.02.08 00:41:48 | 000,026,224 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFEHashTiger.sys -- (FreeOTFEHashTiger) DRV:64bit: - [2010.02.08 00:41:48 | 000,022,640 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFEHashMD.sys -- (FreeOTFEHashMD) DRV:64bit: - [2010.02.08 00:41:46 | 000,060,016 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherDES.sys -- (FreeOTFECypherDES) DRV:64bit: - [2010.02.08 00:41:46 | 000,035,952 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherSerpent_Gladman.sys -- (FreeOTFECypherSerpent_Gladman) DRV:64bit: - [2010.02.08 00:41:46 | 000,034,928 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherCAST6_Gladman.sys -- (FreeOTFECypherCAST6_Gladman) DRV:64bit: - [2010.02.08 00:41:46 | 000,030,832 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherMARS_Gladman.sys -- (FreeOTFECypherMARS_Gladman) DRV:64bit: - [2010.02.08 00:41:46 | 000,029,296 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherRC6_ltc.sys -- (FreeOTFECypherRC6_ltc) DRV:64bit: - [2010.02.08 00:41:44 | 000,050,800 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherAES_ltc.sys -- (FreeOTFECypherAES_ltc) DRV:64bit: - [2010.02.08 00:41:44 | 000,038,512 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFE.sys -- (FreeOTFE) DRV:64bit: - [2010.02.08 00:41:44 | 000,034,928 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherCAST5.sys -- (FreeOTFECypherCAST5) DRV:64bit: - [2010.02.08 00:41:44 | 000,027,760 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherBlowfish.sys -- (FreeOTFECypherBlowfish) DRV:64bit: - [2010.01.22 20:58:24 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport) DRV:64bit: - [2010.01.22 20:58:22 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2010.01.22 20:58:20 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2010.01.22 20:58:16 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2010.01.22 20:58:16 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2010.01.22 20:00:44 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2010.01.22 16:13:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2010.01.22 16:12:58 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2010.01.22 16:12:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2010.01.20 00:12:00 | 000,045,648 | ---- | M] (BAUM RETEC AG) [Kernel | System | Running] -- C:\Windows\SysNative\CbrVidA.sys -- (CbrVidA) DRV:64bit: - [2010.01.08 11:33:13 | 000,251,488 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2010.01.08 11:33:11 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) DRV:64bit: - [2010.01.08 11:33:10 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2010.01.08 11:33:01 | 000,257,120 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2009.12.08 22:23:57 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2009.10.23 12:19:20 | 000,043,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JulaWDM.sys -- (JulaWDM.sys) DRV:64bit: - [2009.10.23 12:19:18 | 000,058,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Jula.sys -- (Jula.sys) DRV:64bit: - [2009.10.07 19:26:24 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.09.24 00:01:24 | 006,175,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.09.17 14:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64) DRV:64bit: - [2008.05.16 10:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm) DRV:64bit: - [2008.05.16 10:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) DRV:64bit: - [2008.05.16 10:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2008.05.16 10:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex) DRV:64bit: - [2008.05.16 10:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) DRV:64bit: - [2008.05.16 10:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl) DRV:64bit: - [2008.05.16 10:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) DRV:64bit: - [2007.07.24 03:53:04 | 000,125,992 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PnP680r.sys -- (Pnp680r) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.10.12 13:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.03.19 16:14:52 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\BurnInTest\DirectIo.sys -- (DIRECTIO) DRV - [2006.01.13 14:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\vd_filedisk.sys -- (VD_FileDisk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 39 96 E8 B5 8D F7 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5 FF - prefs.js..extensions.enabledItems: {ca8b7b3d-b6e6-438f-b935-601b3de48d66}:1.1.6 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.6 FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.1.3 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:3.3 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Antestor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.10 12:22:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.10 12:22:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.10.17 21:18:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.12.11 18:05:28 | 000,000,000 | ---D | M] [2010.01.19 22:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antestor\AppData\Roaming\mozilla\Extensions [2010.01.19 22:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antestor\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.11.11 20:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions [2011.04.04 20:13:21 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.11 15:57:36 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} [2011.09.02 17:57:53 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2010.03.20 12:21:56 | 000,000,000 | ---D | M] (Firefox Throttle) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66} [2010.05.07 17:00:07 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2011.06.24 20:12:41 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\firebug@software.joehewitt.com [2011.01.29 15:23:56 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\firefox@tvunetworks.com [2011.11.11 15:57:39 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\foxyproxy@eric.h.jung [2010.12.11 18:22:47 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\vshare@toolbar [2010.01.16 14:01:19 | 000,001,340 | ---- | M] () -- C:\Users\Antestor\AppData\Roaming\Mozilla\Firefox\Profiles\yu5646sy.default\searchplugins\wikipedia-en.xml [2009.11.08 15:16:44 | 000,004,153 | ---- | M] () -- C:\Users\Antestor\AppData\Roaming\Mozilla\Firefox\Profiles\yu5646sy.default\searchplugins\youtube.xml [2011.11.10 22:39:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.05.08 19:47:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.20 17:13:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.12.24 15:19:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.04.11 19:17:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.07.07 14:19:09 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES (X86)\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION [2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009.11.08 16:49:41 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2011.08.17 17:54:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.08.17 17:54:06 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.05.26 18:51:58 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2011.08.17 17:54:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.17 17:54:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.08.17 17:54:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [Cobra_chkRDP] C:\Program Files (x86)\BAUM Retec\COBRA\9.0\RegSetCobraRDP.exe (BAUM Retec AG) O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project) O4:64bit: - HKLM..\Run: [JulaPAN.exe] C:\Windows\SysNative\JulaPAN.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ati\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.) O4 - HKCU..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software) O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found O4 - HKCU..\Run: [SansaDispatch] C:\Users\Antestor\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0 O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( ) O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( ) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{528444C3-B76C-451D-B0D4-89528EEC3FF0}: NameServer = 80.254.79.157 80.254.77.39 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2579BE8-B389-4030-9D62-31B2CEDC2CE7}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\cdo - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {6979AAD7-86EE-481F-B591-152A33E86ECB} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {6979AAD7-86EE-481F-B591-152A33E86ECB} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.07.02 10:39:37 | 000,000,000 | ---D | M] - E:\auto -- [ NTFS ] O32 - AutoRun File - [2008.08.22 06:57:52 | 000,230,728 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - S:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.05.30 07:54:04 | 000,000,047 | R--- | M] () - S:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{461de88b-cbf0-11de-bb5b-001d60763add}\Shell - "" = AutoRun O33 - MountPoints2\{461de88b-cbf0-11de-bb5b-001d60763add}\Shell\AutoRun\command - "" = S:\autorun.exe -- [2008.08.22 06:57:52 | 000,230,728 | R--- | M] (Konami Digital Entertainment Co., Ltd.) O33 - MountPoints2\{7bcf7ce0-cbe8-11de-8ba3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7bcf7ce0-cbe8-11de-8ba3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\Assetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {1E41233D-FEC5-F818-6F11-87D34A06FBA2} - Browser Customizations ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2DA739F5-B89A-4961-E003-578BE113FBDF} - Browser Customizations ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8E2CC5F7-DD51-14A1-A16F-FF3624BFA4CA} - Browser Customizations ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.ac3filter - ac3filter64.acm () Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.) Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.11.11 16:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.11.10 19:24:51 | 000,000,000 | ---D | C] -- C:\Users\Antestor\AppData\Roaming\Malwarebytes [2011.11.10 19:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.10 19:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.10 19:23:51 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.11.10 19:23:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.11.04 18:42:13 | 000,000,000 | ---D | C] -- C:\Users\Antestor\AppData\Local\Unity [2011.06.20 20:04:11 | 000,925,696 | ---- | C] (GSpot Appliance Corp, a unit of GSp0t Heavy Industries) -- C:\Program Files (x86)\GSpot.exe [2009.11.07 23:26:50 | 003,358,808 | ---- | C] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt Setup.exe [2009.11.07 23:26:50 | 001,559,496 | ---- | C] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt Format.exe [2009.11.07 23:26:50 | 001,412,552 | ---- | C] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt.exe [2009.11.07 23:26:50 | 000,223,432 | ---- | C] (TrueCrypt Foundation) -- C:\Program Files (x86)\truecrypt.sys [2009.11.07 23:26:50 | 000,222,152 | ---- | C] (TrueCrypt Foundation) -- C:\Program Files (x86)\truecrypt-x64.sys [5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.11 20:50:17 | 000,003,862 | -H-- | M] () -- C:\NET.INI [2011.11.11 16:03:21 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.11 16:03:21 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.11 16:00:16 | 001,506,860 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.11 16:00:16 | 000,658,728 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.11 16:00:16 | 000,619,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.11 16:00:16 | 000,131,886 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.11 16:00:16 | 000,108,180 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.11 15:56:17 | 000,000,146 | ---- | M] () -- C:\Windows\SysWow64\swctl.dll [2011.11.11 15:55:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.11 15:55:38 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys [2011.11.10 12:33:39 | 000,000,000 | ---- | M] () -- C:\Users\Antestor\defogger_reenable [2011.11.09 19:55:36 | 003,234,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.11.03 19:16:45 | 000,002,034 | -H-- | M] () -- C:\Users\Antestor\Documents\Default.rdp [2011.11.03 19:12:49 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\DisplayFusion.lnk [5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.10 12:33:39 | 000,000,000 | ---- | C] () -- C:\Users\Antestor\defogger_reenable [2011.10.17 21:18:04 | 000,002,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2011.07.17 10:44:49 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.07.17 10:44:14 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe [2011.07.17 10:43:16 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.07.17 10:43:16 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.01.15 22:37:27 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll [2011.01.15 22:37:27 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat [2010.11.21 13:54:32 | 000,695,642 | ---- | C] () -- C:\Windows\unins000.exe [2010.11.21 13:54:32 | 000,011,205 | ---- | C] () -- C:\Windows\unins000.dat [2010.07.09 21:26:52 | 000,017,408 | ---- | C] () -- C:\Users\Antestor\AppData\Local\WebpageIcons.db [2010.06.05 01:46:32 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.04.10 19:29:47 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys [2010.04.10 19:27:45 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg [2010.04.10 19:27:44 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe [2010.03.29 22:22:23 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2010.03.26 20:55:32 | 000,730,264 | ---- | C] () -- C:\Windows\SysWow64\ksupmgr.exe [2010.03.26 20:55:28 | 000,041,912 | ---- | C] () -- C:\Windows\SysWow64\drivers\ccinj64.sys [2010.03.26 20:55:28 | 000,009,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\mchccinj.sys [2010.01.30 19:59:58 | 001,048,576 | ---- | C] () -- C:\Windows\SysWow64\BCLIENT.DLL [2010.01.29 19:13:58 | 000,000,480 | ---- | C] () -- C:\Windows\SysWow64\setup.dat [2010.01.29 19:13:58 | 000,000,092 | ---- | C] () -- C:\Windows\SysWow64\lock.dat [2010.01.29 19:11:56 | 000,227,840 | R--- | C] () -- C:\Windows\SysWow64\SVTOOLS.DLL [2009.12.16 20:25:29 | 000,009,216 | ---- | C] () -- C:\Users\Antestor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.12.16 20:18:24 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2009.11.27 22:40:58 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2009.11.13 20:54:32 | 000,285,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsio.sys [2009.11.13 20:54:32 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsreged.sys [2009.11.08 17:14:06 | 007,035,645 | ---- | C] () -- C:\Windows\SysWow64\httpsurl.dat [2009.11.08 17:14:06 | 000,059,671 | ---- | C] () -- C:\Windows\SysWow64\httpuurl.dat [2009.11.08 17:14:06 | 000,001,548 | ---- | C] () -- C:\Windows\SysWow64\nogoapp.dat [2009.11.08 17:14:06 | 000,000,146 | ---- | C] () -- C:\Windows\SysWow64\swctl.dll [2009.11.08 17:14:06 | 000,000,145 | -H-- | C] () -- C:\Windows\SysWow64\CTLSW.INI [2009.11.08 17:14:04 | 000,000,050 | ---- | C] () -- C:\Windows\SysWow64\ccwt64.dat [2009.11.08 17:14:03 | 000,000,590 | ---- | C] () -- C:\Windows\SysWow64\nochook.ini [2009.11.08 15:02:18 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.11.08 14:44:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.11.08 00:48:50 | 000,092,704 | ---- | C] () -- C:\Windows\SysWow64\JulaASIO32.dll [2009.11.07 23:26:50 | 001,066,371 | ---- | C] () -- C:\Program Files (x86)\TrueCrypt User Guide.pdf [2009.11.07 22:59:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2006.10.11 04:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2002.06.11 10:23:34 | 000,046,080 | R--- | C] () -- C:\Windows\SysWow64\BSYSTEM.DLL ========== LOP Check ========== [2010.01.08 11:44:50 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Acronis [2010.05.15 17:07:10 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Amazon [2010.01.03 22:35:39 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Artisteer [2009.11.20 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Ashampoo [2010.05.12 21:23:57 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\BAUM Retec [2011.11.03 19:16:55 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\DisplayFusion [2011.02.19 13:26:41 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers [2010.03.06 17:34:26 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Filter Forge [2011.02.18 21:40:37 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Filter Forge 2 [2009.11.08 16:50:10 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Foxit [2010.05.02 09:03:04 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Foxit Software [2011.11.11 20:49:35 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Free Download Manager [2010.04.16 23:56:34 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\FreeStone Group [2011.06.14 22:38:23 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\GHISLER [2011.01.10 20:20:29 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Gutscheinmieze [2010.01.16 15:58:04 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\HEXelon [2011.06.14 22:38:23 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\IrfanView [2011.06.14 22:38:23 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\KeePass [2011.03.26 22:00:42 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\MAGIX [2010.09.26 12:04:57 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Miranda [2009.11.25 21:49:44 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Notepad++ [2009.11.29 18:08:00 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Opera [2009.11.15 16:12:50 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Pantone [2010.12.11 17:38:18 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\PPLive [2010.11.25 22:53:38 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\REAPER [2011.09.19 18:13:41 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\SanDisk [2010.12.23 00:02:53 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Smartelectronix [2011.01.15 23:22:02 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Steinberg [2009.12.03 19:26:19 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Sync App Settings [2011.02.11 21:53:06 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\TeamViewer [2010.01.19 22:02:43 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Thunderbird [2010.09.18 10:42:38 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\TrueCrypt [2011.08.22 20:46:38 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Voxengo [2010.10.09 20:29:10 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\VST3 Presets [2011.03.26 23:25:55 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Yellow Tools [2010.05.26 22:31:13 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Youtube Downloader HD [2011.10.24 06:48:03 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.01.08 11:44:50 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Acronis [2011.07.25 18:51:15 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Adobe [2010.05.15 17:07:10 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Amazon [2010.01.03 22:35:39 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Artisteer [2009.11.20 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Ashampoo [2009.11.08 17:46:42 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\ATI [2010.05.12 21:23:57 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\BAUM Retec [2009.11.09 19:19:59 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Corel [2011.11.03 19:16:55 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\DisplayFusion [2011.06.12 16:45:29 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Download Manager [2011.11.07 20:27:02 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\dvdcss [2011.02.19 13:26:41 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers [2010.03.06 17:34:26 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Filter Forge [2011.02.18 21:40:37 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Filter Forge 2 [2009.11.08 16:50:10 