| |
| |||||||
Log-Analyse und Auswertung: Zero-Access BefallWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.09.2012, 14:53
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Zero-Access Befall Ja bitte deinstallieren, Windows neu starten und mal wieder ein neues OTL-Log machen 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.09.2012, 16:10
| #17 |
 | Zero-Access Befall Spybot deinstalliert.
__________________Soweit ich überblick über mein System habe, ist jetzt nur noch Avast als Schutzsoftware installiert. Code:
ATTFilter OTL logfile created on: 18.09.2012 16:43:31 - Run 4
OTL by OldTimer - Version 3.2.63.0 Folder = C:\Users\Maximilian\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 65,85% Memory free
7,73 Gb Paging File | 6,43 Gb Available in Paging File | 83,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,66 Gb Total Space | 58,74 Gb Free Space | 12,95% Space Free | Partition Type: NTFS
Computer Name: MAXIMILIAN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.09.18 16:42:09 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Maximilian\Downloads\OTL(2).exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.23 10:17:28 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe
PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.04.20 11:32:00 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.27 09:47:20 | 000,828,944 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe
PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.02.15 18:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe
PRC - [2009.12.24 03:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.12.09 10:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.09 10:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012.06.25 15:07:34 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.04.01 15:11:34 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.12.10 01:15:06 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012.09.08 09:14:05 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.23 10:17:28 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher)
SRV - [2012.08.15 20:25:46 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.20 11:32:00 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.01.27 09:47:20 | 000,828,944 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe -- (tvnserver)
SRV - [2012.01.13 19:14:22 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011.09.07 16:06:28 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.02.15 18:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2010.05.14 14:46:40 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.04.01 15:16:50 | 001,401,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.04.01 15:11:26 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.03.18 20:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.24 03:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.12.09 10:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.12.09 10:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.09.07 17:42:40 | 000,027,256 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FixZeroAccess.sys -- (FixZeroAccess)
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.08.03 10:23:28 | 000,035,064 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\CFRMD.sys -- (CFRMD)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.12.20 11:34:06 | 000,015,768 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVVideoCardMirror.sys -- (AirDisplayMirror)
DRV:64bit: - [2011.12.20 11:34:04 | 000,015,768 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVVideoCard.sys -- (AirDisplay)
DRV:64bit: - [2011.09.08 18:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.04.13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011.04.08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.05.16 21:06:48 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.12.17 20:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.12.10 13:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.12.10 03:40:30 | 006,179,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.12.10 03:40:30 | 006,179,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2009.12.09 07:18:34 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.12.02 09:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.11.06 06:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.10.16 13:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.02.04 14:20:09 | 000,053,816 | R--- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DgivEcp.sys -- (DgiVecp)
DRV:64bit: - [2009.01.14 18:55:38 | 000,092,672 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2008.01.03 06:40:42 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2007.06.20 14:57:36 | 000,029,184 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV - [2010.02.24 14:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360510f145l0424z1m5t4422j817
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360510f145l0424z1m5t4422j817
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360510f145l0424z1m5t4422j817
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2E3B}: "URL" = hxxp://www.gooofullsearch.com/google?q={searchTerms}
IE - HKCU\..\SearchScopes\{21D6CCA5-F176-4698-A472-8677FCF64A18}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NDV&o=41648033&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=96&apn_dtid=&apn_uid=0D69EB74-8EE6-4A1B-8B71-D15264F79C18&apn_sauid=50F65829-0885-40D7-BDBF-66EA03ABC47F&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.31 13:04:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.31 13:04:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.09.29 20:00:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.09.05 21:59:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 09:14:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.17 18:25:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.23 22:13:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.08.17 18:25:10 | 000,000,000 | ---D | M]
[2012.03.01 11:59:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2012.09.16 23:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\odke87nw.default\extensions
[2012.03.01 11:55:55 | 000,000,000 | ---D | M] (Free software Gooofull toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\odke87nw.default\extensions\{181F4BBC-2453-40D2-B42C-3135E3B07C7B}
[2012.07.16 00:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.05 21:59:38 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.09.08 09:14:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.08 09:14:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - Extension: DivX HiQ = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: avast! WebRep = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
O1 HOSTS File: ([2012.07.11 18:31:58 | 000,443,436 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 178.32.95.1 paypal.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15234 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\RunOnce: [FixZeroAccess] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [!SearchquDSFF] C:\Windows\system32\RUNDLL32.EXE C:\Users\Admin\AppData\Local\Temp\SRASSE~1.DLL,_SetFirefoxAssets Search Results,Search_Results,hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=, File not found
O4 - HKCU..\RunOnce: [!SearchquFFHP] C:\Windows\system32\RUNDLL32.EXE C:\Users\Admin\AppData\Local\Temp\INSTAL~1.DLL,_SetFirefoxHP hxxp://www.searchqu.com/413, File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe (Adobe Systems Incorporated)
O4 - HKCU..\RunOnce: [Report] \AdwCleaner[S1].txt ()
O4 - HKCU..\RunOnce: [SpybotDeletingB1151] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fil.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB1313] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_te.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB1578] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-BR.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB1613] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-TW.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB1625] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lt.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB1966] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_cs.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB2056] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_nl.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB2176] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_kn.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB2446] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_mr.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB2474] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ru.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB2522] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ml.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB2721] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\FacebookCrashHandler.exe" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB2773] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_iw.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB2845] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ja.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB2881] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ro.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB2956] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bn.