| |
| |||||||
Log-Analyse und Auswertung: Mailer-Demon-Meldungen und X bei HijackthisWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.11.2011, 15:21
| #1 |
 |  Mailer-Demon-Meldungen und X bei Hijackthis Hallo! Ich habe ein Problem mit meinem Rechner und hoffe, ihr könnt mir helfen. Vor einigen Tagen meldete mein Mann mir "komische" Ereignisse. Im Mailprogramm würden so viele Mails "zurück kommen", dabei habe er keine geschrieben. Zuerst ließ ich Avira laufen und stiess auf keine Ungereimtheiten. Ich dachte also zuerst an einen Spambot, der nun meine Adresse generiert hat. Doch bekanntlich lassen einen die schlechten Gedanken keine Ruhe und so habe ich Antimalwarebytes gestartet und mit einem vollständigen Suchlauf 2 Treffer gelandet - 2 Trojaner-Dateien, im Logfile erwähnt mit:Infizierte Dateien: c:\program files (x86)\Visions\updater.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully. c:\program files (x86)\Visions\Visions.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully. Danach haben wir den Rechner ausgemacht. Heute wollte ich dann einfach mal HijackThis laufen lassen und musste es neu installieren. Bei der Auswertung 9 oder 10 X (Prozesse, die angeblich nicht da laufen, wo sie laufen sollen - aber der Pfad zeigte den richtigen Ort an) und so machte ich mir Gedanken. Bei starten des Mailprogramms dann auch wieder zig Mailerdemon-Nachrichten und nun befürchte ich ein komplett verseuchtes System. Anbei die OTL-Dateien, allerdings musste ich nach Disable bei Defogger nicht neustarten, sind die Logs dadurch verfälscht? Bitte um Hilfe, ich bin in dem Bereich eine absolute Flachzange! LG, Rheanna |
|
22.11.2011, 18:00
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Mailer-Demon-Meldungen und X bei HijackthisZitat:
__________________ |
|
22.11.2011, 19:04
| #3 |
| | Mailer-Demon-Meldungen und X bei Hijackthis Die sind ja bereits entfernt gewesen...zudem stand, man möge die Logfiles von OTL hochladen.
__________________Zudem ist die betreffende Zeile ja gepostet, alles weitere ist der Standardkram von Antimylwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8206
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
21.11.2011 15:28:26
mbam-log-2011-11-21 (15-28-26).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Durchsuchte Objekte: 436836
Laufzeit: 1 Stunde(n), 41 Minute(n), 34 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\program files (x86)\Visions\updater.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\program files (x86)\Visions\Visions.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
|
|
22.11.2011, 19:08
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mailer-Demon-Meldungen und X bei Hijackthis Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.11.2011, 19:59
| #5 |
| | Mailer-Demon-Meldungen und X bei Hijackthis Ich habe dort 5 Logs, 2 vom Mai. Allerdings wenn ich den Rechner durchsuche finde ich die abgelegten Txt-Dateien nicht. Darf ich dann alle hier via Code-Funktion posten? Im Netz habe ich zwar die Antwort gefunden WO sie liegen sollen, aber einen Ordner "Logs" gibt es bei mir nicht unter Programme->Malwarebyte... Ich kopiere das Log davor (war Quickscan ohne Befund am selben Tag): Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8206
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
21.11.2011 12:39:42
mbam-log-2011-11-21 (12-39-42).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 176687
Laufzeit: 6 Minute(n), 26 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8206
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
21.11.2011 22:31:49
mbam-log-2011-11-21 (22-31-49).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Durchsuchte Objekte: 436888
Laufzeit: 1 Stunde(n), 11 Minute(n), 45 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Also nicht wundern, wenn dann gleich keine Antwort kommt.Vielen Dank schon mal für die Zeit! LG, Rheanna |
|
22.11.2011, 20:44
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mailer-Demon-Meldungen und X bei Hijackthis Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ --> Mailer-Demon-Meldungen und X bei Hijackthis |
|
23.11.2011, 21:40
| #7 |
| | Mailer-Demon-Meldungen und X bei Hijackthis Hi... ESET zeigte leider prompt Treffer an... Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4436e4424f692a4d812f14f2d1982825
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-23 08:32:20
# local_time=2011-11-23 09:32:20 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 3298900 3298900 0 0
# compatibility_mode=5893 16776573 100 94 11942 73705212 0 0
# compatibility_mode=8192 67108863 100 0 3913 3913 0 0
# scanned=281924
# found=2
# cleaned=0
# scan_time=4978
C:\Users\Zicke\AppData\Local\Temp\jar_cache5431833454047860561.tmp a variant of Java/TrojanDownloader.OpenStream.NCJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Zicke\AppData\Local\Temp\jar_cache7552759936367104783.tmp multiple threats (unable to clean) 00000000000000000000000000000000 I
Die Emails haben aber aufgehört, allerdings kam heute auf der nächsten Emailadresse von mir eine merkwürdige Mail (da mein Mann aber Schiss hatte, hat er sie sofort gelöscht und er kann sich nicht wirklich an den Wortlaut erinnern - kann aber durchaus auch Zufall sein, denn er sagte, die Email wäre angeblich an ihn gerichtet und hätte nicht zugestellt werden können...)... Vielen Dank für deine Mühen! LG,Rheanna |
|
24.11.2011, 08:30
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mailer-Demon-Meldungen und X bei Hijackthis Mach ein neues OTL-Log CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.11.2011, 16:23
| #9 |
| | Mailer-Demon-Meldungen und X bei Hijackthis Hier das neue OTL-Log: Code:
ATTFilter OTL logfile created on: 24.11.2011 16:10:18 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Zicke\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,94 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 61,35% Memory free 7,87 Gb Paging File | 5,95 Gb Available in Paging File | 75,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 906,34 Gb Total Space | 810,82 Gb Free Space | 89,46% Space Free | Partition Type: NTFS Computer Name: ZICKE-PC | User Name: Zicke | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.22 14:57:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Zicke\Downloads\OTL.exe PRC - [2011.11.17 06:58:04 | 003,303,000 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Zicke\AppData\Local\Akamai\netsession_win.exe PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.22 15:13:02 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2011.08.22 15:12:52 | 003,507,088 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.11 20:55:06 | 000,724,536 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe PRC - [2011.03.31 15:48:36 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2011.03.31 13:38:26 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe PRC - [2011.03.21 12:21:24 | 000,632,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.03.03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.10.12 11:47:24 | 000,096,752 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe PRC - [2009.09.30 13:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.09.30 13:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.30 10:19:30 | 000,049,152 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Power Dial\LenovoCOMSvc.exe PRC - [2009.09.28 10:09:06 | 000,827,392 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\HealthCare\HealthCare.exe PRC - [2009.09.27 10:37:22 | 000,163,840 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Power Dial\LitModeSwitch.exe PRC - [2009.09.27 10:37:20 | 000,081,920 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Power Dial\LitModeCtrl.exe PRC - [2009.07.16 08:05:10 | 000,114,688 | ---- | M] (JME) -- C:\Program Files (x86)\jmesoft\hotkey.exe PRC - [2009.06.03 19:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe PRC - [2004.08.27 18:22:38 | 000,090,112 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe ========== Modules (No Company Name) ========== MOD - [2011.10.14 11:55:41 | 001,218,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\7c4eea005578d9990f604fda345fb2b4\System.Management.ni.dll MOD - [2011.10.14 11:54:40 | 000,762,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\44d18693baaee5ee0e6f6fd4910e8f81\System.Runtime.Remoting.ni.dll MOD - [2011.10.14 11:27:55 | 001,782,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a3ffdc1316821b5ceb32c9a788334329\System.Xaml.ni.dll MOD - [2011.10.14 11:25:28 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll MOD - [2011.10.14 11:14:45 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll MOD - [2011.10.14 11:14:26 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011.10.14 11:14:22 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011.10.14 11:14:13 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011.10.14 11:14:09 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011.10.14 11:14:06 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011.10.14 11:14:05 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011.10.14 11:13:58 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.10.14 00:33:00 | 018,000,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\813a0913bea1269e48613509609e72b4\PresentationFramework.ni.dll MOD - [2011.10.14 00:32:51 | 011,450,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8244412387a82c0acd3d63622e22cef5\PresentationCore.ni.dll MOD - [2011.10.14 00:32:49 | 013,138,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2de8b7360d6a58fa7fd1b451fa88dde6\System.Windows.Forms.ni.dll MOD - [2011.10.14 00:32:46 | 007,069,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\44a7d2597981a82da8b9e3e2298602de\System.Core.ni.dll MOD - [2011.10.14 00:32:44 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\419103071a5a5d17738afbe9dd03d58a\System.Xml.ni.dll MOD - [2011.10.14 00:32:44 | 003,857,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\9dacf8a5033dfbcb435be166d2f42cdf\WindowsBase.ni.dll MOD - [2011.10.14 00:32:43 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9211f2faac02f0082b201a95731736c4\PresentationFramework.Aero.ni.dll MOD - [2011.10.14 00:32:42 | 001,652,736 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\17bfc7131aca3a393f430121f79307bd\System.Drawing.ni.dll MOD - [2011.10.14 00:32:41 | 009,086,464 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\5286fe2d0167eb835a9f11025f1cb756\System.ni.dll MOD - [2011.10.14 00:32:37 | 014,407,680 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.09.26 20:18:19 | 000,115,137 | ---- | M] () -- C:\Users\Zicke\AppData\Local\Temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll MOD - [2011.08.22 15:13:02 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.05.11 20:53:06 | 010,837,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtWebKit4.dll MOD - [2011.05.11 20:53:06 | 008,166,912 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtGui4.dll MOD - [2011.05.11 20:53:06 | 002,551,296 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll MOD - [2011.05.11 20:53:06 | 002,282,496 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtCore4.dll MOD - [2011.05.11 20:53:06 | 002,246,656 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtDeclarative4.dll MOD - [2011.05.11 20:53:06 | 001,288,192 