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Foxit [2010.05.02 09:03:04 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Foxit Software [2011.11.11 20:49:35 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Free Download Manager [2010.04.16 23:56:34 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\FreeStone Group [2011.06.14 22:38:23 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\GHISLER [2011.01.10 20:20:29 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Gutscheinmieze [2010.01.16 15:58:04 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\HEXelon [2009.11.07 23:06:48 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Identities [2011.01.15 22:31:07 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\InstallShield [2011.06.14 22:38:23 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\IrfanView [2011.06.14 22:38:23 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\KeePass [2009.11.07 23:43:58 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Macromedia [2011.03.26 22:00:42 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\MAGIX [2011.11.10 19:24:51 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Malwarebytes [2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Media Center Programs [2011.07.13 18:28:06 | 000,000,000 | --SD | M] -- C:\Users\Antestor\AppData\Roaming\Microsoft [2010.09.26 12:04:57 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Miranda [2009.11.08 14:44:08 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Mozilla [2009.11.25 21:49:44 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Notepad++ [2009.11.29 18:08:00 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Opera [2009.11.15 16:12:50 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Pantone [2010.12.11 17:38:18 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\PPLive [2011.06.30 18:41:32 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Real [2010.11.25 22:53:38 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\REAPER [2011.09.19 18:13:41 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\SanDisk [2010.12.23 00:02:53 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Smartelectronix [2011.01.15 23:22:02 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Steinberg [2009.12.03 19:26:19 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Sync App Settings [2009.11.08 14:44:13 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Talkback [2011.02.11 21:53:06 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\TeamViewer [2010.01.19 22:02:43 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Thunderbird [2010.09.18 10:42:38 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\TrueCrypt [2010.03.28 15:57:24 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Vidalia [2011.11.07 21:43:18 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\vlc [2011.10.22 18:26:40 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\VMware [2011.08.22 20:46:38 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Voxengo [2010.10.09 20:29:10 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\VST3 Presets [2011.10.26 18:04:17 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Winamp [2010.01.03 23:29:49 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\WinRAR [2011.03.26 23:25:55 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Yellow Tools [2010.05.26 22:31:13 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Youtube Downloader HD < %APPDATA%\*.exe /s > [2011.11.03 19:12:42 | 002,252,480 | ---- | M] (Binary Fortress Software ) -- C:\Users\Antestor\AppData\Roaming\DisplayFusion\DisplayFusionSetup.exe [2010.03.30 19:05:01 | 035,582,488 | ---- | M] (Filter Forge, Inc. ) -- C:\Users\Antestor\AppData\Roaming\Filter Forge 2\Updates\Filter Forge 1.020 Setup.exe [2010.08.10 18:12:42 | 035,951,104 | ---- | M] (Filter Forge, Inc. ) -- C:\Users\Antestor\AppData\Roaming\Filter Forge 2\Updates\Filter Forge 1.021 Setup.exe [2010.03.06 17:35:46 | 035,553,432 | ---- | M] (Filter Forge, Inc. ) -- C:\Users\Antestor\AppData\Roaming\Filter Forge 2\Updates\Filter%20Forge%201.019%20Setup.exe [2010.03.30 19:05:01 | 035,582,488 | ---- | M] (Filter Forge, Inc. ) -- C:\Users\Antestor\AppData\Roaming\Filter Forge\Updates\Filter Forge 1.020 Setup.exe [2010.08.10 18:12:42 | 035,951,104 | ---- | M] (Filter Forge, Inc. ) -- C:\Users\Antestor\AppData\Roaming\Filter Forge\Updates\Filter Forge 1.021 Setup.exe [2010.03.06 17:35:46 | 035,553,432 | ---- | M] (Filter Forge, Inc. ) -- C:\Users\Antestor\AppData\Roaming\Filter Forge\Updates\Filter%20Forge%201.019%20Setup.exe [2011.01.10 20:44:17 | 000,003,128 | R--- | M] () -- C:\Users\Antestor\AppData\Roaming\Microsoft\Installer\{147567F0-8575-4BE0-B5B3-62706C67FA5A}\ARPPRODUCTICON.exe [2011.01.10 20:45:29 | 000,339,968 | R--- | M] (Acresso Software Inc.) -- C:\Users\Antestor\AppData\Roaming\Microsoft\Installer\{5866520C-8857-4986-833A-039F4584C3F7}\ARPPRODUCTICON.exe [2011.01.10 20:45:29 | 000,339,968 | R--- | M] (Acresso Software Inc.) -- C:\Users\Antestor\AppData\Roaming\Microsoft\Installer\{5866520C-8857-4986-833A-039F4584C3F7}\Toontrack_solo.exe_192BF97F92894FC3B3234C1515C42CCD.exe [2011.01.10 20:45:29 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\Antestor\AppData\Roaming\Microsoft\Installer\{5866520C-8857-4986-833A-039F4584C3F7}\UNINST_Uninstall_T_5866520C88574986833A039F4584C3F7.exe [2011.01.10 20:38:31 | 000,003,128 | R--- | M] () -- C:\Users\Antestor\AppData\Roaming\Microsoft\Installer\{E80B34EE-F3E5-4F60-AE89-FF0D717554A2}\ARPPRODUCTICON.exe [2011.05.08 13:40:13 | 000,005,310 | R--- | M] () -- C:\Users\Antestor\AppData\Roaming\Microsoft\Installer\{EAA14B41-B8FC-4B0B-934E-B9A3D46E885D}\_5837F10B782003C074ED67.exe [2011.05.08 13:40:13 | 000,005,310 | R--- | M] () -- C:\Users\Antestor\AppData\Roaming\Microsoft\Installer\{EAA14B41-B8FC-4B0B-934E-B9A3D46E885D}\_6FEFF9B68218417F98F549.exe [2009.11.09 19:19:34 | 000,010,134 | R--- | M] () -- C:\Users\Antestor\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe [2009.11.09 19:19:34 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Antestor\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe [2009.12.06 21:46:36 | 000,847,919 | ---- | M] () -- C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BibleWorkshop\bws.exe [2010.03.18 02:51:46 | 023,995,392 | ---- | M] (Yellow Tools) -- C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\yellow tools Independence Free 2.5\Independence Free.exe [2010.12.11 18:21:46 | 009,258,944 | ---- | M] (Synacast Corp.) -- C:\Users\Antestor\AppData\Roaming\PPLive\Update\Update.exe [2011.10.20 19:28:04 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Antestor\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe [2011.10.21 14:10:44 | 026,533,840 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Antestor\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_data\RealPlayer_de.exe [2011.10.21 14:05:17 | 000,676,624 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Antestor\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_exe\RealPlayer_de.exe [2011.09.19 18:13:53 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\Antestor\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [2011.09.19 18:13:52 | 000,576,512 | ---- | M] (SanDisk Corporation) -- C:\Users\Antestor\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe [2011.09.19 18:13:53 | 000,360,328 | ---- | M] (SanDisk Corporation) -- C:\Users\Antestor\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.08.20 05:26:55 | 010,991,104 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll < End of report > |
|
14.11.2011, 13:53
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 39 96 E8 B5 8D F7 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.useDBForOrder: true
[2011.04.04 20:13:21 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
O4:64bit: - HKLM..\Run: [JulaPAN.exe] C:\Windows\SysNative\JulaPAN.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.07.02 10:39:37 | 000,000,000 | ---D | M] - E:\auto -- [ NTFS ]
O32 - AutoRun File - [2008.08.22 06:57:52 | 000,230,728 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - S:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.05.30 07:54:04 | 000,000,047 | R--- | M] () - S:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{461de88b-cbf0-11de-bb5b-001d60763add}\Shell - "" = AutoRun
O33 - MountPoints2\{461de88b-cbf0-11de-bb5b-001d60763add}\Shell\AutoRun\command - "" = S:\autorun.exe -- [2008.08.22 06:57:52 | 000,230,728 | R--- | M] (Konami Digital Entertainment Co., Ltd.)
O33 - MountPoints2\{7bcf7ce0-cbe8-11de-8ba3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7bcf7ce0-cbe8-11de-8ba3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\Assetup.exe
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.11.2011, 20:00
| #10 |
| | Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles Hi! Hab den OLT Fix gerade ausgeführt. Hier das Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename
Prefs.js: true removed from browser.search.useDBForOrder
C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\JulaPAN.exe deleted successfully.
C:\Windows\SysNative\JulaPAN.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
File move failed. S:\autorun.exe scheduled to be moved on reboot.
File move failed. S:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{461de88b-cbf0-11de-bb5b-001d60763add}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{461de88b-cbf0-11de-bb5b-001d60763add}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{461de88b-cbf0-11de-bb5b-001d60763add}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{461de88b-cbf0-11de-bb5b-001d60763add}\ not found.
File move failed. S:\autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bcf7ce0-cbe8-11de-8ba3-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bcf7ce0-cbe8-11de-8ba3-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bcf7ce0-cbe8-11de-8ba3-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bcf7ce0-cbe8-11de-8ba3-806e6f6e6963}\ not found.
File D:\Bin\Assetup.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Antestor