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB2966] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pl.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB3445] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_or.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB3571] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sr.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB3774] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sv.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB3851] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ur.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB3902] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_da.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB3953] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ar.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB4005] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es-419.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB4038] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-CN.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB4056] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_is.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB4059] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fr.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB4124] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bg.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB4215] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ms.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB4425] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB4643] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hu.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB4801] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_gu.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB4802] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdate.exe" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB493] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lv.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB496] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_de.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB5293] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hi.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB5475] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_tr.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB5676] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_et.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB5798] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fa.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB6340] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sl.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB658] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fi.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB6691] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sk.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB6695] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_it.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB6830] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en-GB.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB7325] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ko.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB7399] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_vi.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB7959] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB8185] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hr.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB8567] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_no.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB8614] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_id.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB8662] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_uk.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB881] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdate.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB9144] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ta.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB9304] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ca.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB9650] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdateHelper.msi" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB972] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_el.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB9909] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_th.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB9970] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-PT.dll" File not found
O4 - HKCU..\RunOnce: [SpybotDeletingD1103] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD1105] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD1290] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD1370] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD175] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD1953] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD214] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD2592] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD2649] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD2743] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD2990] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD3041] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD3119] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD328] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD3676] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD3812] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD3957] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD4056] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD4110] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD4217] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD4271] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD4351] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD4391] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD4428] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD467] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD4683] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD4764] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD4910] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD5145] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD5382] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD5514] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD5571] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD5649] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD6035] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD6119] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD6133] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD6196] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD6644] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD7047] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD7175] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD7263] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD7275] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD7422] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD7793] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD78] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD7904] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD7915] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD8099] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD8216] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD8311] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD8609] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD8894] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD8960] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD92] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD9284] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD9520] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD9603] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD9962] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range37 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65D46076-D527-41CF-93D9-023565A6D348}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65D46076-D527-41CF-93D9-023565A6D348}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Maximilian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HughesNetStatusMeter.lnk - - File not found
MsConfig:64bit - StartUpReg: Acer ePower Management - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BackupManagerTray - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: EgisTecLiveUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: Global Registration - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: LManager - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Samsung PanelMgr - hkey= - key= - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: tvncontrol - hkey= - key= - C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe (GlavSoft LLC.)
MsConfig:64bit - StartUpReg: VoipCheapCom - hkey= - key= - File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: CLPSLauncher - C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe (Comodo Security Solutions Inc.)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: tvnserver - C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe (GlavSoft LLC.)