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtScript4.dll MOD - [2011.05.11 20:53:06 | 000,913,920 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtNetwork4.dll MOD - [2011.05.11 20:53:06 | 000,676,864 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtOpenGL4.dll MOD - [2011.05.11 20:53:06 | 000,340,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXml4.dll MOD - [2011.05.11 20:53:06 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\phonon4.dll MOD - [2011.05.11 20:53:06 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\imageformats\qjpeg4.dll MOD - [2011.05.11 20:53:06 | 000,190,464 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtSql4.dll MOD - [2011.05.11 20:53:06 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\imageformats\qgif4.dll MOD - [2011.05.11 20:28:30 | 000,508,416 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtMultimediaKit1.dll MOD - [2011.05.11 20:28:28 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\mediaservice\dsengine.dll MOD - [2011.05.11 20:27:54 | 000,924,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Maps Service API.dll MOD - [2011.05.11 20:27:38 | 000,422,800 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\ssoengine.dll MOD - [2011.05.11 20:27:38 | 000,387,976 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\OviShareLib.dll MOD - [2011.05.11 20:27:38 | 000,060,816 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\securestorage.dll MOD - [2011.05.11 20:26:36 | 000,687,616 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.09.14 07:00:11 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2009.09.09 08:24:38 | 000,057,344 | ---- | M] () -- C:\Programme\Lenovo\HealthCare\de-de\de-de.dll MOD - [2009.07.16 08:20:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\jmesoft\Keyhook.dll MOD - [2009.06.03 19:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll MOD - [2009.06.03 19:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll MOD - [2008.12.30 10:09:34 | 002,088,960 | ---- | M] () -- C:\Programme\Lenovo\Power Dial\LitModeSwitchRes.dll MOD - [2008.09.27 07:39:26 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\HealthCare\HOOK.dll MOD - [2007.12.31 09:27:42 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\jmesoft\VistaVolume.dll MOD - [2005.07.20 10:48:10 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\zlib1.dll MOD - [2004.07.26 16:11:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.03.03 05:12:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.09.30 10:19:30 | 000,049,152 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe -- (LenovoCOMSvc) SRV:64bit: - [2009.09.27 10:37:20 | 000,081,920 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe -- (LitModeCtrl) SRV - [2011.11.18 13:53:31 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll -- (Akamai) SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.02 10:47:14 | 000,159,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe -- (CDMA Device Service) SRV - [2011.06.24 23:27:57 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.03.21 12:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009.10.12 11:47:24 | 000,096,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe -- (CEEBC40A-FDED-4C59-B354-939132350B01) SRV - [2009.09.30 13:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.09.30 13:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.07.18 05:24:12 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.07.18 05:24:12 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2011.07.18 05:24:12 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2011.03.31 10:18:46 | 000,276,480 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv10.sys -- (acedrv10) DRV:64bit: - [2011.03.31 10:18:46 | 000,246,360 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acehlp10.sys -- (acehlp10) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.02 14:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2010.12.02 14:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2010.11.23 18:33:00 | 000,300,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010.09.14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010.09.14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010.09.14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.03.03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.03.03 05:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.03.03 05:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.03.03 04:07:32 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.01.28 15:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.23 10:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R) DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.21 13:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64) DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2008.08.06 11:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2008.04.08 04:43:04 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ddcdrv.sys -- (WinI2C-DDC) DRV:64bit: - [2007.05.11 16:31:02 | 003,612,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Fusion(UVC) DRV:64bit: - [2007.05.11 16:30:50 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2007.05.11 16:29:08 | 001,361,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.03.02 10:00:32 | 000,016,200 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\ddcdrv.sys -- (WinI2C-DDC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mythos-europe.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.74 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Zicke\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.05.16 13:02:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.10.12 11:32:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.10 08:47:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.12 11:32:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.05.16 13:02:28 | 000,000,000 | ---D | M] [2011.02.25 22:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zicke\AppData\Roaming\Mozilla\Extensions [2011.11.10 19:57:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zicke\AppData\Roaming\Mozilla\Firefox\Profiles\ag8osv4v.default\extensions [2011.11.10 19:57:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Zicke\AppData\Roaming\Mozilla\Firefox\Profiles\ag8osv4v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.11.10 08:47:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.04 08:26:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.10.26 11:24:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.11.10 08:47:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5}] C:\Windows\test.bat File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Healthcare] C:\Program Files\Lenovo\HealthCare\HealthCare.exe (Lenovo) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe (JME) O4 - HKLM..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKLM..\Run: [ModeSwitch] C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe (Lenovo) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TaskTray] File not found O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Zicke\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4C1586D-6146-4D50-9186-0995B828FF0E}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MCODS - Reg Error: Value error. SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: MCODS - Reg Error: Value error. SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\windows\SysWow64\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.yv12 - C:\windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.11.24 16:07:16 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed [2011.11.24 16:07:16 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{69E6D7DD-828C-4DF0-89B3-B71E4019B07D} [2011.11.24 16:07:05 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{45E8BB60-A6FC-4E00-A226-AD26FA7473F2} [2011.11.23 23:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.23 20:04:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.11.23 20:03:49 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Zicke\Desktop\esetsmartinstaller_enu.exe [2011.11.23 17:54:13 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{C2510202-CB59-457E-9265-AFB6D622F029} [2011.11.23 17:53:51 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{C30BD422-6538-4FC8-B4B8-850DA99A2E1F} [2011.11.22 14:42:33 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.11.22 14:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2011.11.22 08:22:21 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{9F07FBA5-A09F-4FBA-90FB-425DF56BA2A4} [2011.11.22 08:21:59 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{8B6EB2B9-22E8-443B-9040-ADD12C6DC2A8} [2011.11.21 13:14:57 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{B3C5770F-141D-4497-A92D-5C2113955188} [2011.11.21 13:14:34 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{42EC6E6E-16A3-4984-A13D-5416C5B1A6EB} [2011.11.21 01:14:08 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{DD2EB83D-290D-4871-9F82-D91E83DE45F0} [2011.11.21 01:13:46 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{C23100B1-E7C4-44DE-AA55-56FB26E222CA} [2011.11.20 13:00:33 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{8B9B7E5C-6C45-489D-B7D5-B3C1F5A09B1A} [2011.11.20 13:00:11 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{4AFFD2FD-BCBF-493A-B594-D41ACCD175C8} [2011.11.20 01:23:51 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{37FA4367-35A3-4CEC-959B-81F74084199F} [2011.11.20 01:23:29 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{C6FB6CD1-1B66-4CC0-B082-50E7954080C3} [2011.11.19 12:59:04 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{F49D3E6B-A28E-4233-9FC4-0FC35E2DC535} [2011.11.19 12:58:48 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{B1061275-923E-4309-BE04-756D4D8B74D8} [2011.11.18 12:58:49 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{EB324771-312D-4EAC-ABEF-271C4551514C} [2011.11.18 12:58:26 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{A3215AD3-A1BC-48CD-835B-6DC91F642346} [2011.11.18 00:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.11.18 00:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.11.18 00:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.11.17 22:28:32 | 000,000,000 | ---D | C] -- C:\Users\Zicke\Documents\Meine empfangenen Dateien [2011.11.17 13:11:35 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{D6ABEB10-C6B4-40C4-A8FE-9FE48DF48D74} [2011.11.17 13:11:13 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{E16A7359-0949-4D4D-BA51-7AF9469BA0AF} [2011.11.17 01:10:47 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{865C4C14-1AAB-41FB-9AE5-7F2866275C31} [2011.11.17 01:10:24 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{F9E406CD-6EF6-4611-A3EA-D4960AD1981C} [2011.11.16 13:03:32 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{9B158E5A-EDB2-4AC7-B427-5345E7702447} [2011.11.16 13:03:20 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{C050B5E3-E0AF-42DD-AB41-05C4EC570246} [2011.11.15 11:16:30 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{101A9D2F-7B47-4636-B8E8-9B5E4C93D58F} [2011.11.15 11:16:08 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{6D095CED-B108-4207-866D-0F25E56715AE} [2011.11.14 12:42:37 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{919C39B8-0E55-4C7A-8E3F-460ACB202367} [2011.11.14 