->Temp folder emptied: 15115370 bytes
->Temporary Internet Files folder emptied: 3708632976 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 111309182 bytes
->Opera cache emptied: 525472 bytes
->Flash cache emptied: 9810 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 2544640 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15150074 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66818 bytes
RecycleBin emptied: 21311780809 bytes
Total Files Cleaned = 23.999,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 11152011_195336
Files\Folders moved on Reboot...
File move failed. S:\autorun.exe scheduled to be moved on reboot.
File move failed. S:\Autorun.inf scheduled to be moved on reboot.
C:\Users\Antestor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2088.log moved successfully.
Registry entries deleted on Reboot...
Das ist mein DVD-Laufwerk in der sich seit je her die Original Pro Evo DVD befindet... ABER: Leider fehlt jetzt in der Taskleiste das Control-Panel für meine Juli@-Soundkarte (Das war wohl das Julapan.exe). Krieg ich das irgendwie wieder? Viele Grüße Antestor |
|
15.11.2011, 20:34
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles Gehört das zur Soundkarte? Wie ich schon schrieb: Zitat:
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.11.2011, 21:05
| #12 | |
| | Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> LogfilesZitat:
Hier ist der TDSS Log: Code:
ATTFilter 21:01:50.0859 6056 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
21:01:51.0112 6056 ============================================================
21:01:51.0112 6056 Current date / time: 2011/11/15 21:01:51.0112
21:01:51.0112 6056 SystemInfo:
21:01:51.0112 6056
21:01:51.0112 6056 OS Version: 6.1.7601 ServicePack: 1.0
21:01:51.0112 6056 Product type: Workstation
21:01:51.0112 6056 ComputerName: GRAMHEIM-PC
21:01:51.0112 6056 UserName: Antestor
21:01:51.0113 6056 Windows directory: C:\Windows
21:01:51.0113 6056 System windows directory: C:\Windows
21:01:51.0113 6056 Running under WOW64
21:01:51.0113 6056 Processor architecture: Intel x64
21:01:51.0113 6056 Number of processors: 2
21:01:51.0113 6056 Page size: 0x1000
21:01:51.0113 6056 Boot type: Normal boot
21:01:51.0113 6056 ============================================================
21:01:52.0103 6056 Initialize success
21:02:26.0399 5544 ============================================================
21:02:26.0399 5544 Scan started
21:02:26.0399 5544 Mode: Manual; SigCheck; TDLFS;
21:02:26.0399 5544 ============================================================
21:02:26.0950 5544 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:02:27.0045 5544 1394ohci - ok
21:02:27.0101 5544 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:02:27.0120 5544 ACPI - ok
21:02:27.0153 5544 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:02:27.0179 5544 AcpiPmi - ok
21:02:27.0244 5544 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:02:27.0272 5544 adp94xx - ok
21:02:27.0303 5544 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:02:27.0326 5544 adpahci - ok
21:02:27.0345 5544 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:02:27.0364 5544 adpu320 - ok
21:02:27.0417 5544 afcdp (3f5fdc12ffa4794fc3a178a26d48e7cf) C:\Windows\system32\DRIVERS\afcdp.sys
21:02:27.0473 5544 afcdp - ok
21:02:27.0528 5544 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:02:27.0560 5544 AFD - ok
21:02:27.0588 5544 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:02:27.0605 5544 agp440 - ok
21:02:27.0625 5544 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:02:27.0639 5544 aliide - ok
21:02:27.0653 5544 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:02:27.0669 5544 amdide - ok
21:02:27.0703 5544 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:02:27.0732 5544 AmdK8 - ok
21:02:27.0743 5544 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:02:27.0776 5544 AmdPPM - ok
21:02:27.0804 5544 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:02:27.0822 5544 amdsata - ok
21:02:27.0870 5544 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:02:27.0890 5544 amdsbs - ok
21:02:27.0924 5544 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:02:27.0935 5544 amdxata - ok
21:02:28.0017 5544 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:02:28.0058 5544 AppID - ok
21:02:28.0076 5544 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:02:28.0094 5544 arc - ok
21:02:28.0106 5544 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:02:28.0126 5544 arcsas - ok
21:02:28.0144 5544 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:02:28.0182 5544 AsyncMac - ok
21:02:28.0200 5544 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:02:28.0210 5544 atapi - ok
21:02:28.0283 5544 ATICDSDr - ok
21:02:28.0467 5544 atikmdag (2263eafcf5add181b7fd47b78ae6d3e3) C:\Windows\system32\DRIVERS\atikmdag.sys
21:02:28.0673 5544 atikmdag - ok
21:02:28.0708 5544 avgntflt (c30b5fc0adcdfba7668e99baf0cbf58e) C:\Windows\system32\DRIVERS\avgntflt.sys
21:02:28.0717 5544 avgntflt - ok
21:02:28.0761 5544 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:02:28.0797 5544 b06bdrv - ok
21:02:28.0822 5544 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:02:28.0847 5544 b57nd60a - ok
21:02:28.0870 5544 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:02:28.0919 5544 Beep - ok
21:02:28.0960 5544 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:02:28.0977 5544 blbdrive - ok
21:02:29.0027 5544 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:02:29.0040 5544 bowser - ok
21:02:29.0080 5544 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:02:29.0098 5544 BrFiltLo - ok
21:02:29.0113 5544 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:02:29.0131 5544 BrFiltUp - ok
21:02:29.0156 5544 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:02:29.0202 5544 Brserid - ok
21:02:29.0272 5544 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:02:29.0291 5544 BrSerWdm - ok
21:02:29.0301 5544 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:02:29.0333 5544 BrUsbMdm - ok
21:02:29.0344 5544 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:02:29.0361 5544 BrUsbSer - ok
21:02:29.0380 5544 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:02:29.0401 5544 BTHMODEM - ok
21:02:29.0448 5544 CbrVidA (c897371658d6ca7a68c8dcd539bdfe65) C:\Windows\system32\CbrVidA.sys
21:02:29.0461 5544 CbrVidA - ok
21:02:29.0478 5544 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:02:29.0535 5544 cdfs - ok
21:02:29.0580 5544 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:02:29.0601 5544 cdrom - ok
21:02:29.0621 5544 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:02:29.0654 5544 circlass - ok
21:02:29.0689 5544 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:02:29.0706 5544 CLFS - ok
21:02:29.0743 5544 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:02:29.0759 5544 CmBatt - ok
21:02:29.0790 5544 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:02:29.0805 5544 cmdide - ok
21:02:29.0848 5544 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:02:29.0874 5544 CNG - ok
21:02:29.0895 5544 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:02:29.0910 5544 Compbatt - ok
21:02:29.0947 5544 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:02:29.0981 5544 CompositeBus - ok
21:02:30.0040 5544 cpuz130 - ok
21:02:30.0061 5544 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:02:30.0076 5544 crcdisk - ok
21:02:30.0140 5544 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:02:30.0188 5544 DfsC - ok
21:02:30.0267 5544 DIRECTIO (a17c403c4b74d4fa920c3887066daeb2) C:\Program Files (x86)\BurnInTest\DirectIo.sys
21:02:30.0278 5544 DIRECTIO - ok
21:02:30.0297 5544 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:02:30.0338 5544 discache - ok
21:02:30.0388 5544 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:02:30.0399 5544 Disk - ok
21:02:30.0501 5544 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:02:30.0519 5544 drmkaud - ok
21:02:30.0563 5544 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:02:30.0610 5544 DXGKrnl - ok
21:02:30.0702 5544 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:02:30.0834 5544 ebdrv - ok
21:02:30.0884 5544 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:02:30.0897 5544 ElbyCDIO - ok
21:02:30.0932 5544 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:02:30.0961 5544 elxstor - ok
21:02:30.0993 5544 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
21:02:31.0004 5544 ENTECH64 - ok
21:02:31.0043 5544 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:02:31.0059 5544 ErrDev - ok
21:02:31.0094 5544 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:02:31.0140 5544 exfat - ok
21:02:31.0162 5544 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:02:31.0203 5544 fastfat - ok
21:02:31.0227 5544 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:02:31.0244 5544 fdc - ok
21:02:31.0275 5544 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:02:31.0286 5544 FileInfo - ok
21:02:31.0306 5544 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:02:31.0359 5544 Filetrace - ok
21:02:31.0405 5544 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:02:31.0422 5544 flpydisk - ok
21:02:31.0460 5544 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:02:31.0476 5544 FltMgr - ok
21:02:31.0524 5544 FreeOTFE (72b73acd5f7f3a368a80fec70d5b0d8c) C:\Windows\System32\FreeOTFE.sys
21:02:31.0534 5544 FreeOTFE ( UnsignedFile.Multi.Generic ) - warning
21:02:31.0534 5544 FreeOTFE - detected UnsignedFile.Multi.Generic (1)
21:02:31.0559 5544 FreeOTFECypherAES_ltc (63b156e752252742f291c15e46575a28) C:\Windows\System32\FreeOTFECypherAES_ltc.sys
21:02:31.0582 5544 FreeOTFECypherAES_ltc ( UnsignedFile.Multi.Generic ) - warning
21:02:31.0582 5544 FreeOTFECypherAES_ltc - detected UnsignedFile.Multi.Generic (1)
21:02:31.0603 5544 FreeOTFECypherBlowfish (7e3d01e3b16ed8aad2dfe75fa01efab2) C:\Windows\System32\FreeOTFECypherBlowfish.sys
21:02:31.0625 5544 FreeOTFECypherBlowfish ( UnsignedFile.Multi.Generic ) - warning
21:02:31.0625 5544 FreeOTFECypherBlowfish - detected UnsignedFile.Multi.Generic (1)