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.I263 - C:\Windows\SysWow64\i263_32.drv (Intel Corporation)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i263_32.drv (Intel Corporation)
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MP43 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.09.17 16:02:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.09.13 10:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.09.13 10:00:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Macromedia
[2012.09.12 22:13:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\ElevatedDiagnostics
[2012.09.12 16:43:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2012.09.12 16:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.12 16:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.12 16:42:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.12 16:42:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.07 23:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
[2012.09.07 23:02:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\i-Funbox DevTeam
[2012.09.07 17:38:37 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012.09.05 22:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.09.05 22:00:16 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.09.05 22:00:15 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.09.05 22:00:10 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.09.05 22:00:09 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.09.05 22:00:09 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.09.05 22:00:05 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.09.05 22:00:05 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.09.05 21:59:08 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.09.05 21:59:06 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.09.05 21:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.09.05 21:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.09.05 21:11:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Comodo
[2012.09.05 21:05:27 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012.09.05 21:01:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012.09.05 20:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012.09.05 20:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012.09.05 20:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2010.01.16 05:34:32 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.09.18 16:48:39 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2012.09.18 16:46:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.18 16:46:33 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.18 16:39:06 | 000,000,441 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.09.18 16:38:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.18 16:38:06 | 3113,250,816 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.18 07:25:00 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3412578525-3315306497-1679237351-1001UA.job
[2012.09.17 22:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.17 22:34:14 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.17 22:34:14 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.17 22:34:14 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.17 22:34:14 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.17 22:34:14 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.17 15:49:58 | 000,000,095 | ---- | M] () -- C:\Windows\winamp.ini
[2012.09.16 23:16:13 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.16 23:16:13 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.16 21:58:25 | 014,122,048 | ---- | M] () -- C:\Users\Admin\Desktop\SolveigMM_HyperCam_3_3_1111_16[1].exe
[2012.09.16 11:25:01 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3412578525-3315306497-1679237351-1001Core.job
[2012.09.07 20:40:19 | 000,000,020 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2012.09.07 17:42:40 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.05 22:12:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.09.05 22:09:11 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.08.30 01:15:30 | 003,782,214 | ---- | M] () -- C:\chatzum_nt.exe
[2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.08.21 11:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.09.16 21:58:03 | 014,122,048 | ---- | C] () -- C:\Users\Admin\Desktop\SolveigMM_HyperCam_3_3_1111_16[1].exe
[2012.09.07 22:15:44 | 000,001,140 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3412578525-3315306497-1679237351-1001UA.job
[2012.09.07 22:15:43 | 000,001,088 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3412578525-3315306497-1679237351-1001Core.job
[2012.09.07 20:40:19 | 000,000,020 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2012.09.05 22:09:11 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.09.05 22:00:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.08.30 01:15:30 | 003,782,214 | ---- | C] () -- C:\chatzum_nt.exe
[2012.04.24 19:05:00 | 000,003,584 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.13 19:14:49 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2012.01.01 21:31:43 | 000,004,998 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2011.12.06 11:31:36 | 000,006,289 | ---- | C] () -- C:\Windows\wininit.ini
[2011.11.27 00:35:26 | 000,000,746 | ---- | C] () -- C:\Windows\XaraX.INI
[2011.11.03 15:55:13 | 000,000,066 | ---- | C] () -- C:\Windows\BBW_INFO.INI
[2011.10.05 21:18:11 | 000,000,755 | ---- | C] () -- C:\Windows\nwplayer.ini
[2011.09.14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.08.24 19:37:36 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.08.24 19:37:35 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.07.26 17:02:59 | 000,000,596 | ---- | C] () -- C:\Windows\eReg.dat
[2011.05.30 14:25:26 | 000,007,606 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2011.05.08 23:27:43 | 000,000,075 | ---- | C] () -- C:\Windows\iltwain.ini
[2011.04.02 20:05:56 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.03.10 22:42:53 | 000,000,000 | ---- | C] () -- C:\Windows\audite.INI
[2011.03.10 22:21:07 | 000,000,009 | ---- | C] () -- C:\Windows\ckm.ini
[2010.12.13 12:37:14 | 000,000,000 | ---- | C] () -- C:\Windows\AudStu.INI
[2010.12.13 12:14:47 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
[2010.12.13 12:14:20 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2010.12.13 12:12:40 | 000,000,747 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.12.13 12:12:40 | 000,000,084 | ---- | C] () -- C:\Windows\magix.ini
[2010.11.17 11:34:56 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
========== LOP Check ==========
[2012.02.11 23:28:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ACD Systems
[2012.02.18 12:39:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeFLVConverter
[2012.04.01 20:37:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX
[2011.11.25 14:05:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\No Company Name
[2012.04.24 19:04:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Solveig Multimedia
[2011.05.15 12:21:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2012.09.07 22:42:46 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.02.11 23:28:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ACD Systems
[2011.12.30 20:28:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe
[2012.01.22 14:33:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2011.11.03 15:55:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DivX