12:42:14 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{E8C22B58-A98B-478F-8464-0E45B8A7DCBB} [2011.11.14 00:41:49 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{D0991652-80B4-40A8-9BAA-B86A0BB7B1D4} [2011.11.14 00:41:26 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{9FB200F1-DE00-460B-83C1-3F6F726FA524} [2011.11.13 12:41:00 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{757C2A87-CFA5-4D0C-8660-123B51D413F9} [2011.11.13 12:40:47 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{A3ED3C96-19EA-4683-9619-CE5936CE7ADC} [2011.11.12 13:08:44 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{24912356-2D83-4488-9F48-23C2161DBBF2} [2011.11.12 13:08:33 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{004D5F5B-61DA-4BC5-876D-17298BDC6244} [2011.11.11 16:18:56 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Roaming\Apple Computer [2011.11.11 16:18:56 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\Apple Computer [2011.11.11 16:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2011.11.11 16:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2011.11.11 16:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2011.11.11 16:16:39 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\Apple [2011.11.11 16:16:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2011.11.11 16:16:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2011.11.11 16:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.11.11 16:16:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2011.11.11 16:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2011.11.11 16:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2011.11.11 14:15:34 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{90A0E428-20CD-4520-9589-B9E0E734909E} [2011.11.11 14:15:20 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{7C3CA9E2-BF31-4604-A919-4A1C117064A6} [2011.11.10 20:48:09 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{060BA56B-A90F-4412-9073-BD1516842590} [2011.11.10 20:47:47 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{D46A2611-A739-442D-9B3B-858E91192CE4} [2011.11.10 15:48:00 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\Akamai [2011.11.10 08:47:21 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{F1794D11-9709-4D27-803B-D7EEB2E61DC5} [2011.11.10 08:47:09 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{9FBBCBAE-C552-44A1-97E0-77CF779EB437} [2011.11.09 10:48:43 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{AF798B4D-951E-439D-9FFD-B37A6FD05CF6} [2011.11.09 10:48:32 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{E233A357-6A7B-4B99-B300-69EABE7034A4} [2011.11.08 13:25:12 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{4BD8D54A-7D32-406B-BB36-83F3227F1F08} [2011.11.08 13:24:50 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{8B6EF854-142B-4CE7-8766-B9E4016C9114} [2011.11.08 01:24:19 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{F4A13B8F-CE4B-44B2-9907-6EC18FBC5537} [2011.11.08 01:23:56 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{1798AED5-01BB-4B40-B8AE-792F7628F573} [2011.11.07 12:21:45 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{4FB96EA0-C199-43EA-8F1B-61BB41744802} [2011.11.07 12:21:34 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{66ED817A-FB02-4138-ACB7-2B64528D5EBE} [2011.11.06 21:18:39 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{8506F28E-AF0A-4F17-8F65-E01395EC4A79} [2011.11.06 21:18:17 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{6800AB1D-F4C9-4760-9FA8-5D4519932BAB} [2011.11.06 09:08:05 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{68191522-A8CE-48C9-A9D5-A5A6A5C548F5} [2011.11.06 09:07:54 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{4B44BA6A-449D-494A-8844-DBFD3CE00AF2} [2011.11.05 11:53:01 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{C0B3BB45-2C35-44C6-AA9D-351407C10C24} [2011.11.05 11:52:50 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{8098A8A0-ACDE-4527-A3EB-7791A6AF8A5D} [2011.11.04 09:08:49 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{FDD4B576-73C0-4815-A469-A4F629C1CC12} [2011.11.04 09:08:27 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{6EBA475B-9E56-4FEC-913B-3ED713B37589} [2011.11.04 08:22:27 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{3873D19B-0FE9-4F4B-A080-33F95F7AEF90} [2011.11.04 08:22:03 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{38DD2564-A779-4CAA-901A-AB18376CF1E6} [2011.11.03 11:59:31 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{7F6B1C64-DD92-4275-8E72-17EF660E399F} [2011.11.03 11:59:09 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{EE8AFF56-485A-4BF7-A382-AE12B8458334} [2011.11.02 23:58:43 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{EF31FA3C-BC16-4EEA-AA60-4110D6228019} [2011.11.02 23:58:21 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{C73E349A-922E-446C-99DC-162A93FAD6D3} [2011.11.02 11:57:55 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{1E0B3DF5-68E9-489F-9FCB-BA848CA827D9} [2011.11.02 11:57:44 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{230D1E2D-54EF-4E68-8FA9-B6EA3636DFFC} [2011.11.01 11:25:51 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{3D411B3B-F1FB-4FD8-9449-CDB79FEB5F2A} [2011.11.01 11:25:27 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{EA773180-9DE8-416C-8A12-D54406E6F876} [2011.11.01 00:44:48 | 000,000,000 | ---D | C] -- C:\Temp [2011.10.31 21:39:05 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{9B95FCC2-F428-45B7-9AFD-CD6B46337D50} [2011.10.31 21:38:43 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{0008145D-D8BE-4732-8396-8D44A27598D1} [2011.10.31 09:38:14 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{AAE4E92A-8FD0-441E-902B-13F5402DBBDF} [2011.10.31 09:37:57 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{AD593F66-76EA-496A-9C7F-8669CB88ECE0} [2011.10.30 12:33:21 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{03834C07-7D69-4EB6-B9FD-C0BC1C601487} [2011.10.30 12:33:00 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{CC40A07E-5A3C-4DF4-AAB1-5D2FF3657766} [2011.10.29 13:46:03 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{F77B3C07-12E3-439B-8F59-605517753FA2} [2011.10.29 13:45:52 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{C490A789-298E-4CEA-8827-577998540832} [2011.10.29 12:39:31 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{04F06C22-B513-41A2-9B18-7A03F43C9F80} [2011.10.29 12:39:08 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{F2579138-9305-4067-8A90-C06D7FA5A125} [2011.10.28 22:24:53 | 000,000,000 | ---D | C] -- C:\Users\Zicke\Tracing [2011.10.28 14:57:17 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{E9F2941D-B209-4AD3-9A09-EA905DE5AF30} [2011.10.28 14:56:55 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{B8465126-C3BE-4A74-AFF2-6B90B02916B7} [2011.10.28 01:53:22 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{28B598FA-E6FE-4161-8D1C-FEED99088D48} [2011.10.28 01:52:59 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{E1FE9F09-D5DF-4397-95BC-BF2BD32A4897} [2011.10.27 06:14:14 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{A7501D97-C5B0-4566-99FA-42DA960590D4} [2011.10.27 06:13:51 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{1BD3C267-32C0-4A6B-9F35-0FD38AD75D11} [2011.10.26 11:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.10.26 11:19:59 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{96E604F0-49E2-447C-B35E-7C0A42EC5137} [2011.10.26 11:19:37 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{8AD5AD3F-CD78-4030-9677-1278D25A72CC} [2011.10.26 00:57:08 | 000,000,000 | ---D | C] -- C:\Users\Zicke\AppData\Local\{EA4099ED-893F-4CC5-9D0C-0DB4F969BC03} [2011.04.03 18:58:56 | 002,120,192 | ---- | C] (CWE Computer services) -- C:\Program Files\d10.dll [2011.04.03 18:58:56 | 000,150,016 | ---- | C] (Vista Software) -- C:\Program Files\SDENSX60.DLL [2011.04.03 18:58:56 | 000,081,920 | ---- | C] (Vista Software) -- C:\Program Files\SDE60.DLL [2011.04.03 18:58:55 | 009,046,528 | ---- | C] (CWE Computer Services) -- C:\Program Files\gsak.exe [2011.04.03 18:58:55 | 001,259,008 | ---- | C] (CWE Compter services) -- C:\Program Files\MacroEditor.exe [2010.09.21 23:50:14 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.24 16:13:03 | 000,017,136 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.24 16:13:03 | 000,017,136 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.24 16:09:53 | 001,500,254 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2011.11.24 16:09:53 | 000,654,594 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2011.11.24 16:09:53 | 000,616,476 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2011.11.24 16:09:53 | 000,130,208 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2011.11.24 16:09:53 | 000,106,598 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2011.11.24 16:05:12 | 000,001,104 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.24 16:04:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011.11.24 16:04:49 | 3169,726,464 | -HS- | M] () -- C:\hiberfil.sys [2011.11.24 01:33:00 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.23 23:43:14 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.23 20:03:53 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Zicke\Desktop\esetsmartinstaller_enu.exe [2011.11.23 18:09:08 | 000,167,290 | ---- | M] () -- C:\Users\Zicke\Documents\Uebernahmeantrag_Prepaid_0311.pdf [2011.11.22 14:56:50 | 000,000,000 | ---- | M] () -- C:\Users\Zicke\defogger_reenable [2011.11.22 14:42:33 | 000,002,935 | ---- | M] () -- C:\Users\Zicke\Desktop\HiJackThis.lnk [2011.11.21 12:27:32 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.18 00:13:11 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.18 00:04:00 | 000,000,628 | ---- | M] () -- C:\windows\SysNative\mapisvc.inf [2011.11.16 13:01:20 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\lvuvc.hs [2011.11.10 08:39:28 | 000,319,408 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.23 23:43:14 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2011.11.23 18:09:07 | 000,167,290 | ---- | C] () -- C:\Users\Zicke\Documents\Uebernahmeantrag_Prepaid_0311.pdf [2011.11.22 14:56:50 | 000,000,000 | ---- | C] () -- C:\Users\Zicke\defogger_reenable [2011.11.22 14:42:33 | 000,002,935 | ---- | C] () -- C:\Users\Zicke\Desktop\HiJackThis.lnk [2011.11.18 00:13:11 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.11.18 00:04:00 | 000,000,628 | ---- | C] () -- C:\windows\SysNative\mapisvc.inf [2011.11.11 16:16:39 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011.10.18 20:09:02 | 000,413,696 | ---- | C] () -- C:\windows\SysWow64\jsound.dll [2011.10.18 20:09:02 | 000,380,928 | ---- | C] () -- C:\windows\SysWow64\jmmpa.dll [2011.10.18 20:09:02 | 000,282,624 | ---- | C] () -- C:\windows\SysWow64\jmh261.dll [2011.10.18 20:09:02 | 000,184,320 | ---- | C] () -- C:\windows\SysWow64\jmvh263.dll [2011.10.18 20:09:02 | 000,159,744 | ---- | C] () -- C:\windows\SysWow64\civil.dll [2011.10.18 20:09:02 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\jmjpeg.dll [2011.10.18 20:09:02 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\jmh263enc.dll [2011.10.18 20:09:02 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\jmg723.dll [2011.10.18 20:09:02 | 000,077,824 | ---- | C] () -- C:\windows\SysWow64\jmmpegv.dll [2011.10.18 20:09:02 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\jmutil.dll [2011.10.18 20:09:02 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\jdshow.dll [2011.10.18 20:09:02 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\jmgsm.dll [2011.10.18 20:09:02 | 000,053,248 | ---- | C] () -- C:\windows\SysWow64\jmam.dll [2011.10.18 20:09:02 | 000,049,152 | ---- | C] () -- C:\windows\SysWow64\jmcvid.dll [2011.10.18 20:09:02 | 000,049,152 | ---- | C] () -- C:\windows\SysWow64\jmacm.dll [2011.10.18 20:09:02 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\jmvfw.dll [2011.10.18 20:09:02 | 000,040,960 | ---- | C] () -- C:\windows\SysWow64\jmdaud.dll [2011.10.18 20:09:02 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\jmvcm.dll [2011.10.18 20:09:02 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\jmgdi.dll [2011.10.18 20:09:02 | 000,032,768 | ---- | C] () -- C:\windows\SysWow64\jmfjawt.dll [2011.10.18 20:09:02 | 000,032,768 | ---- | C] () -- C:\windows\SysWow64\jmddraw.dll [2011.10.18 20:09:02 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\jmmci.dll [2011.10.18 20:09:02 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\jmdaudc.dll [2011.07.26 16:26:48 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2011.07.26 16:26:46 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2011.07.26 16:26:46 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2011.07.26 16:26:46 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2011.07.26 16:26:46 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2011.05.04 12:46:14 | 000,000,196 | ---- | C] () -- C:\windows\ulead32.ini [2011.04.03 18:58:58 | 000,142,557 | ---- | C] () -- C:\Program Files\local_gmaps.zip [2011.04.03 18:58:57 | 000,098,882 | ---- | C] () -- C:\Program Files\DEPRECATED.chm [2011.04.03 18:58:57 | 000,042,805 | ---- | C] () -- C:\Program Files\all.sql [2011.04.03 18:58:57 | 000,001,021 | ---- | C] () -- C:\Program Files\LogCache.gsk [2011.04.03 18:58:56 | 004,695,753 | ---- | C] () -- C:\Program Files\GSAK.chm [2011.04.03 18:58:56 | 001,573,524 | ---- | C] () -- C:\Program Files\gpsbabel.exe [2011.04.03 18:58:56 | 001,127,424 | ---- | C] () -- C:\Program Files\gsakdual.exe [2011.04.03 18:58:56 | 000,935,424 | ---- | C] () -- C:\Program Files\FolderShow.exe [2011.04.03 18:58:56 | 000,524,288 | ---- | C] () -- C:\Program Files\cweudf.dll [2011.04.03 18:58:56 | 000,296,960 | ---- | C] () -- C:\Program Files\libeay32.dll [2011.04.03 18:58:56 | 000,251,699 | ---- | C] () -- C:\Program Files\sample.gpx [2011.04.03 18:58:56 | 000,143,360 | ---- | C] () -- C:\Program Files\libexpat.dll [2011.04.03 18:58:56 | 000,137,728 | ---- | C] () -- C:\Program Files\oziapi.dll [2011.04.03 18:58:56 | 000,081,920 | ---- | C] () -- C:\Program Files\xmltok.dll [2011.04.03 18:58:56 | 000,065,024 | ---- | C] () -- C:\Program Files\ssleay32.dll [2011.04.03 18:58:56 | 000,053,248 | ---- | C] () -- C:\Program Files\xmlparse.dll [2011.04.03 18:58:56 | 000,009,728 | ---- | C] () -- C:\Program Files\gsakactive.exe [2011.04.03 18:58:56 | 000,001,544 | ---- | C] () -- C:\Program Files\CACHE.HTM [2011.04.03 18:58:56 | 000,000,967 | ---- | C] () -- C:\Program Files\babel.pif [2011.04.03 18:58:56 | 000,000,883 | ---- | C] () -- C:\Program Files\GSAK.STL [2011.04.03 18:58:56 | 000,000,727 | ---- | C] () -- C:\Program Files\CacheDescr.htm [2011.04.03 18:58:56 | 000,000,429 | ---- | C] () -- C:\Program Files\CacheLogs.htm [2011.04.03 18:58:56 | 000,000,418 | ---- | C] () -- C:\Program Files\PRINT.HTM [2011.04.03 18:58:56 | 000,000,402 | ---- | C] () -- C:\Program Files\PRINTH.HTM [2011.04.03 18:58:56 | 000,000,364 | ---- | C] () -- C:\Program Files\hints.htm [2011.04.03 18:58:56 | 000,000,268 | ---- | C] () -- C:\Program Files\ARC.STL [2011.04.03 18:58:56 | 000,000,073 | ---- | C] () -- C:\Program Files\logs.htm [2011.04.03 18:58:56 | 000,000,053 | ---- | C] () -- C:\Program Files\LogActivity.htm [2011.04.03 18:58:56 | 000,000,048 | ---- | C] () -- C:\Program Files\Children.htm [2011.04.03 18:58:56 | 000,000,040 | ---- | C] () -- C:\Program Files\BLANK.HTM [2011.04.03 18:58:56 | 000,000,015 | ---- | C] () -- C:\Program Files\MiniLogs.htm [2011.04.03 18:58:56 | 000,000,010 | ---- | C] () -- C:\Program Files\usbdrive.bin [2011.04.03 18:58:56 | 000,000,010 | ---- | C] () -- C:\Program Files\crc32.bin [2011.04.03 18:58:56 | 000,000,008 | ---- | C] () -- C:\Program Files\LogDescr.htm [2011.04.03 18:58:56 | 000,000,001 | ---- | C] () -- C:\Program Files\nil.bin [2011.04.03 18:58:55 | 001,402,880 | R--- | C] () -- C:\Program Files\static.db3 [2011.04.03 18:58:55 | 001,280,000 | R--- | C] () -- C:\Program Files\bb.db3 [2011.04.03 18:58:55 | 000,691,481 | ---- | C] () -- C:\Program Files\unins000.exe [2011.04.03 18:58:55 | 000,049,152 | ---- | C] () -- C:\Program Files\xmlwf.exe [2011.04.03 18:58:55 | 000,018,258 | ---- | C] () -- C:\Program Files\unins000.dat [2011.03.02 02:26:48 | 000,003,584 | ---- | C] () -- C:\Users\Zicke\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.02 02:13:06 | 001,526,060 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.02.25 21:07:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.22 09:20:24 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe [2010.09.22 09:20:23 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe [2010.03.19 09:34:36 | 000,001,105 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2009.07.26 22:07:52 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\windows\SysWow64\AgCPanelFrench.dll ========== LOP Check ========== [2011.09.26 20:10:45 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Audacity [2011.04.11 14:21:45 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2011.03.11 13:55:13 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Dropbox [2011.09.25 13:37:23 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\eurowin [2011.07.31 00:32:20 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\GHISLER [2011.06.05 01:38:26 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\gtk-2.0 [2011.05.16 13:04:58 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Nokia [2011.05.16 13:04:58 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Nokia Ovi Suite [2011.05.16 13:04:40 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\PC Suite [2011.04.15 00:57:35 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\PROGRA~1 [2011.09.26 20:15:31 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Samsung [2011.11.03 00:10:39 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\SoftGrid Client [2011.03.02 02:13:40 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\TP [2011.03.19 01:31:53 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Windows Live Writer [2011.03.14 15:09:41 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\XMedia Recode [2011.10.07 11:21:18 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.11.17 00:37:17 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Adobe [2011.11.11 16:26:02 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Apple Computer [2011.02.25 20:46:19 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\ATI [2011.09.26 20:10:45 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Audacity [2011.10.16 15:48:16 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Avira [2011.03.08 17:10:25 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\CyberLink [2011.04.11 14:21:45 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2011.02.28 15:03:18 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\DivX [2011.03.11 13:55:13 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Dropbox [2011.07.21 21:51:52 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\dvdcss [2011.09.25 13:37:23 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\eurowin [2011.07.31 00:32:20 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\GHISLER [2011.06.05 01:38:26 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\gtk-2.0 [2011.02.25 20:44:03 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Identities [2011.02.25 21:07:38 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\InstallShield [2011.02.25 20:44:23 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Intel Corporation [2011.02.25 20:57:40 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Macromedia [2011.05.11 11:41:56 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Malwarebytes [2009.07.26 05:47:55 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Media Center Programs [2011.05.04 20:09:38 | 000,000,000 | --SD | M] -- C:\Users\Zicke\AppData\Roaming\Microsoft [2011.02.25 22:07:06 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Mozilla [2011.05.16 13:04:58 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Nokia [2011.05.16 13:04:58 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Nokia Ovi Suite [2011.05.16 13:04:40 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\PC Suite [2011.04.15 00:57:35 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\PROGRA~1 [2011.09.26 20:15:31 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Samsung [2011.11.24 16:08:37 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Skype [2011.08.09 13:07:16 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\skypePM [2011.11.03 00:10:39 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\SoftGrid Client [2011.03.02 02:13:40 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\TP [2011.06.30 21:22:10 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\vlc [2011.03.19 01:31:53 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\Windows Live Writer [2011.03.14 15:09:41 | 000,000,000 | ---D | M] -- C:\Users\Zicke\AppData\Roaming\XMedia Recode < %APPDATA%\*.exe /s > [2011.04.11 14:14:03 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Zicke\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.02.25 23:52:30 | 000,010,134 | R--- | M] () -- C:\Users\Zicke\AppData\Roaming\Microsoft\Installer\{3E924C43-AA5E-7540-21BD-49F2FC750CC6}\ARPPRODUCTICON.exe [2011.11.22 14:42:33 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Zicke\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20621_none_39f398b8542b6259\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2010.03.03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\windows\SysNative\drivers\iaStor.sys [2010.03.03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ] < > < End of report > |
|
24.11.2011, 17:07
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mailer-Demon-Meldungen und X bei Hijackthis Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5}] C:\Windows\test.bat File not found
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKCU..\Run: [] File not found
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.11.2011, 17:42
| #11 |
| | Mailer-Demon-Meldungen und X bei HijackthisCode:
ATTFilter All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TaskTray deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Zicke
->Temp folder emptied: 2323324387 bytes
->Temporary Internet Files folder emptied: 243641482 bytes
->Java cache emptied: 53573441 bytes
->FireFox cache emptied: 1065452045 bytes
->Flash cache emptied: 179664 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 322388507 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 3.823,00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 11242011_172752
Files\Folders moved on Reboot...