21:02:31.0651 5544 FreeOTFECypherCAST5 (c3984a51bbd900dd745ddfd520a44ce4) C:\Windows\System32\FreeOTFECypherCAST5.sys
21:02:31.0671 5544 FreeOTFECypherCAST5 ( UnsignedFile.Multi.Generic ) - warning
21:02:31.0671 5544 FreeOTFECypherCAST5 - detected UnsignedFile.Multi.Generic (1)
21:02:31.0749 5544 FreeOTFECypherCAST6_Gladman (3859d1952fab7ca303fb1e1dfb2c72e5) C:\Windows\System32\FreeOTFECypherCAST6_Gladman.sys
21:02:31.0761 5544 FreeOTFECypherCAST6_Gladman ( UnsignedFile.Multi.Generic ) - warning
21:02:31.0761 5544 FreeOTFECypherCAST6_Gladman - detected UnsignedFile.Multi.Generic (1)
21:02:31.0788 5544 FreeOTFECypherDES (9b560d25ad5b12e0c23c7ab0c6c6fe65) C:\Windows\System32\FreeOTFECypherDES.sys
21:02:31.0808 5544 FreeOTFECypherDES ( UnsignedFile.Multi.Generic ) - warning
21:02:31.0808 5544 FreeOTFECypherDES - detected UnsignedFile.Multi.Generic (1)
21:02:31.0834 5544 FreeOTFECypherMARS_Gladman (21fd0076acbe45cf5f2f6ace47f2911b) C:\Windows\System32\FreeOTFECypherMARS_Gladman.sys
21:02:31.0857 5544 FreeOTFECypherMARS_Gladman ( UnsignedFile.Multi.Generic ) - warning
21:02:31.0857 5544 FreeOTFECypherMARS_Gladman - detected UnsignedFile.Multi.Generic (1)
21:02:31.0898 5544 FreeOTFECypherRC6_ltc (2430e45ef1439aab0e896437aaa1c685) C:\Windows\System32\FreeOTFECypherRC6_ltc.sys
21:02:31.0907 5544 FreeOTFECypherRC6_ltc ( UnsignedFile.Multi.Generic ) - warning
21:02:31.0907 5544 FreeOTFECypherRC6_ltc - detected UnsignedFile.Multi.Generic (1)
21:02:31.0929 5544 FreeOTFECypherSerpent_Gladman (ed7382fd681ca9ea81494595527de21d) C:\Windows\System32\FreeOTFECypherSerpent_Gladman.sys
21:02:31.0953 5544 FreeOTFECypherSerpent_Gladman ( UnsignedFile.Multi.Generic ) - warning
21:02:31.0953 5544 FreeOTFECypherSerpent_Gladman - detected UnsignedFile.Multi.Generic (1)
21:02:31.0975 5544 FreeOTFECypherTwofish_ltc (1b00b0d5ccd4e7270d145b53612584c3) C:\Windows\System32\FreeOTFECypherTwofish_ltc.sys
21:02:31.0986 5544 FreeOTFECypherTwofish_ltc ( UnsignedFile.Multi.Generic ) - warning
21:02:31.0986 5544 FreeOTFECypherTwofish_ltc - detected UnsignedFile.Multi.Generic (1)
21:02:31.0999 5544 FreeOTFEHashMD (6ce7f52fc992f747ab9d68611198af1d) C:\Windows\System32\FreeOTFEHashMD.sys
21:02:32.0007 5544 FreeOTFEHashMD ( UnsignedFile.Multi.Generic ) - warning
21:02:32.0007 5544 FreeOTFEHashMD - detected UnsignedFile.Multi.Generic (1)
21:02:32.0021 5544 FreeOTFEHashRIPEMD (4d5026914bb47a035fb552511b9cda59) C:\Windows\System32\FreeOTFEHashRIPEMD.sys
21:02:32.0040 5544 FreeOTFEHashRIPEMD ( UnsignedFile.Multi.Generic ) - warning
21:02:32.0040 5544 FreeOTFEHashRIPEMD - detected UnsignedFile.Multi.Generic (1)
21:02:32.0078 5544 FreeOTFEHashSHA (e560a1733f4cf2d626f46dae71522df9) C:\Windows\System32\FreeOTFEHashSHA.sys
21:02:32.0096 5544 FreeOTFEHashSHA ( UnsignedFile.Multi.Generic ) - warning
21:02:32.0096 5544 FreeOTFEHashSHA - detected UnsignedFile.Multi.Generic (1)
21:02:32.0117 5544 FreeOTFEHashTiger (c28cccc8556f5a675f186565946b27ca) C:\Windows\System32\FreeOTFEHashTiger.sys
21:02:32.0126 5544 FreeOTFEHashTiger ( UnsignedFile.Multi.Generic ) - warning
21:02:32.0126 5544 FreeOTFEHashTiger - detected UnsignedFile.Multi.Generic (1)
21:02:32.0164 5544 FreeOTFEHashWhirlpool (590531108e8cc5ac5b23a1acf0247a14) C:\Windows\System32\FreeOTFEHashWhirlpool.sys
21:02:32.0174 5544 FreeOTFEHashWhirlpool ( UnsignedFile.Multi.Generic ) - warning
21:02:32.0174 5544 FreeOTFEHashWhirlpool - detected UnsignedFile.Multi.Generic (1)
21:02:32.0216 5544 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:02:32.0232 5544 FsDepends - ok
21:02:32.0253 5544 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:02:32.0267 5544 Fs_Rec - ok
21:02:32.0316 5544 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:02:32.0333 5544 fvevol - ok
21:02:32.0360 5544 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:02:32.0376 5544 gagp30kx - ok
21:02:32.0408 5544 ggflt (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
21:02:32.0419 5544 ggflt - ok
21:02:32.0444 5544 ggsemc (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
21:02:32.0455 5544 ggsemc - ok
21:02:32.0501 5544 hcmon (b93b24f258441820e575c7983ba47313) C:\Windows\system32\drivers\hcmon.sys
21:02:32.0513 5544 hcmon - ok
21:02:32.0530 5544 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:02:32.0554 5544 hcw85cir - ok
21:02:32.0604 5544 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:02:32.0634 5544 HdAudAddService - ok
21:02:32.0674 5544 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:02:32.0691 5544 HDAudBus - ok
21:02:32.0714 5544 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:02:32.0731 5544 HidBatt - ok
21:02:32.0743 5544 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:02:32.0776 5544 HidBth - ok
21:02:32.0788 5544 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:02:32.0808 5544 HidIr - ok
21:02:32.0852 5544 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:02:32.0869 5544 HidUsb - ok
21:02:32.0903 5544 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:02:32.0920 5544 HpSAMD - ok
21:02:33.0017 5544 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:02:33.0086 5544 HTTP - ok
21:02:33.0137 5544 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:02:33.0148 5544 hwpolicy - ok
21:02:33.0184 5544 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:02:33.0205 5544 i8042prt - ok
21:02:33.0252 5544 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:02:33.0279 5544 iaStorV - ok
21:02:33.0302 5544 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:02:33.0318 5544 iirsp - ok
21:02:33.0338 5544 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:02:33.0349 5544 intelide - ok
21:02:33.0376 5544 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:02:33.0390 5544 intelppm - ok
21:02:33.0431 5544 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:02:33.0474 5544 IpFilterDriver - ok
21:02:33.0508 5544 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:02:33.0527 5544 IPMIDRV - ok
21:02:33.0549 5544 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:02:33.0593 5544 IPNAT - ok
21:02:33.0619 5544 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:02:33.0640 5544 IRENUM - ok
21:02:33.0657 5544 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:02:33.0672 5544 isapnp - ok
21:02:33.0695 5544 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:02:33.0721 5544 iScsiPrt - ok
21:02:33.0758 5544 JRAID (6ebe4832b1a7c063fdf87035afc1e3dc) C:\Windows\system32\DRIVERS\jraid.sys
21:02:33.0767 5544 JRAID - ok
21:02:33.0792 5544 Jula.sys (931fe3a27c44b2be0064364004815f04) C:\Windows\system32\DRIVERS\Jula.sys
21:02:33.0805 5544 Jula.sys - ok
21:02:33.0838 5544 JulaWDM.sys (93e40d108351c25fd4e2ea02aed07cbf) C:\Windows\system32\DRIVERS\JulaWDM.sys
21:02:33.0849 5544 JulaWDM.sys - ok
21:02:33.0895 5544 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:02:33.0911 5544 kbdclass - ok
21:02:33.0935 5544 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:02:33.0962 5544 kbdhid - ok
21:02:33.0987 5544 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:02:33.0999 5544 KSecDD - ok
21:02:34.0037 5544 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:02:34.0051 5544 KSecPkg - ok
21:02:34.0068 5544 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:02:34.0109 5544 ksthunk - ok
21:02:34.0161 5544 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:02:34.0218 5544 lltdio - ok
21:02:34.0276 5544 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:02:34.0294 5544 LSI_FC - ok
21:02:34.0306 5544 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:02:34.0323 5544 LSI_SAS - ok
21:02:34.0342 5544 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:02:34.0358 5544 LSI_SAS2 - ok
21:02:34.0371 5544 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:02:34.0389 5544 LSI_SCSI - ok
21:02:34.0409 5544 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:02:34.0449 5544 luafv - ok
21:02:34.0491 5544 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
21:02:34.0501 5544 MBAMProtector - ok
21:02:34.0523 5544 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:02:34.0539 5544 megasas - ok
21:02:34.0565 5544 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:02:34.0588 5544 MegaSR - ok
21:02:34.0615 5544 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:02:34.0657 5544 Modem - ok
21:02:34.0676 5544 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:02:34.0692 5544 monitor - ok
21:02:34.0728 5544 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:02:34.0745 5544 mouclass - ok
21:02:34.0769 5544 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:02:34.0788 5544 mouhid - ok
21:02:34.0820 5544 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:02:34.0832 5544 mountmgr - ok
21:02:34.0868 5544 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:02:34.0889 5544 mpio - ok
21:02:34.0905 5544 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:02:34.0948 5544 mpsdrv - ok
21:02:34.0988 5544 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:02:35.0014 5544 MRxDAV - ok
21:02:35.0044 5544 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:02:35.0059 5544 mrxsmb - ok
21:02:35.0099 5544 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:02:35.0115 5544 mrxsmb10 - ok
21:02:35.0136 5544 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:02:35.0150 5544 mrxsmb20 - ok
21:02:35.0182 5544 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:02:35.0196 5544 msahci - ok
21:02:35.0220 5544 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:02:35.0239 5544 msdsm - ok
21:02:35.0264 5544 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:02:35.0310 5544 Msfs - ok
21:02:35.0343 5544 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:02:35.0383 5544 mshidkmdf - ok
21:02:35.0413 5544 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:02:35.0424 5544 msisadrv - ok
21:02:35.0453 5544 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:02:35.0494 5544 MSKSSRV - ok
21:02:35.0510 5544 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:02:35.0564 5544 MSPCLOCK - ok
21:02:35.0587 5544 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:02:35.0641 5544 MSPQM - ok