[2012.02.18 12:39:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeFLVConverter
[2011.05.18 08:46:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities
[2010.06.18 17:26:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2012.04.01 20:37:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX
[2012.09.12 16:43:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2012.09.13 10:00:50 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2011.06.15 13:40:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2011.11.25 14:05:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\No Company Name
[2012.04.24 19:04:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Solveig Multimedia
[2011.05.15 12:21:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
< %APPDATA%\*.exe /s >
[2011.09.20 23:35:48 | 000,207,688 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\odke87nw.default\extensions\{181F4BBC-2453-40D2-B42C-3135E3B07C7B}\chrome\content\id_gooofullsearch\PlayerPlug.exe
[2011.09.20 23:35:48 | 000,207,176 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\odke87nw.default\extensions\{181F4BBC-2453-40D2-B42C-3135E3B07C7B}\chrome\content\id_gooofullsearch\PropMgrAsync.exe
< %SYSTEMDRIVE%\*.exe >
[2012.08.30 01:15:30 | 003,782,214 | ---- | M] () -- C:\chatzum_nt.exe
[2007.11.07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: IASTOR.SYS >
[2009.12.17 04:42:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys
[2009.12.17 20:42:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.12.17 20:42:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_f26ae7769ab43067\iaStor.sys
[2009.12.17 04:25:26 | 000,433,176 | ---- | M] (Intel Corporation) MD5=8CDACD4AD63D49834C6B59DB102E7CD7 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys
< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< End of report >
Maximilian |
|
19.09.2012, 13:05
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Zero-Access BefallCode:
ATTFilter (Comodo Security Solutions Inc.) -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe
Code:
ATTFilter Scan Mode: Current user
Bitte nochmal machen, aber alles richtig nachdem du Comodo deinstalliert hast - OTL wieder neu runterladen, alte OTL-Datei vorher löschen - Haken rein bei Scanne alle Benutzer - CustomScan machen => es wird ein CustomScan wenn du meinen OTL-Text bei OTL kopierst
__________________ |
|
20.09.2012, 14:57
| #19 |
| | Zero-Access Befall Hallo, habe versucht alles von Comodo von meinem Rechner zu entfernen. Code:
ATTFilter OTL logfile created on: 19.09.2012 19:16:59 - Run 5 OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Maximilian\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,58 Gb Available Physical Memory | 66,61% Memory free 7,73 Gb Paging File | 6,44 Gb Available in Paging File | 83,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 453,66 Gb Total Space | 52,27 Gb Free Space | 11,52% Space Free | Partition Type: NTFS Drive D: | 1,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MAXIMILIAN-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.19 19:15:43 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Maximilian\Downloads\OTL.exe PRC - [2012.09.18 17:13:01 | 007,244,800 | ---- | M] () -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012.04.20 11:32:00 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011.02.15 18:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) -- C:\Prey\platform\windows\cronsvc.exe PRC - [2009.12.24 03:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.12.09 10:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.12.09 10:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2012.06.25 15:07:34 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV:64bit: - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.04.01 15:11:34 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2009.12.10 01:15:06 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.04 04:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2012.09.18 17:13:01 | 007,244,800 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe -- (FreemiumSystemStoreService) SRV - [2012.09.08 09:14:05 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.21 15:24:17 | 008,492,544 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SelfUpdate.exe -- (FreemiumSelfUpdateService) SRV - [2012.08.15 20:25:46 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.20 11:32:00 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.01.13 19:14:22 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) SRV - [2011.09.07 16:06:28 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.02.15 18:01:48 | 000,019,968 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService) SRV - [2010.05.14 14:46:40 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.04.01 15:16:50 | 001,401,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.04.01 15:11:26 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2010.03.18 20:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.24 03:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009.12.09 10:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.12.09 10:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.08.07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.19 17:52:47 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.09.07 17:42:40 | 000,027,256 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FixZeroAccess.sys -- (FixZeroAccess) DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.12.20 11:34:06 | 000,015,768 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVVideoCardMirror.sys -- (AirDisplayMirror) DRV:64bit: - [2011.12.20 11:34:04 | 000,015,768 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVVideoCard.sys -- (AirDisplay) DRV:64bit: - [2011.09.08 18:52:40 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.04.13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2011.04.08 23:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.09.23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.05.16 21:06:48 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009.12.17 20:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.12.10 13:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.12.10 03:40:30 | 006,179,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.12.10 03:40:30 | 006,179,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2009.12.09 07:18:34 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.12.02 09:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.11.06 06:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.10.16 13:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.08.21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.08.09 23:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.02.04 14:20:09 | 000,053,816 | R--- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DgivEcp.sys -- (DgiVecp) DRV:64bit: - [2009.01.14 18:55:38 | 000,092,672 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl) DRV:64bit: - [2008.01.03 06:40:42 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT) DRV:64bit: - [2007.06.20 14:57:36 | 000,029,184 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem) DRV - [2010.02.24 14:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360510f145l0424z1m5t4422j817 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360510f145l0424z1m5t4422j817 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.qip.ru IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.qip.ru/ie IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru/ie IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No CLSID value found IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de___DE379 IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360510f145l0424z1m5t4422j817 IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\..\SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2E3B}: "URL" = hxxp://www.gooofullsearch.com/google?q={searchTerms} IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\..\SearchScopes\{21D6CCA5-F176-4698-A472-8677FCF64A18}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NDV&o=41648033&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=96&apn_dtid=&apn_uid=0D69EB74-8EE6-4A1B-8B71-D15264F79C18&apn_sauid=50F65829-0885-40D7-BDBF-66EA03ABC47F& IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.31 13:04:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.31 13:04:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.09.29 20:00:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.09.05 21:59:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 09:14:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.17 18:25:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.23 22:13:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.08.17 18:25:10 | 000,000,000 | ---D | M] [2012.03.01 11:59:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2012.09.16 23:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\odke87nw.default\extensions [2012.03.01 11:55:55 | 000,000,000 | ---D | M] (Free software Gooofull toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\odke87nw.default\extensions\{181F4BBC-2453-40D2-B42C-3135E3B07C7B} [2012.07.16 00:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.05 21:59:38 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.09.08 09:14:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.08 09:14:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - Extension: DivX HiQ = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\ CHR - Extension: avast! WebRep = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\ O1 HOSTS File: ([2012.07.11 18:31:58 | 000,443,436 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 178.32.95.1 paypal.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15234 more lines... O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKLM..\RunOnce: [FixZeroAccess] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [!SearchquDSFF] C:\Windows\system32\RUNDLL32.EXE C:\Users\Admin\AppData\Local\Temp\SRASSE~1.DLL,_SetFirefoxAssets Search Results,Search_Results,hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=, File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [!SearchquFFHP] C:\Windows\system32\RUNDLL32.EXE C:\Users\Admin\AppData\Local\Temp\INSTAL~1.DLL,_SetFirefoxHP hxxp://www.searchqu.com/413, File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [Report] \AdwCleaner[S1].txt () O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB1151] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fil.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB1313] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_te.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB1578] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-BR.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB1613] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-TW.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB1625] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lt.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB1966] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_cs.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB2056] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_nl.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB2176] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_kn.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB2446] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_mr.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB2474] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ru.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB2522] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ml.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB2721] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\FacebookCrashHandler.exe" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB2773] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_iw.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB2845] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ja.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB2881] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ro.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB2956] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bn.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB2966] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pl.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB3445] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_or.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB3571] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sr.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB3774] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sv.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB3851] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ur.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB3902] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_da.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB3953] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ar.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB4005] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es-419.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB4038] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-CN.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB4056] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_is.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB4059] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fr.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB4124] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bg.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB4215] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ms.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB4425] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB4643] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hu.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB4801] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_gu.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB4802] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdate.exe" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB493] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lv.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB496] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_de.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB5293] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hi.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB5475] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_tr.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB5676] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_et.