C:\Users\Zicke\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
24.11.2011, 18:41
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mailer-Demon-Meldungen und X bei Hijackthis Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.11.2011, 20:49
| #13 |
| | Mailer-Demon-Meldungen und X bei HijackthisCode:
ATTFilter 20:47:04.0709 6016 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
20:47:05.0255 6016 ============================================================
20:47:05.0255 6016 Current date / time: 2011/11/24 20:47:05.0255
20:47:05.0255 6016 SystemInfo:
20:47:05.0255 6016
20:47:05.0255 6016 OS Version: 6.1.7601 ServicePack: 1.0
20:47:05.0255 6016 Product type: Workstation
20:47:05.0256 6016 ComputerName: ZICKE-PC
20:47:05.0256 6016 UserName: Zicke
20:47:05.0256 6016 Windows directory: C:\windows
20:47:05.0256 6016 System windows directory: C:\windows
20:47:05.0256 6016 Running under WOW64
20:47:05.0256 6016 Processor architecture: Intel x64
20:47:05.0256 6016 Number of processors: 8
20:47:05.0256 6016 Page size: 0x1000
20:47:05.0256 6016 Boot type: Normal boot
20:47:05.0256 6016 ============================================================
20:47:05.0548 6016 Initialize success
20:47:55.0040 5532 ============================================================
20:47:55.0040 5532 Scan started
20:47:55.0040 5532 Mode: Manual; SigCheck; TDLFS;
20:47:55.0040 5532 ============================================================
20:47:55.0299 5532 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
20:47:55.0380 5532 1394ohci - ok
20:47:55.0423 5532 acedrv10 (b8b7df85909de0e0da5b8e1bf67ef033) C:\windows\system32\drivers\acedrv10.sys
20:47:55.0490 5532 acedrv10 - ok
20:47:55.0509 5532 acehlp10 (e84de7cd4cbce0d9a03bd095ad1480b1) C:\windows\system32\drivers\acehlp10.sys
20:47:55.0526 5532 acehlp10 - ok
20:47:55.0560 5532 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
20:47:55.0574 5532 ACPI - ok
20:47:55.0657 5532 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
20:47:55.0694 5532 AcpiPmi - ok
20:47:55.0773 5532 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
20:47:55.0806 5532 adp94xx - ok
20:47:55.0855 5532 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
20:47:55.0871 5532 adpahci - ok
20:47:55.0879 5532 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
20:47:55.0892 5532 adpu320 - ok
20:47:55.0941 5532 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
20:47:56.0004 5532 AFD - ok
20:47:56.0035 5532 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
20:47:56.0057 5532 agp440 - ok
20:47:56.0127 5532 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
20:47:56.0146 5532 aliide - ok
20:47:56.0170 5532 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
20:47:56.0188 5532 amdide - ok
20:47:56.0224 5532 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
20:47:56.0278 5532 AmdK8 - ok
20:47:56.0440 5532 amdkmdag (d1d06810bf7e21f5763eb06cb7e7262b) C:\windows\system32\DRIVERS\atipmdag.sys
20:47:56.0566 5532 amdkmdag - ok
20:47:56.0596 5532 amdkmdap (6ba71d6616b56816e57394d77dd1bb6f) C:\windows\system32\DRIVERS\atikmpag.sys
20:47:56.0629 5532 amdkmdap - ok
20:47:56.0683 5532 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
20:47:56.0738 5532 AmdPPM - ok
20:47:56.0802 5532 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
20:47:56.0828 5532 amdsata - ok
20:47:56.0848 5532 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
20:47:56.0874 5532 amdsbs - ok
20:47:56.0890 5532 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
20:47:56.0905 5532 amdxata - ok
20:47:57.0018 5532 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
20:47:57.0078 5532 AppID - ok
20:47:57.0123 5532 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
20:47:57.0142 5532 arc - ok
20:47:57.0151 5532 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
20:47:57.0167 5532 arcsas - ok
20:47:57.0219 5532 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:47:57.0284 5532 AsyncMac - ok
20:47:57.0324 5532 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
20:47:57.0330 5532 atapi - ok
20:47:57.0386 5532 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\windows\system32\DRIVERS\athrx.sys
20:47:57.0456 5532 athr - ok
20:47:57.0536 5532 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\windows\system32\drivers\AtiHdmi.sys
20:47:57.0565 5532 AtiHdmiService - ok
20:47:57.0678 5532 atikmdag (d1d06810bf7e21f5763eb06cb7e7262b) C:\windows\system32\DRIVERS\atikmdag.sys
20:47:57.0772 5532 atikmdag - ok
20:47:57.0873 5532 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\windows\system32\DRIVERS\avgntflt.sys
20:47:57.0889 5532 avgntflt - ok
20:47:57.0912 5532 avipbb (d959309ececca73fc79f8ef8521346b2) C:\windows\system32\DRIVERS\avipbb.sys
20:47:57.0933 5532 avipbb - ok
20:47:57.0945 5532 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\windows\system32\DRIVERS\avkmgr.sys
20:47:57.0961 5532 avkmgr - ok
20:47:58.0040 5532 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
20:47:58.0119 5532 b06bdrv - ok
20:47:58.0197 5532 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:47:58.0268 5532 b57nd60a - ok
20:47:58.0325 5532 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:47:58.0412 5532 Beep - ok
20:47:58.0459 5532 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:47:58.0484 5532 blbdrive - ok
20:47:58.0522 5532 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
20:47:58.0534 5532 bowser - ok
20:47:58.0580 5532 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
20:47:58.0625 5532 BrFiltLo - ok
20:47:58.0632 5532 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
20:47:58.0645 5532 BrFiltUp - ok
20:47:58.0655 5532 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:47:58.0721 5532 Brserid - ok
20:47:58.0736 5532 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:47:58.0759 5532 BrSerWdm - ok
20:47:58.0776 5532 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:47:58.0806 5532 BrUsbMdm - ok
20:47:58.0862 5532 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:47:58.0885 5532 BrUsbSer - ok
20:47:58.0894 5532 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
20:47:58.0930 5532 BTHMODEM - ok
20:47:58.0974 5532 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:47:59.0017 5532 cdfs - ok
20:47:59.0113 5532 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
20:47:59.0160 5532 cdrom - ok
20:47:59.0232 5532 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
20:47:59.0282 5532 circlass - ok
20:47:59.0327 5532 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:47:59.0337 5532 CLFS - ok
20:47:59.0389 5532 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:47:59.0423 5532 CmBatt - ok
20:47:59.0462 5532 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
20:47:59.0480 5532 cmdide - ok
20:47:59.0541 5532 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
20:47:59.0577 5532 CNG - ok
20:47:59.0632 5532 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
20:47:59.0652 5532 Compbatt - ok
20:47:59.0684 5532 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
20:47:59.0746 5532 CompositeBus - ok
20:47:59.0786 5532 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
20:47:59.0803 5532 crcdisk - ok
20:47:59.0882 5532 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
20:47:59.0932 5532 DfsC - ok
20:47:59.0955 5532 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:47:59.0985 5532 discache - ok
20:48:00.0013 5532 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
20:48:00.0021 5532 Disk - ok
20:48:00.0059 5532 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:48:00.0087 5532 drmkaud - ok
20:48:00.0167 5532 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
20:48:00.0216 5532 DXGKrnl - ok
20:48:00.0245 5532 e1kexpress (52a482dc61f24b498c8268866b90bb44) C:\windows\system32\DRIVERS\e1k62x64.sys
20:48:00.0268 5532 e1kexpress - ok
20:48:00.0329 5532 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
20:48:00.0411 5532 ebdrv - ok
20:48:00.0485 5532 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
20:48:00.0520 5532 elxstor - ok
20:48:00.0546 5532 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
20:48:00.0575 5532 ErrDev - ok
20:48:00.0605 5532 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:48:00.0654 5532 exfat - ok
20:48:00.0668 5532 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:48:00.0736 5532 fastfat - ok
20:48:00.0798 5532 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
20:48:00.0857 5532 fdc - ok
20:48:00.0877 5532 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:48:00.0887 5532 FileInfo - ok
20:48:00.0896 5532 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:48:00.0941 5532 Filetrace - ok
20:48:01.0051 5532 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
20:48:01.0073 5532 flpydisk - ok
20:48:01.0114 5532 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
20:48:01.0127 5532 FltMgr - ok
20:48:01.0148 5532 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:48:01.0161 5532 FsDepends - ok
20:48:01.0171 5532 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
20:48:01.0183 5532 Fs_Rec - ok
20:48:01.0251 5532 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
20:48:01.0273 5532 fvevol - ok
20:48:01.0296 5532 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
20:48:01.0310 5532 gagp30kx - ok
20:48:01.0341 5532 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
20:48:01.0348 5532 GEARAspiWDM - ok
20:48:01.0428 5532 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:48:01.0487 5532 hcw85cir - ok
20:48:01.0523 5532 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
20:48:01.0575 5532 HdAudAddService - ok
20:48:01.0597 5532 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
20:48:01.0635 5532 HDAudBus - ok
20:48:01.0708 5532 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
20:48:01.0722 5532 HECIx64 - ok
20:48:01.0744 5532 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
20:48:01.0760 5532 HidBatt - ok
20:48:01.0768 5532 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
20:48:01.0802 5532 HidBth - ok
20:48:01.0809 5532 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
20:48:01.0848 5532 HidIr - ok
20:48:01.0953 5532 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
20:48:01.0977 5532 HidUsb - ok
20:48:01.0999 5532 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
20:48:02.0021 5532 HpSAMD - ok
20:48:02.0080 5532 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
20:48:02.0159 5532 HTTP - ok
20:48:02.0190 5532 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