21:02:35.0684 5544 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:02:35.0702 5544 MsRPC - ok
21:02:35.0725 5544 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:02:35.0736 5544 mssmbios - ok
21:02:35.0746 5544 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:02:35.0787 5544 MSTEE - ok
21:02:35.0803 5544 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:02:35.0820 5544 MTConfig - ok
21:02:35.0850 5544 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
21:02:35.0868 5544 MTsensor - ok
21:02:35.0894 5544 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:02:35.0906 5544 Mup - ok
21:02:35.0944 5544 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:02:35.0976 5544 NativeWifiP - ok
21:02:36.0044 5544 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:02:36.0088 5544 NDIS - ok
21:02:36.0115 5544 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:02:36.0166 5544 NdisCap - ok
21:02:36.0192 5544 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:02:36.0234 5544 NdisTapi - ok
21:02:36.0270 5544 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:02:36.0312 5544 Ndisuio - ok
21:02:36.0351 5544 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:02:36.0396 5544 NdisWan - ok
21:02:36.0435 5544 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:02:36.0477 5544 NDProxy - ok
21:02:36.0512 5544 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:02:36.0563 5544 NetBIOS - ok
21:02:36.0595 5544 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:02:36.0642 5544 NetBT - ok
21:02:36.0686 5544 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:02:36.0702 5544 nfrd960 - ok
21:02:36.0729 5544 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:02:36.0768 5544 Npfs - ok
21:02:36.0789 5544 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:02:36.0841 5544 nsiproxy - ok
21:02:36.0926 5544 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:02:36.0988 5544 Ntfs - ok
21:02:37.0008 5544 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:02:37.0060 5544 Null - ok
21:02:37.0102 5544 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:02:37.0121 5544 nvraid - ok
21:02:37.0139 5544 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:02:37.0159 5544 nvstor - ok
21:02:37.0203 5544 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:02:37.0221 5544 nv_agp - ok
21:02:37.0254 5544 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:02:37.0273 5544 ohci1394 - ok
21:02:37.0301 5544 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:02:37.0320 5544 Parport - ok
21:02:37.0335 5544 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:02:37.0346 5544 partmgr - ok
21:02:37.0384 5544 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:02:37.0397 5544 pci - ok
21:02:37.0430 5544 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:02:37.0441 5544 pciide - ok
21:02:37.0468 5544 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:02:37.0492 5544 pcmcia - ok
21:02:37.0519 5544 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:02:37.0530 5544 pcw - ok
21:02:37.0562 5544 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:02:37.0622 5544 PEAUTH - ok
21:02:37.0695 5544 Pnp680r (53c96271f1f6db9f4983fca85f2dfb52) C:\Windows\system32\DRIVERS\pnp680r.sys
21:02:37.0705 5544 Pnp680r - ok
21:02:37.0762 5544 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:02:37.0805 5544 PptpMiniport - ok
21:02:37.0826 5544 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:02:37.0845 5544 Processor - ok
21:02:37.0893 5544 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:02:37.0932 5544 Psched - ok
21:02:38.0069 5544 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:02:38.0170 5544 ql2300 - ok
21:02:38.0193 5544 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:02:38.0212 5544 ql40xx - ok
21:02:38.0239 5544 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:02:38.0273 5544 QWAVEdrv - ok
21:02:38.0295 5544 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:02:38.0336 5544 RasAcd - ok
21:02:38.0364 5544 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:02:38.0406 5544 RasAgileVpn - ok
21:02:38.0445 5544 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:02:38.0488 5544 Rasl2tp - ok
21:02:38.0512 5544 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:02:38.0556 5544 RasPppoe - ok
21:02:38.0576 5544 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:02:38.0619 5544 RasSstp - ok
21:02:38.0659 5544 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:02:38.0700 5544 rdbss - ok
21:02:38.0713 5544 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:02:38.0733 5544 rdpbus - ok
21:02:38.0746 5544 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:02:38.0797 5544 RDPCDD - ok
21:02:38.0824 5544 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:02:38.0874 5544 RDPENCDD - ok
21:02:38.0896 5544 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:02:38.0936 5544 RDPREFMP - ok
21:02:38.0972 5544 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:02:39.0018 5544 RDPWD - ok
21:02:39.0060 5544 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:02:39.0073 5544 rdyboost - ok
21:02:39.0106 5544 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:02:39.0159 5544 rspndr - ok
21:02:39.0240 5544 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:02:39.0261 5544 RTL8167 - ok
21:02:39.0291 5544 s0016bus (ea268bce30691c2dd24f02e617fd2eb5) C:\Windows\system32\DRIVERS\s0016bus.sys
21:02:39.0305 5544 s0016bus - ok
21:02:39.0325 5544 s0016mdfl (f5f9deb89996d333ef976624d37e24e3) C:\Windows\system32\DRIVERS\s0016mdfl.sys
21:02:39.0336 5544 s0016mdfl - ok
21:02:39.0359 5544 s0016mdm (c17ce2aee67480febcc36eccb54c0be8) C:\Windows\system32\DRIVERS\s0016mdm.sys
21:02:39.0375 5544 s0016mdm - ok
21:02:39.0389 5544 s0016mgmt (cc267f04c54c5ec5b7bd658d7628469f) C:\Windows\system32\DRIVERS\s0016mgmt.sys
21:02:39.0405 5544 s0016mgmt - ok
21:02:39.0431 5544 s0016nd5 (30a35bbce09d9fe67482fd62c61911fc) C:\Windows\system32\DRIVERS\s0016nd5.sys
21:02:39.0443 5544 s0016nd5 - ok
21:02:39.0464 5544 s0016obex (ca394dcc38579c7ad82e83ee64d798a0) C:\Windows\system32\DRIVERS\s0016obex.sys
21:02:39.0479 5544 s0016obex - ok
21:02:39.0495 5544 s0016unic (eb267ccea84e6e8598d92f73332ac67b) C:\Windows\system32\DRIVERS\s0016unic.sys
21:02:39.0510 5544 s0016unic - ok
21:02:39.0551 5544 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:02:39.0569 5544 sbp2port - ok
21:02:39.0611 5544 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:02:39.0652 5544 scfilter - ok
21:02:39.0678 5544 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:02:39.0720 5544 secdrv - ok
21:02:39.0747 5544 seehcri - ok
21:02:39.0776 5544 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:02:39.0792 5544 Serenum - ok
21:02:39.0813 5544 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:02:39.0832 5544 Serial - ok
21:02:39.0860 5544 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:02:39.0877 5544 sermouse - ok
21:02:39.0920 5544 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:02:39.0952 5544 sffdisk - ok
21:02:39.0974 5544 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:02:39.0993 5544 sffp_mmc - ok
21:02:40.0008 5544 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:02:40.0027 5544 sffp_sd - ok
21:02:40.0045 5544 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:02:40.0062 5544 sfloppy - ok
21:02:40.0092 5544 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:02:40.0108 5544 SiSRaid2 - ok
21:02:40.0127 5544 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:02:40.0143 5544 SiSRaid4 - ok
21:02:40.0156 5544 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:02:40.0201 5544 Smb - ok
21:02:40.0255 5544 snapman (27ba49f89468fddae6c2b311c53bce3a) C:\Windows\system32\DRIVERS\snapman.sys
21:02:40.0267 5544 snapman - ok
21:02:40.0290 5544 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:02:40.0301 5544 spldr - ok
21:02:40.0348 5544 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:02:40.0378 5544 srv - ok
21:02:40.0405 5544 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:02:40.0435 5544 srv2 - ok
21:02:40.0487 5544 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:02:40.0513 5544 srvnet - ok
21:02:40.0548 5544 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:02:40.0563 5544 stexstor - ok
21:02:40.0617 5544 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:02:40.0631 5544 swenum - ok
21:02:40.0733 5544 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:02:40.0804 5544 Tcpip - ok
21:02:40.0865 5544 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:02:40.0907 5544 TCPIP6 - ok
21:02:40.0946 5544 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:02:40.0987 5544 tcpipreg - ok
21:02:41.0006 5544 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:02:41.0046 5544 TDPIPE - ok
21:02:41.0112 5544 tdrpman258 (bf7ac81df6fbe09438d9dc7188178ea9) C:\Windows\system32\DRIVERS\tdrpm258.sys
21:02:41.0164 5544 tdrpman258 - ok
21:02:41.0184 5544 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:02:41.0225 5544 TDTCP - ok
21:02:41.0264 5544 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:02:41.0317 5544 tdx - ok
21:02:41.0358 5544 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:02:41.0374 5544 TermDD - ok
21:02:41.0430 5544 timounter (2c1caf5563548a15515eab07d2a069c6) C:\Windows\system32\DRIVERS\timntr.sys
21:02:41.0464 5544 timounter - ok
21:02:41.0484 5544 truecrypt - ok
21:02:41.0531 5544 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:02:41.0571 5544 tssecsrv - ok
21:02:41.0608 5544 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:02:41.0653 5544 TsUsbFlt - ok
21:02:41.0773 5544 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:02:41.0817 5544 tunnel - ok
21:02:41.0839 5544 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:02:41.0855 5544 uagp35 - ok
21:02:41.0895 5544 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:02:41.0936 5544 udfs - ok
21:02:41.0978 5544 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:02:41.0995 5544 uliagpkx - ok
21:02:42.0032 5544 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:02:42.0051 5544 umbus - ok