20:48:02.0196 5532 hwpolicy - ok
20:48:02.0272 5532 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
20:48:02.0295 5532 i8042prt - ok
20:48:02.0319 5532 iaStor (abbf174cb394f5c437410a788b7e404a) C:\windows\system32\DRIVERS\iaStor.sys
20:48:02.0332 5532 iaStor - ok
20:48:02.0385 5532 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
20:48:02.0414 5532 iaStorV - ok
20:48:02.0567 5532 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
20:48:02.0665 5532 igfx - ok
20:48:02.0672 5532 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
20:48:02.0681 5532 iirsp - ok
20:48:02.0792 5532 IntcAzAudAddService (13089f31aa37cde1ce3784ee01a48484) C:\windows\system32\drivers\RTKVHD64.sys
20:48:02.0861 5532 IntcAzAudAddService - ok
20:48:02.0886 5532 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
20:48:02.0902 5532 intelide - ok
20:48:02.0934 5532 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
20:48:02.0963 5532 intelppm - ok
20:48:03.0066 5532 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:48:03.0136 5532 IpFilterDriver - ok
20:48:03.0168 5532 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
20:48:03.0188 5532 IPMIDRV - ok
20:48:03.0203 5532 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:48:03.0233 5532 IPNAT - ok
20:48:03.0296 5532 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:48:03.0333 5532 IRENUM - ok
20:48:03.0368 5532 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
20:48:03.0377 5532 isapnp - ok
20:48:03.0393 5532 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
20:48:03.0408 5532 iScsiPrt - ok
20:48:03.0432 5532 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
20:48:03.0442 5532 kbdclass - ok
20:48:03.0520 5532 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
20:48:03.0567 5532 kbdhid - ok
20:48:03.0612 5532 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
20:48:03.0629 5532 KSecDD - ok
20:48:03.0668 5532 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
20:48:03.0686 5532 KSecPkg - ok
20:48:03.0741 5532 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:48:03.0797 5532 ksthunk - ok
20:48:03.0830 5532 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:48:03.0859 5532 lltdio - ok
20:48:03.0891 5532 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
20:48:03.0901 5532 LSI_FC - ok
20:48:03.0950 5532 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
20:48:03.0973 5532 LSI_SAS - ok
20:48:03.0988 5532 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
20:48:04.0010 5532 LSI_SAS2 - ok
20:48:04.0020 5532 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
20:48:04.0043 5532 LSI_SCSI - ok
20:48:04.0064 5532 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:48:04.0127 5532 luafv - ok
20:48:04.0188 5532 lvpopf64 (ce6e5146039d248feb991fbc9e2b6a7b) C:\windows\system32\DRIVERS\lvpopf64.sys
20:48:04.0216 5532 lvpopf64 - ok
20:48:04.0304 5532 LVUSBS64 (6d5ea90f86f9b28cd44af6ba9be03bf9) C:\windows\system32\drivers\LVUSBS64.sys
20:48:04.0320 5532 LVUSBS64 - ok
20:48:04.0388 5532 LVUVC64 (eb12688842ede30c843a123fa6855858) C:\windows\system32\DRIVERS\lvuvc64.sys
20:48:04.0463 5532 LVUVC64 - ok
20:48:04.0488 5532 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
20:48:04.0497 5532 megasas - ok
20:48:04.0506 5532 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
20:48:04.0519 5532 MegaSR - ok
20:48:04.0580 5532 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:48:04.0629 5532 Modem - ok
20:48:04.0653 5532 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:48:04.0683 5532 monitor - ok
20:48:04.0728 5532 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
20:48:04.0741 5532 mouclass - ok
20:48:04.0811 5532 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
20:48:04.0841 5532 mouhid - ok
20:48:04.0872 5532 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
20:48:04.0881 5532 mountmgr - ok
20:48:04.0915 5532 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
20:48:04.0931 5532 mpio - ok
20:48:04.0938 5532 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:48:04.0976 5532 mpsdrv - ok
20:48:05.0008 5532 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
20:48:05.0069 5532 MRxDAV - ok
20:48:05.0138 5532 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
20:48:05.0179 5532 mrxsmb - ok
20:48:05.0224 5532 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:48:05.0257 5532 mrxsmb10 - ok
20:48:05.0276 5532 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:48:05.0294 5532 mrxsmb20 - ok
20:48:05.0324 5532 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
20:48:05.0339 5532 msahci - ok
20:48:05.0399 5532 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
20:48:05.0424 5532 msdsm - ok
20:48:05.0468 5532 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:48:05.0509 5532 Msfs - ok
20:48:05.0522 5532 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:48:05.0557 5532 mshidkmdf - ok
20:48:05.0594 5532 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
20:48:05.0609 5532 msisadrv - ok
20:48:05.0673 5532 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:48:05.0718 5532 MSKSSRV - ok
20:48:05.0727 5532 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:48:05.0768 5532 MSPCLOCK - ok
20:48:05.0810 5532 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:48:05.0867 5532 MSPQM - ok
20:48:05.0897 5532 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
20:48:05.0907 5532 MsRPC - ok
20:48:05.0984 5532 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
20:48:06.0000 5532 mssmbios - ok
20:48:06.0043 5532 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:48:06.0111 5532 MSTEE - ok
20:48:06.0127 5532 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
20:48:06.0157 5532 MTConfig - ok
20:48:06.0194 5532 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:48:06.0210 5532 Mup - ok
20:48:06.0282 5532 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:48:06.0330 5532 NativeWifiP - ok
20:48:06.0382 5532 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
20:48:06.0411 5532 NDIS - ok
20:48:06.0441 5532 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:48:06.0473 5532 NdisCap - ok
20:48:06.0527 5532 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:48:06.0571 5532 NdisTapi - ok
20:48:06.0609 5532 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
20:48:06.0672 5532 Ndisuio - ok
20:48:06.0705 5532 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
20:48:06.0766 5532 NdisWan - ok
20:48:06.0801 5532 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
20:48:06.0862 5532 NDProxy - ok
20:48:06.0937 5532 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:48:06.0983 5532 NetBIOS - ok
20:48:07.0020 5532 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
20:48:07.0078 5532 NetBT - ok
20:48:07.0103 5532 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
20:48:07.0112 5532 nfrd960 - ok
20:48:07.0154 5532 nmwcd (903681bab213d5f84717c0fc42afb28a) C:\windows\system32\drivers\ccdcmbx64.sys
20:48:07.0197 5532 nmwcd - ok
20:48:07.0256 5532 nmwcdc (ec4c5ebd003e0395bf4ea5a2efd13ce6) C:\windows\system32\drivers\ccdcmbox64.sys
20:48:07.0286 5532 nmwcdc - ok
20:48:07.0308 5532 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:48:07.0340 5532 Npfs - ok
20:48:07.0351 5532 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:48:07.0382 5532 nsiproxy - ok
20:48:07.0430 5532 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
20:48:07.0457 5532 Ntfs - ok
20:48:07.0516 5532 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:48:07.0581 5532 Null - ok
20:48:07.0627 5532 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
20:48:07.0650 5532 nvraid - ok
20:48:07.0663 5532 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
20:48:07.0677 5532 nvstor - ok
20:48:07.0709 5532 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
20:48:07.0721 5532 nv_agp - ok
20:48:07.0772 5532 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
20:48:07.0808 5532 ohci1394 - ok
20:48:07.0843 5532 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
20:48:07.0868 5532 Parport - ok
20:48:07.0903 5532 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
20:48:07.0914 5532 partmgr - ok
20:48:08.0041 5532 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\windows\system32\DRIVERS\pccsmcfdx64.sys
20:48:08.0117 5532 pccsmcfd - ok
20:48:08.0162 5532 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
20:48:08.0183 5532 pci - ok
20:48:08.0202 5532 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
20:48:08.0213 5532 pciide - ok
20:48:08.0235 5532 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
20:48:08.0253 5532 pcmcia - ok
20:48:08.0271 5532 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:48:08.0281 5532 pcw - ok
20:48:08.0305 5532 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:48:08.0358 5532 PEAUTH - ok
20:48:08.0439 5532 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
20:48:08.0471 5532 PptpMiniport - ok
20:48:08.0493 5532 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
20:48:08.0504 5532 Processor - ok
20:48:08.0553 5532 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
20:48:08.0604 5532 Psched - ok
20:48:08.0669 5532 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
20:48:08.0680 5532 PxHlpa64 - ok
20:48:08.0718 5532 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
20:48:08.0779 5532 ql2300 - ok
20:48:08.0791 5532 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
20:48:08.0804 5532 ql40xx - ok
20:48:08.0821 5532 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:48:08.0854 5532 QWAVEdrv - ok
20:48:08.0911 5532 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:48:08.0965 5532 RasAcd - ok
20:48:08.0996 5532 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:48:09.0031 5532 RasAgileVpn - ok
20:48:09.0064 5532 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
20:48:09.0102 5532 Rasl2tp - ok
20:48:09.0128 5532 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:48:09.0181 5532 RasPppoe - ok
20:48:09.0236 5532 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:48:09.0290 5532 RasSstp - ok
20:48:09.0319 5532 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
20:48:09.0357 5532 rdbss - ok
20:48:09.0378 5532 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
20:48:09.0389 5532 rdpbus - ok
20:48:09.0401 5532 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:48:09.0424 5532 RDPCDD - ok
20:48:09.0483 5532 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:48:09.0533 5532 RDPENCDD - ok
20:48:09.0546 5532 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:48:09.0572 5532 RDPREFMP - ok