21:02:42.0069 5544 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:02:42.0085 5544 UmPass - ok
21:02:42.0128 5544 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:02:42.0161 5544 usbaudio - ok
21:02:42.0192 5544 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:02:42.0213 5544 usbccgp - ok
21:02:42.0244 5544 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:02:42.0281 5544 usbcir - ok
21:02:42.0302 5544 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:02:42.0319 5544 usbehci - ok
21:02:42.0347 5544 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:02:42.0389 5544 usbhub - ok
21:02:42.0411 5544 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
21:02:42.0428 5544 usbohci - ok
21:02:42.0457 5544 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:02:42.0476 5544 usbprint - ok
21:02:42.0515 5544 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:02:42.0536 5544 usbscan - ok
21:02:42.0579 5544 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:02:42.0599 5544 USBSTOR - ok
21:02:42.0624 5544 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
21:02:42.0651 5544 usbuhci - ok
21:02:42.0697 5544 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:02:42.0708 5544 vdrvroot - ok
21:02:42.0728 5544 VD_FileDisk - ok
21:02:42.0752 5544 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:02:42.0772 5544 vga - ok
21:02:42.0789 5544 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:02:42.0841 5544 VgaSave - ok
21:02:42.0882 5544 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:02:42.0905 5544 vhdmp - ok
21:02:43.0009 5544 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:02:43.0023 5544 viaide - ok
21:02:43.0068 5544 vmci (cc711ed4f3d1987e84745237358ff87c) C:\Windows\system32\drivers\vmci.sys
21:02:43.0081 5544 vmci - ok
21:02:43.0112 5544 vmkbd (98e05ba0c49aa98aa0fd998ebc33d763) C:\Windows\system32\drivers\VMkbd.sys
21:02:43.0123 5544 vmkbd - ok
21:02:43.0136 5544 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
21:02:43.0147 5544 VMnetAdapter - ok
21:02:43.0164 5544 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
21:02:43.0177 5544 VMnetBridge - ok
21:02:43.0196 5544 VMnetuserif (3a9ad1d1fcf673b1b7f27140e45aeffd) C:\Windows\system32\drivers\vmnetuserif.sys
21:02:43.0208 5544 VMnetuserif - ok
21:02:43.0219 5544 VMparport (243f106a48c3af953cf2a78dc01a02b8) C:\Windows\system32\drivers\VMparport.sys
21:02:43.0231 5544 VMparport - ok
21:02:43.0260 5544 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
21:02:43.0271 5544 vmusb - ok
21:02:43.0303 5544 vmx86 (884737c95b3e1281525d7bc6e9e9d11f) C:\Windows\system32\drivers\vmx86.sys
21:02:43.0316 5544 vmx86 - ok
21:02:43.0333 5544 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:02:43.0344 5544 volmgr - ok
21:02:43.0382 5544 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:02:43.0399 5544 volmgrx - ok
21:02:43.0422 5544 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:02:43.0438 5544 volsnap - ok
21:02:43.0466 5544 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
21:02:43.0489 5544 vpcbus - ok
21:02:43.0532 5544 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
21:02:43.0550 5544 vpcnfltr - ok
21:02:43.0569 5544 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
21:02:43.0589 5544 vpcusb - ok
21:02:43.0628 5544 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
21:02:43.0646 5544 vpcvmm - ok
21:02:43.0675 5544 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:02:43.0695 5544 vsmraid - ok
21:02:43.0757 5544 vstor2-ws60 (69f57e89e6ebc5012d210527af005a70) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
21:02:43.0768 5544 vstor2-ws60 - ok
21:02:43.0803 5544 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:02:43.0836 5544 vwifibus - ok
21:02:43.0858 5544 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:02:43.0879 5544 WacomPen - ok
21:02:43.0911 5544 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:02:43.0953 5544 WANARP - ok
21:02:43.0959 5544 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:02:43.0996 5544 Wanarpv6 - ok
21:02:44.0023 5544 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:02:44.0039 5544 Wd - ok
21:02:44.0076 5544 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:02:44.0100 5544 Wdf01000 - ok
21:02:44.0140 5544 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:02:44.0181 5544 WfpLwf - ok
21:02:44.0223 5544 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:02:44.0240 5544 WIMMount - ok
21:02:44.0307 5544 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:02:44.0329 5544 WinUsb - ok
21:02:44.0368 5544 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:02:44.0384 5544 WmiAcpi - ok
21:02:44.0434 5544 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:02:44.0476 5544 ws2ifsl - ok
21:02:44.0528 5544 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:02:44.0571 5544 WudfPf - ok
21:02:44.0598 5544 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:02:44.0637 5544 WUDFRd - ok
21:02:44.0667 5544 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:02:44.0703 5544 \Device\Harddisk0\DR0 - ok
21:02:44.0721 5544 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
21:02:44.0851 5544 \Device\Harddisk1\DR1 - ok
21:02:44.0874 5544 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
21:02:44.0937 5544 \Device\Harddisk2\DR2 - ok
21:02:44.0940 5544 Boot (0x1200) (dd5cac46500dba42a4026b1a5ec3f3c7) \Device\Harddisk0\DR0\Partition0
21:02:44.0941 5544 \Device\Harddisk0\DR0\Partition0 - ok
21:02:44.0969 5544 Boot (0x1200) (cafbb97ac52bff38a5f0c348955c4ca4) \Device\Harddisk1\DR1\Partition0
21:02:44.0970 5544 \Device\Harddisk1\DR1\Partition0 - ok
21:02:44.0974 5544 Boot (0x1200) (b489ca58caff982f9f05b02fa7669a51) \Device\Harddisk1\DR1\Partition1
21:02:44.0975 5544 \Device\Harddisk1\DR1\Partition1 - ok
21:02:44.0998 5544 Boot (0x1200) (18a168e13a1944e9ee3178adbad4472c) \Device\Harddisk2\DR2\Partition0
21:02:44.0998 5544 \Device\Harddisk2\DR2\Partition0 - ok
21:02:45.0016 5544 Boot (0x1200) (e99ab091cdd3ce25df93a5d38ce9a9b5) \Device\Harddisk2\DR2\Partition1
21:02:45.0016 5544 \Device\Harddisk2\DR2\Partition1 - ok
21:02:45.0028 5544 Boot (0x1200) (7169fe65a96ed969df5be590d68d8ad3) \Device\Harddisk2\DR2\Partition2
21:02:45.0028 5544 \Device\Harddisk2\DR2\Partition2 - ok
21:02:45.0032 5544 Boot (0x1200) (cbc813194063d0f204c066cd2905e952) \Device\Harddisk2\DR2\Partition3
21:02:45.0033 5544 \Device\Harddisk2\DR2\Partition3 - ok
21:02:45.0035 5544 ============================================================
21:02:45.0035 5544 Scan finished
21:02:45.0035 5544 ============================================================
21:02:45.0049 5176 Detected object count: 15
21:02:45.0049 5176 Actual detected object count: 15
21:03:17.0549 5176 FreeOTFE ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0549 5176 FreeOTFE ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:03:17.0551 5176 FreeOTFECypherAES_ltc ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0551 5176 FreeOTFECypherAES_ltc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:03:17.0554 5176 FreeOTFECypherBlowfish ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0554 5176 FreeOTFECypherBlowfish ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:03:17.0557 5176 FreeOTFECypherCAST5 ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0557 5176 FreeOTFECypherCAST5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:03:17.0559 5176 FreeOTFECypherCAST6_Gladman ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0559 5176 FreeOTFECypherCAST6_Gladman ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:03:17.0562 5176 FreeOTFECypherDES ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0562 5176 FreeOTFECypherDES ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:03:17.0565 5176 FreeOTFECypherMARS_Gladman ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0565 5176 FreeOTFECypherMARS_Gladman ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:03:17.0569 5176 FreeOTFECypherRC6_ltc ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0569 5176 FreeOTFECypherRC6_ltc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:03:17.0572 5176 FreeOTFECypherSerpent_Gladman ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0572 5176 FreeOTFECypherSerpent_Gladman ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:03:17.0574 5176 FreeOTFECypherTwofish_ltc ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0574 5176 FreeOTFECypherTwofish_ltc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:03:17.0578 5176 FreeOTFEHashMD ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0578 5176 FreeOTFEHashMD ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:03:17.0580 5176 FreeOTFEHashRIPEMD ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0581 5176 FreeOTFEHashRIPEMD ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:03:17.0584 5176 FreeOTFEHashSHA ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0584 5176 FreeOTFEHashSHA ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:03:17.0587 5176 FreeOTFEHashTiger ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0587 5176 FreeOTFEHashTiger ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:03:17.0590 5176 FreeOTFEHashWhirlpool ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0590 5176 FreeOTFEHashWhirlpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
16.11.2011, 09:23
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.11.2011, 21:13
| #14 |
| | Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles Hier ist der ComboFix Log: Code:
ATTFilter ComboFix 11-11-16.01 - Antestor 16.11.2011 20:49:59.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2594 [GMT 1:00]
ausgeführt von:: c:\users\Antestor\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Antestor\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
c:\windows\Fonts\ATMFM.EXE
c:\windows\Fonts\GRAFIK1.TTF
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\swctl.dll
c:\windows\SysWow64\Temp
c:\windows\SysWow64\Temp\DE99B447R3
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-16 bis 2011-11-16 ))))))))))))))))))))))))))))))
.
.