20:48:09.0610 5532 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
20:48:09.0657 5532 RDPWD - ok
20:48:09.0705 5532 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
20:48:09.0724 5532 rdyboost - ok
20:48:09.0815 5532 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:48:09.0853 5532 rspndr - ok
20:48:09.0879 5532 RTHDMIAzAudService (c618475866f6a7129f64a55961c1bb8b) C:\windows\system32\drivers\RtHDMIVX.sys
20:48:09.0906 5532 RTHDMIAzAudService - ok
20:48:09.0944 5532 RTL8023x64 (68dd0457d18fccef7384ae84022f0c86) C:\windows\system32\DRIVERS\Rtnic64.sys
20:48:09.0960 5532 RTL8023x64 - ok
20:48:10.0036 5532 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
20:48:10.0060 5532 sbp2port - ok
20:48:10.0090 5532 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
20:48:10.0128 5532 scfilter - ok
20:48:10.0202 5532 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:48:10.0256 5532 secdrv - ok
20:48:10.0290 5532 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
20:48:10.0299 5532 Serenum - ok
20:48:10.0312 5532 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
20:48:10.0349 5532 Serial - ok
20:48:10.0391 5532 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
20:48:10.0416 5532 sermouse - ok
20:48:10.0488 5532 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
20:48:10.0522 5532 sffdisk - ok
20:48:10.0543 5532 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
20:48:10.0569 5532 sffp_mmc - ok
20:48:10.0582 5532 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
20:48:10.0607 5532 sffp_sd - ok
20:48:10.0630 5532 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
20:48:10.0674 5532 sfloppy - ok
20:48:10.0750 5532 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\windows\system32\DRIVERS\Sftfslh.sys
20:48:10.0786 5532 Sftfs - ok
20:48:10.0843 5532 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\windows\system32\DRIVERS\Sftplaylh.sys
20:48:10.0859 5532 Sftplay - ok
20:48:10.0871 5532 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\windows\system32\DRIVERS\Sftredirlh.sys
20:48:10.0878 5532 Sftredir - ok
20:48:10.0893 5532 Sftvol (393b22addd89979eb1c60898f51c3648) C:\windows\system32\DRIVERS\Sftvollh.sys
20:48:10.0902 5532 Sftvol - ok
20:48:10.0934 5532 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
20:48:10.0948 5532 SiSRaid2 - ok
20:48:10.0983 5532 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
20:48:11.0002 5532 SiSRaid4 - ok
20:48:11.0017 5532 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:48:11.0069 5532 Smb - ok
20:48:11.0113 5532 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:48:11.0128 5532 spldr - ok
20:48:11.0180 5532 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
20:48:11.0214 5532 srv - ok
20:48:11.0273 5532 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
20:48:11.0303 5532 srv2 - ok
20:48:11.0328 5532 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
20:48:11.0352 5532 srvnet - ok
20:48:11.0397 5532 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\windows\system32\DRIVERS\ssadbus.sys
20:48:11.0417 5532 ssadbus - ok
20:48:11.0479 5532 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\windows\system32\DRIVERS\ssadmdfl.sys
20:48:11.0485 5532 ssadmdfl - ok
20:48:11.0514 5532 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\windows\system32\DRIVERS\ssadmdm.sys
20:48:11.0524 5532 ssadmdm - ok
20:48:11.0568 5532 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
20:48:11.0587 5532 stexstor - ok
20:48:11.0630 5532 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
20:48:11.0648 5532 swenum - ok
20:48:11.0750 5532 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
20:48:11.0785 5532 Tcpip - ok
20:48:11.0807 5532 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
20:48:11.0830 5532 TCPIP6 - ok
20:48:11.0844 5532 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
20:48:11.0890 5532 tcpipreg - ok
20:48:11.0931 5532 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:48:11.0974 5532 TDPIPE - ok
20:48:11.0981 5532 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
20:48:12.0009 5532 TDTCP - ok
20:48:12.0078 5532 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
20:48:12.0128 5532 tdx - ok
20:48:12.0156 5532 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
20:48:12.0175 5532 TermDD - ok
20:48:12.0254 5532 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
20:48:12.0303 5532 tssecsrv - ok
20:48:12.0375 5532 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
20:48:12.0418 5532 TsUsbFlt - ok
20:48:12.0463 5532 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
20:48:12.0503 5532 tunnel - ok
20:48:12.0529 5532 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
20:48:12.0538 5532 uagp35 - ok
20:48:12.0607 5532 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
20:48:12.0658 5532 udfs - ok
20:48:12.0680 5532 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
20:48:12.0689 5532 uliagpkx - ok
20:48:12.0729 5532 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
20:48:12.0758 5532 umbus - ok
20:48:12.0765 5532 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
20:48:12.0797 5532 UmPass - ok
20:48:12.0863 5532 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
20:48:12.0899 5532 USBAAPL64 - ok
20:48:12.0953 5532 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
20:48:12.0993 5532 usbaudio - ok
20:48:13.0028 5532 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
20:48:13.0075 5532 usbccgp - ok
20:48:13.0105 5532 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
20:48:13.0149 5532 usbcir - ok
20:48:13.0184 5532 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
20:48:13.0219 5532 usbehci - ok
20:48:13.0306 5532 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
20:48:13.0347 5532 usbhub - ok
20:48:13.0363 5532 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
20:48:13.0394 5532 usbohci - ok
20:48:13.0423 5532 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
20:48:13.0452 5532 usbprint - ok
20:48:13.0520 5532 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
20:48:13.0537 5532 USBSTOR - ok
20:48:13.0555 5532 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
20:48:13.0578 5532 usbuhci - ok
20:48:13.0614 5532 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
20:48:13.0623 5532 vdrvroot - ok
20:48:13.0687 5532 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:48:13.0712 5532 vga - ok
20:48:13.0726 5532 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:48:13.0756 5532 VgaSave - ok
20:48:13.0784 5532 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
20:48:13.0797 5532 vhdmp - ok
20:48:13.0822 5532 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
20:48:13.0830 5532 viaide - ok
20:48:13.0888 5532 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
20:48:13.0902 5532 volmgr - ok
20:48:13.0946 5532 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
20:48:13.0960 5532 volmgrx - ok
20:48:13.0975 5532 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
20:48:13.0993 5532 volsnap - ok
20:48:14.0013 5532 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
20:48:14.0029 5532 vsmraid - ok
20:48:14.0050 5532 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:48:14.0073 5532 vwifibus - ok
20:48:14.0123 5532 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
20:48:14.0147 5532 vwififlt - ok
20:48:14.0166 5532 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
20:48:14.0183 5532 vwifimp - ok
20:48:14.0193 5532 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
20:48:14.0213 5532 WacomPen - ok
20:48:14.0256 5532 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:48:14.0306 5532 WANARP - ok
20:48:14.0309 5532 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:48:14.0333 5532 Wanarpv6 - ok
20:48:14.0358 5532 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
20:48:14.0366 5532 Wd - ok
20:48:14.0429 5532 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:48:14.0460 5532 Wdf01000 - ok
20:48:14.0509 5532 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:48:14.0532 5532 WfpLwf - ok
20:48:14.0565 5532 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
20:48:14.0588 5532 WimFltr - ok
20:48:14.0646 5532 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:48:14.0665 5532 WIMMount - ok
20:48:14.0691 5532 WinI2C-DDC (66c365b542195c1f6e2ff4a7d8f3827c) C:\windows\system32\drivers\DDCDrv.sys
20:48:14.0702 5532 WinI2C-DDC - ok
20:48:14.0754 5532 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
20:48:14.0795 5532 WinUsb - ok
20:48:14.0814 5532 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
20:48:14.0823 5532 WmiAcpi - ok
20:48:14.0902 5532 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:48:14.0954 5532 ws2ifsl - ok
20:48:14.0977 5532 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
20:48:14.0986 5532 wsvd - ok
20:48:15.0021 5532 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
20:48:15.0055 5532 WudfPf - ok
20:48:15.0108 5532 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
20:48:15.0154 5532 WUDFRd - ok
20:48:15.0207 5532 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\windows\system32\DRIVERS\yk62x64.sys
20:48:15.0250 5532 yukonw7 - ok
20:48:15.0261 5532 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:48:16.0045 5532 \Device\Harddisk0\DR0 - ok
20:48:16.0049 5532 Boot (0x1200) (841ea0bd2bc237c56ebbf304a967c15d) \Device\Harddisk0\DR0\Partition0
20:48:16.0050 5532 \Device\Harddisk0\DR0\Partition0 - ok
20:48:16.0093 5532 Boot (0x1200) (ce2013012e21895682bc4b75b5d11326) \Device\Harddisk0\DR0\Partition1
20:48:16.0094 5532 \Device\Harddisk0\DR0\Partition1 - ok
20:48:16.0095 5532 ============================================================
20:48:16.0095 5532 Scan finished
20:48:16.0095 5532 ============================================================
20:48:16.0111 5524 Detected object count: 0
20:48:16.0111 5524 Actual detected object count: 0
|
|
24.11.2011, 20:51
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mailer-Demon-Meldungen und X bei Hijackthis Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.11.2011, 21:21
| #15 |
| | Mailer-Demon-Meldungen und X bei Hijackthis Puuuuh...*Durchblick verloren* Code:
ATTFilter ComboFix 11-11-24.01 - Zicke 24.11.2011 21:07:04.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4031.2571 [GMT 1:00]
ausgeführt von:: c:\users\Zicke\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Zicke\AppData\Local\Temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-24 bis 2011-11-24 ))))))))))))))))))))))))))))))
.
.
2011-11-24 20:11 . 2011-11-24 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-24 16:27 . 2011-11-24 16:27 -------- d-----w- C:\_OTL
2011-11-24 15:07 . 2011-11-24 15:07 -------- d-----w- c:\windows\system32\Macromed
2011-11-23 19:04 . 2011-11-23 19:04 -------- d-----w- c:\program files (x86)\ESET
2011-11-22 13:42 . 2011-11-22 13:42 388096 ----a-r- c:\users\Zicke\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-22 13:42 . 2011-11-22 13:42 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-22 07:23 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{776E2B74-0783-4830-AE47-93C6A5137303}\mpengine.dll
2011-11-17 23:12 . 2011-11-17 23:13 -------- d-----w- c:\program files\iTunes
2011-11-17 23:12 . 2011-11-17 23:12 -------- d-----w- c:\program files\iPod
2011-11-11 15:18 . 2011-11-11 15:26 -------- d-----w- c:\users\Zicke\AppData\Roaming\Apple Computer
2011-11-11 15:18 . 2011-11-11 15:18 -------- d-----w- c:\users\Zicke\AppData\Local\Apple Computer
2011-11-11 15:18 . 2009-05-18 12:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-11-11 15:18 . 2008-04-17 11:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-11-11 15:18 . 2008-04-17 11:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-11-11 15:18 . 2011-11-17 23:13 -------- d-----w- c:\program files (x86)\iTunes
2011-11-11 15:18 . 2011-11-11 15:18 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-11-11 15:18 . 2011-11-11 15:18 -------- d-----w- c:\programdata\Apple Computer
2011-11-11 15:16 . 2011-11-11 15:16 -------- d-----w- c:\users\Zicke\AppData\Local\Apple
2011-11-11 15:16 . 2011-11-11 15:16 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-11-11 15:16 . 2011-11-17 23:03 -------- d-----w- c:\program files\Common Files\Apple
2011-11-11 15:16 . 2011-11-11 15:16 -------- d-----w- c:\program files\Bonjour
2011-11-11 15:16 . 2011-11-11 15:16 -------- d-----w- c:\program files (x86)\Bonjour
2011-11-11 15:16 . 2011-11-17 23:12 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-11-11 15:16 . 2011-11-11 15:16 -------- d-----w- c:\programdata\Apple
2011-11-10 14:48 . 2011-11-18 11:59 -------- d-----w- c:\users\Zicke\AppData\Local\Akamai
2011-11-09 09:51 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 09:51 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 09:51 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 09:51 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-10-31 23:44 . 2011-10-31 23:44 -------- d-----w- C:\Temp
2011-10-28 21:24 . 2011-11-17 20:34 -------- d-----w- c:\users\Zicke\Tracing
2011-10-26 10:24 . 2011-10-26 10:24 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-26 10:21 . 2011-08-13 05:27 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-26 10:21 . 2011-08-13 04:18 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 15:07 . 2011-05-16 22:07 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-18 19:09 . 2011-10-18 19:09 98304 ----a-w- c:\windows\SysWow64\jmg723.dll
2011-10-18 19:09 . 2011-10-18 19:09 77824 ----a-w- c:\windows\SysWow64\jmmpegv.dll
2011-10-18 19:09 . 2011-10-18 19:09 73728 ----a-w- c:\windows\SysWow64\jmutil.dll
2011-10-18 19:09 . 2011-10-18 19:09 65536 ----a-w- c:\windows\SysWow64\jdshow.dll
2011-10-18 19:09 . 2011-10-18 19:09 57344 ----a-w- c:\windows\SysWow64\jmgsm.dll
2011-10-18 19:09 . 2011-10-18 19:09 53248 ----a-w- c:\windows\SysWow64\jmam.dll
2011-10-18 19:09 . 2011-10-18 19:09 49152 ----a-w- c:\windows\SysWow64\jmcvid.dll
2011-10-18 19:09 . 2011-10-18 19:09 49152 ----a-w- c:\windows\SysWow64\jmacm.dll
2011-10-18 19:09 . 2011-10-18 19:09 45056 ----a-w- c:\windows\SysWow64\jmvfw.dll
2011-10-18 19:09 . 2011-10-18 19:09 413696 ----a-w- c:\windows\SysWow64\jsound.dll
2011-10-18 19:09 . 2011-10-18 19:09 40960 ----a-w- c:\windows\SysWow64\jmdaud.dll
2011-10-18 19:09 . 2011-10-18 19:09 380928 ----a-w- c:\windows\SysWow64\jmmpa.dll
2011-10-18 19:09 . 2011-10-18 19:09 36864 ----a-w- c:\windows\SysWow64\jmvcm.dll
2011-10-18 19:09 . 2011-10-18 19:09 36864 ----a-w- c:\windows\SysWow64\jmgdi.dll
2011-10-18 19:09 . 2011-10-18 19:09 32768 ----a-w- c:\windows\SysWow64\jmfjawt.dll
2011-10-18 19:09 . 2011-10-18 19:09 32768 ----a-w- c:\windows\SysWow64\jmddraw.dll
2011-10-18 19:09 . 2011-10-18 19:09 28672 ----a-w- c:\windows\SysWow64\jmmci.dll
2011-10-18 19:09 . 2011-10-18 19:09 28672 ----a-w- c:\windows\SysWow64\jmdaudc.dll
2011-10-18 19:09 . 2011-10-18 19:09 282624 ----a-w- c:\windows\SysWow64\jmh261.dll
2011-10-18 19:09 . 2011-10-18 19:09 184320 ----a-w- c:\windows\SysWow64\jmvh263.dll
2011-10-18 19:09 . 2011-10-18 19:09 159744 ----a-w- c:\windows\SysWow64\civil.dll
2011-10-18 19:09 . 2011-10-18 19:09 143360 ----a-w- c:\windows\SysWow64\jmjpeg.dll
2011-10-18 19:09 . 2011-10-18 19:09 106496 ----a-w- c:\windows\SysWow64\jmh263enc.dll
2011-10-11 13:00 . 2011-10-16 14:47 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-16 14:47 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-11 13:00 . 2011-10-16 14:47 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-03 03:06 . 2011-03-02 02:00 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-01 03:25 . 2011-10-13 12:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-13 12:18 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 16:00 . 2011-05-11 10:41 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 22:05 . 2011-08-30 22:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-30 22:05 . 2011-08-30 22:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-08-27 05:37 . 2011-10-13 12:18 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-13 12:18 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-13 12:18 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-13 12:18 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-04-03 17:58 . 2011-04-03 17:58 691481 ----a-w- c:\program files\unins000.exe
2011-01-25 03:49 . 2011-04-03 17:58 10 ----a-w- c:\program files\usbdrive.bin
2011-01-25 03:49 . 2011-04-03 17:58 10 ----a-w- c:\program files\crc32.bin
2011-01-25 03:49 . 2011-04-03 17:58 9046528 ----a-w- c:\program files\gsak.exe
2010-10-15 15:58 . 2011-04-03 17:58 2120192 ----a-w- c:\program files\d10.dll
2010-10-10 12:08 . 2011-04-03 17:58 1573524 ----a-w- c:\program files\gpsbabel.exe
2010-02-10 15:48 . 2011-04-03 17:58 1259008 ----a-w- c:\program files\MacroEditor.exe
2010-01-18 14:32 . 2011-04-03 17:58 1127424 ----a-w- c:\program files\gsakdual.exe
2009-12-10 04:31 . 2011-04-03 17:58 935424 ----a-w- c:\program files\FolderShow.exe
2008-10-08 10:27 . 2011-04-03 17:58 524288 ----a-w- c:\program files\cweudf.dll
2007-12-01 04:41 . 2011-04-03 17:58 9728 ----a-w- c:\program files\gsakactive.exe
2006-06-29 15:36 . 2011-04-03 17:58 1 ----a-w- c:\program files\nil.bin
2004-06-09 16:49 . 2011-04-03 17:58 967 ----a-w- c:\program files\babel.pif
2004-04-22 07:56 . 2011-04-03 17:58 137728 ----a-w- c:\program files\oziapi.dll
2004-01-12 08:30 . 2011-04-03 17:58 143360 ----a-w- c:\program files\libexpat.dll
2003-11-02 08:18 . 2011-04-03 17:58 65024 ----a-w- c:\program files\ssleay32.dll
2003-11-02 08:18 . 2011-04-03 17:58 296960 ----a-w- c:\program files\libeay32.dll
2002-07-10 10:00 . 2011-04-03 17:58 81920 ----a-w- c:\program files\SDE60.DLL
2002-07-10 10:00 . 2011-04-03 17:58 150016 ----a-w- c:\program files\SDENSX60.DLL
2000-05-22 08:03 . 2011-04-03 17:58 53248 ----a-w- c:\program files\xmlparse.dll
2000-05-22 08:03 . 2011-04-03 17:58 49152 ----a-w- c:\program files\xmlwf.exe
2000-05-12 10:58 . 2011-04-03 17:58 81920 ----a-w- c:\program files\xmltok.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-08-22 20880]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"jmekey"="c:\program files (x86)\jmesoft\hotkey.exe" [2009-07-16 114688]
"ModeSwitch"="c:\program files\Lenovo\Power Dial\LitModeSwitch.exe" [2009-09-27 163840]
"Healthcare"="c:\program files\Lenovo\HealthCare\HealthCare.exe" [2009-09-28 827392]
"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 90112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-08-22 958352]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-06 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-06 136176]
R3 LitModeCtrl;LitModeCtrl;c:\program files\Lenovo\Power Dial\LitModeCtrl.exe [2009-09-27 81920]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
R3 LVUVC64;Logitech QuickCam Fusion(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [x]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 CDMA Device Service;CDMA Device Service;c:\program files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [2011-08-02 159232]
S2 CEEBC40A-FDED-4C59-B354-939132350B01;Roxio File Backup Service;c:\program files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe [2009-10-12 96752]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 LenovoCOMSvc;LenovoCOMService;c:\program files\Lenovo\Power Dial\LenovoCOMSvc.exe [2009-09-30 49152]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys [2008-04-08 20832]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-06 19:18]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-06 19:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-18 11775592]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-08-22 3507088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://mythos-europe.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Zicke\AppData\Roaming\Mozilla\Firefox\Profiles\ag8osv4v.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-24 21:17:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-11-24 20:17
.
Vor Suchlauf: 10 Verzeichnis(se), 874.878.103.552 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 874.494.361.600 Bytes frei
.
- - End Of File - - 0DE2CAF5CF2668EE95FFC85FDC9EC99A
|
|
| Themen zu Mailer-Demon-Meldungen und X bei Hijackthis |
| adresse, antimalwarebytes, auswertung, avira, bereich, einfach, files, gen, heute, hijack, hijackthi, hijackthis, infizierte, infizierte dateien, komische, komplett, logfile, mails, neu, neustarten, problem, prozesse, rechner, spambot, starten, trojan.dropper.pgen, updater.exe |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