2011-11-16 19:56 . 2011-11-16 19:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-16 19:08 . 2011-11-16 19:08 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6957CD65-64BB-42C4-860B-BD0A0F188E1A}\offreg.dll
2011-11-15 19:48 . 2009-10-23 11:19 526368 ----a-w- c:\windows\system32\JulaPAN.exe
2011-11-15 18:53 . 2011-11-15 18:53 -------- d-----w- C:\_OTL
2011-11-15 18:44 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6957CD65-64BB-42C4-860B-BD0A0F188E1A}\mpengine.dll
2011-11-12 10:37 . 2011-11-12 10:37 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-11-12 10:21 . 2011-11-12 10:21 -------- d-----w- c:\windows\system32\Macromed
2011-11-11 15:04 . 2011-11-11 15:04 -------- d-----w- c:\program files (x86)\ESET
2011-11-10 18:24 . 2011-11-10 18:24 -------- d-----w- c:\users\Antestor\AppData\Roaming\Malwarebytes
2011-11-10 18:23 . 2011-11-10 18:23 -------- d-----w- c:\programdata\Malwarebytes
2011-11-10 18:23 . 2011-11-10 18:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-10 18:23 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-08 21:18 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-08 21:18 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-08 21:18 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-08 21:17 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 17:42 . 2011-11-04 17:42 -------- d-----w- c:\users\Antestor\AppData\Local\Unity
2011-10-25 19:17 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-25 19:17 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 10:21 . 2011-05-19 14:36 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 04:06 . 2010-05-08 18:47 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-01 03:25 . 2011-10-12 18:09 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-12 18:09 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-27 05:37 . 2011-10-12 18:09 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-12 18:09 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-12 18:09 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 18:09 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-20 05:37 . 2011-10-12 18:10 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-08-20 04:31 . 2011-10-12 18:09 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2009-11-07 22:26 . 2009-11-07 22:26 223432 ----a-w- c:\program files (x86)\truecrypt.sys
2009-11-07 22:26 . 2009-11-07 22:26 222152 ----a-w- c:\program files (x86)\truecrypt-x64.sys
2009-11-07 22:26 . 2009-11-07 22:26 1559496 ----a-w- c:\program files (x86)\TrueCrypt Format.exe
2009-11-07 22:26 . 2009-11-07 22:26 1412552 ----a-w- c:\program files (x86)\TrueCrypt.exe
2009-11-07 19:46 . 2009-11-07 22:26 3358808 ----a-w- c:\program files (x86)\TrueCrypt Setup.exe
2007-02-22 19:08 . 2011-06-20 19:04 925696 ----a-w- c:\program files (x86)\GSpot.exe
2006-05-03 09:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCWinTray"="c:\windows\Tray\wintmr.exe" [2010-03-26 5805216]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2011-10-02 2456992]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"ChicoSys"="c:\windows\SysWOW64\cc32\webtmr.exe" [2010-03-26 5558432]
"StartCCC"="c:\program files (x86)\ati\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5140960]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-02-15 417792]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-01-22 64048]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2010-12-11 274608]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-11-8 113664]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2010-1-6 3581680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-11-8 113664]
hueyPROTray.lnk - c:\program files (x86)\Pantone\hueyPRO\hueyPROTray.exe [2009-11-15 1081344]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Scanner Finder.lnk - c:\program files (x86)\ScanWizard 5\ScannerFinder.exe [2009-11-13 315392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
R1 FreeOTFE;FreeOTFE;c:\windows\System32\FreeOTFE.sys [x]
R1 FreeOTFECypherAES_ltc;FreeOTFECypherAES_ltc;c:\windows\System32\FreeOTFECypherAES_ltc.sys [x]
R1 FreeOTFECypherBlowfish;FreeOTFECypherBlowfish;c:\windows\System32\FreeOTFECypherBlowfish.sys [x]
R1 FreeOTFECypherCAST5;FreeOTFECypherCAST5;c:\windows\System32\FreeOTFECypherCAST5.sys [x]
R1 FreeOTFECypherCAST6_Gladman;FreeOTFECypherCAST6_Gladman;c:\windows\System32\FreeOTFECypherCAST6_Gladman.sys [x]
R1 FreeOTFECypherDES;FreeOTFECypherDES;c:\windows\System32\FreeOTFECypherDES.sys [x]
R1 FreeOTFECypherMARS_Gladman;FreeOTFECypherMARS_Gladman;c:\windows\System32\FreeOTFECypherMARS_Gladman.sys [x]
R1 FreeOTFECypherRC6_ltc;FreeOTFECypherRC6_ltc;c:\windows\System32\FreeOTFECypherRC6_ltc.sys [x]
R1 FreeOTFECypherSerpent_Gladman;FreeOTFECypherSerpent_Gladman;c:\windows\System32\FreeOTFECypherSerpent_Gladman.sys [x]
R1 FreeOTFECypherTwofish_ltc;FreeOTFECypherTwofish_ltc;c:\windows\System32\FreeOTFECypherTwofish_ltc.sys [x]
R1 FreeOTFEHashMD;FreeOTFEHashMD;c:\windows\System32\FreeOTFEHashMD.sys [x]
R1 FreeOTFEHashRIPEMD;FreeOTFEHashRIPEMD;c:\windows\System32\FreeOTFEHashRIPEMD.sys [x]
R1 FreeOTFEHashSHA;FreeOTFEHashSHA;c:\windows\System32\FreeOTFEHashSHA.sys [x]
R1 FreeOTFEHashTiger;FreeOTFEHashTiger;c:\windows\System32\FreeOTFEHashTiger.sys [x]
R1 FreeOTFEHashWhirlpool;FreeOTFEHashWhirlpool;c:\windows\System32\FreeOTFEHashWhirlpool.sys [x]
R1 VD_FileDisk;VD_FileDisk; [x]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-01-08 2480048]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ATICDSDr;ATICDSDr;c:\users\Antestor\AppData\Local\Temp\ATICDSDr.sys [x]
R3 cpuz130;cpuz130;c:\users\Antestor\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files (x86)\BurnInTest\DirectIo.sys [2008-03-19 15872]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 s0016bus;s0016bus;c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;s0016nd5;c:\windows\system32\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 s0016unic;s0016unic;c:\windows\system32\DRIVERS\s0016unic.sys [x]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 Wpeeomcynwn;Wpeeomcynwn; [x]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]
S1 CbrVidA;CbrVidA;c:\windows\system32\CbrVidA.sys [x]
S1 Jula.sys;Service for Juli@ Audio Driver EWDM;c:\windows\system32\DRIVERS\Jula.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 BralMiniServer Service;BralMiniServer Service;c:\program files (x86)\Common Files\BAUM Retec\BrailleServer\1.0\BralMiniSrv_Service.exe [2008-12-19 405504]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-01-22 563760]
S2 Windows-CCHook-Service;Windows-CCHook-Service;c:\windows\SysWOW64\cchservice.exe [2010-01-27 1595032]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 JulaWDM.sys;Service for Juli@ WDM;c:\windows\system32\DRIVERS\JulaWDM.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - Chico64
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 362032]
"Cobra_chkRDP"="c:\program files (x86)\BAUM Retec\COBRA\9.0\RegSetCobraRDP.exe" [2009-11-02 24576]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page =
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Free YouTube to MP3 Converter - c:\users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {{1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - {0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} - c:\program files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Antestor\AppData\Roaming\Mozilla\Firefox\Profiles\yu5646sy.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Firefox Throttle: {ca8b7b3d-b6e6-438f-b935-601b3de48d66} - %profile%\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-SansaDispatch - c:\users\Antestor\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
Wow6432Node-HKLM-Run-NWEReboot - (no file)
ShellExecuteHooks-{6979AAD7-86EE-481F-B591-152A33E86ECB} - (no file)
ShellExecuteHooks-{6979AAD7-86EE-481F-B591-152A33E86ECB} - (no file)
AddRemove-1489-3350-5074-6281 - z:\survive\plea\JDownloader\JDUninstall.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-CoreAAC Audio Decoder - c:\windows\system32\CoreAAC-uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3388136713-3722576333-1192773260-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{196B0BEB-6567-9F6B-84E9-B197BB30A38A}*]
"hakglljbkfdaamak"=hex:6b,61,66,67,64,67,6c,65,6c,70,69,63,63,65,62,6d,63,65,
61,65,69,63,00,77
"iamfbjikkngcljobjb"=hex:6b,61,66,67,64,67,6c,65,6c,70,69,63,63,65,62,6d,63,65,
61,65,69,63,00,00
"hapnjkdpohhaplab"=hex:62,63,6a,63,69,61,6f,6f,63,6c,63,61,6f,70,67,61,65,6c,
70,70,67,6b,6d,64,61,6f,65,62,6c,70,6e,69,6a,65,66,6e,65,6a,6d,69,61,64,64,\
.
[HKEY_USERS\S-1-5-21-3388136713-3722576333-1192773260-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{71160731-4AF9-64C6-903B-52DAFCDAFF84}*]
"iacbncefjnbljcajje"=hex:6a,61,62,6b,68,67,67,6c,6f,6a,6e,6f,66,64,64,6b,6b,6b,
61,6b,00,00
"hamapbjomjglolaf"=hex:6a,61,62,6b,68,67,67,6c,6f,6a,6e,6f,66,64,64,6b,6b,6b,
61,6b,00,01
"hahhjgkliidphlnb"=hex:62,63,6e,6d,61,64,70,6b,61,66,70,62,6d,66,6d,66,62,6d,
63,6e,67,62,69,70,65,66,68,66,67,69,6c,69,6f,68,6b,66,6f,63,65,6f,64,61,66,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{196B0BEB-6567-9F6B-84E9-B197BB30A38A}\InProcServer32*]
"jagfonebidcknlfencel"=hex:6b,61,66,67,64,67,6c,65,6c,70,69,63,63,65,62,6d,63,
65,61,65,69,63,00,77
"iagfengapjlckhhmoc"=hex:6b,61,66,67,64,67,6c,65,6c,70,69,63,63,65,62,6d,63,65,
61,65,69,63,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{71160731-4AF9-64C6-903B-52DAFCDAFF84}\InProcServer32*]
"jaabcagfbbipbepjijcd"=hex:6a,61,62,6b,68,67,67,6c,6f,6a,6e,6f,66,64,64,6b,6b,
6b,61,6b,00,00
"iaabiamhlimaikophh"=hex:6a,61,62,6b,68,67,67,6c,6f,6a,6e,6f,66,64,64,6b,6b,6b,
61,6b,00,fe
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-16 20:59:29
ComboFix-quarantined-files.txt 2011-11-16 19:59
.
Vor Suchlauf: 17 Verzeichnis(se), 12.242.923.520 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 12.117.315.584 Bytes frei
.
- - End Of File - - 8033300E5004307BABFAF015A3950082
Antestor |
|
16.11.2011, 21:47
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Regnull::
[HKEY_USERS\S-1-5-21-3388136713-3722576333-1192773260-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{196B0BEB-6567-9F6B-84E9-B197BB30A38A}*]
Driver::
Wpeeomcynwn
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles |
| 0x00000001, 7-zip, antivir, avira, bho, bonjour, c:\windows\system32\rundll32.exe, converter, cubase, dateien gelöscht, desktop, downloader, eraser, error, excel, fehler, firefox, free download, home, jdownloader, langs, logfile, malware, mozilla thunderbird, mp3, nicht gefunden, nodrives, plug-in, popup, realtek, recuva, registry, registry cleaner, richtlinie, rundll, scr-datei, security, shortcut, software, starten, studio, super, total commander, trojaner, usb, version=1.0, webcheck, windows, youtube downloader |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