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB5798] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fa.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB6340] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sl.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB658] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fi.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB6691] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sk.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB6695] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_it.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB6830] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en-GB.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB7325] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ko.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB7399] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_vi.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB7959] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB8185] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hr.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB8567] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_no.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB8614] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_id.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB8662] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_uk.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB881] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdate.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB9144] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ta.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB9304] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ca.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB9650] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdateHelper.msi" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB972] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_el.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB9909] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_th.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingB9970] command.com /c del "C:\Users\Maximilian\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-PT.dll" File not found O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD1103] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD1105] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD1290] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD1370] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD175] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD1953] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD214] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD2592] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD2649] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD2743] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD2990] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD3041] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD3119] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD328] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD3676] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD3812] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD3957] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD4056] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD4110] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD4217] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD4271] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD4351] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD4391] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD4428] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD467] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD4683] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD4764] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD4910] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD5145] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD5382] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD5514] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD5571] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD5649] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD6035] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD6119] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD6133] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD6196] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD6644] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD7047] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD7175] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD7263] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD7275] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD7422] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD7793] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD78] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD7904] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD7915] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD8099] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD8216] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD8311] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD8609] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD8894] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD8960] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD92] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD9284] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD9520] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD9603] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [SpybotDeletingD9962] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - Startup: C:\Users\Maximilian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Maximilian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\..Trusted Domains: fritz.box ([]* in Local intranet) O15 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\..Trusted Ranges: Range37 ([*] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65D46076-D527-41CF-93D9-023565A6D348}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65D46076-D527-41CF-93D9-023565A6D348}: NameServer = 8.26.56.26,156.154.70.22 O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\sacore - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.04.28 22:50:19 | 000,000,072 | R--- | M] () - D:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^Maximilian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HughesNetStatusMeter.lnk - - File not found MsConfig:64bit - StartUpReg: Acer ePower Management - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: BackupManagerTray - hkey= - key= - File not found MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: EgisTecLiveUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: Global Registration - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - File not found MsConfig:64bit - StartUpReg: LManager - hkey= - key= - File not found MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: Samsung PanelMgr - hkey= - key= - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: SpybotSD TeaTimer - hkey= - key= - File not found MsConfig:64bit - StartUpReg: tvncontrol - hkey= - key= - File not found MsConfig:64bit - StartUpReg: VoipCheapCom - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: mcmscsvc - Service SafeBootMin:64bit: MCODS - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - Service SafeBootMin: MCODS - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: mcmscsvc - Service SafeBootNet:64bit: MCODS - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MpfService - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - Service SafeBootNet: MCODS - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\Windows\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.I263 - C:\Windows\SysWow64\i263_32.drv (Intel Corporation) Drivers32: vidc.i420 - C:\Windows\SysWow64\i263_32.drv (Intel Corporation) Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation) Drivers32: VIDC.MP42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation) Drivers32: VIDC.MP43 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation) Drivers32: VIDC.MPG4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.19 17:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012.09.19 17:52:47 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.09.19 17:52:40 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite [2012.09.19 17:52:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2012.09.18 17:12:34 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Freemium TubeBox [2012.09.18 17:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemium [2012.09.18 17:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemium [2012.09.13 10:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.09.13 10:00:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Macromedia [2012.09.12 22:13:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\ElevatedDiagnostics [2012.09.12 16:43:05 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2012.09.12 16:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.12 16:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.12 16:42:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.12 16:42:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.07 23:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam [2012.09.07 23:02:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\i-Funbox DevTeam [2012.09.07 17:38:37 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys [2012.09.05 22:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.09.05 22:00:16 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.09.05 22:00:15 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.09.05 22:00:10 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.09.05 22:00:09 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.09.05 22:00:09 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.09.05 22:00:05 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.09.05 22:00:05 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.09.05 21:59:08 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.09.05 21:59:06 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.09.05 21:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.09.05 21:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.09.05 21:05:27 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA [2012.09.05 21:01:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO [2012.09.05 20:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo [2012.09.05 20:49:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo [2010.01.16 05:34:32 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.19 19:15:34 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat [2012.09.19 19:14:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.19 19:14:15 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.19 19:11:11 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.19 19:11:11 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.19 19:11:11 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.19 19:11:11 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.19 19:11:11 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.19 19:07:07 | 000,000,441 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2012.09.19 19:04:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.19 19:04:54 | 3113,250,816 | -HS- | M] () -- C:\hiberfil.sys [2012.09.19 18:25:01 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3412578525-3315306497-1679237351-1001UA.job [2012.09.19 17:56:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.19 17:53:47 | 000,001,958 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.09.19 17:52:47 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.09.19 17:50:38 | 000,006,648 | ---- | M] () -- C:\Windows\wininit.ini [2012.09.18 18:20:27 | 000,000,095 | ---- | M] () -- C:\Windows\winamp.ini [2012.09.16 23:16:13 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.16 23:16:13 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.16 21:58:25 | 014,122,048 | ---- | M] () -- C:\Users\Admin\Desktop\SolveigMM_HyperCam_3_3_1111_16[1].exe [2012.09.16 11:25:01 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3412578525-3315306497-1679237351-1001Core.job [2012.09.07 20:40:19 | 000,000,020 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2012.09.07 17:42:40 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.05 22:12:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.09.05 22:09:11 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.08.30 01:15:30 | 003,782,214 | ---- | M] () -- C:\chatzum_nt.exe [2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.08.21 11:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.19 17:53:47 | 000,001,958 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2012.09.16 21:58:03 | 014,122,048 | ---- | C] () -- C:\Users\Admin\Desktop\SolveigMM_HyperCam_3_3_1111_16[1].exe [2012.09.07 22:15:44 | 000,001,140 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3412578525-3315306497-1679237351-1001UA.job [2012.09.07 22:15:43 | 000,001,088 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3412578525-3315306497-1679237351-1001Core.job [2012.09.07 20:40:19 | 000,000,020 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2012.09.05 22:09:11 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.09.05 22:00:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012.08.30 01:15:30 | 003,782,214 | ---- | C] () -- C:\chatzum_nt.exe [2012.04.24 19:05:00 | 000,003,584 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.13 19:14:49 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2012.01.01 21:31:43 | 000,004,998 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2011.12.06 11:31:36 | 000,006,648 | ---- | C] () -- C:\Windows\wininit.ini [2011.11.27 00:35:26 | 000,000,746 | ---- | C] () -- C:\Windows\XaraX.INI [2011.11.03 15:55:13 | 000,000,066 | ---- | C] () -- C:\Windows\BBW_INFO.INI [2011.10.05 21:18:11 | 000,000,755 | ---- | C] () -- C:\Windows\nwplayer.ini [2011.09.14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.08.24 19:37:36 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.08.24 19:37:35 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.07.26 17:02:59 | 000,000,596 | ---- | C] () -- C:\Windows\eReg.dat [2011.05.30 14:25:26 | 000,007,606 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg [2011.05.08 23:27:43 | 000,000,075 | ---- | C] () -- C:\Windows\iltwain.ini [2011.04.02 20:05:56 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.03.10 22:42:53 | 000,000,000 | ---- | C] () -- C:\Windows\audite.INI [2011.03.10 22:21:07 | 000,000,009 | ---- | C] () -- C:\Windows\ckm.ini [2010.12.13 12:37:14 | 000,000,000 | ---- | C] () -- C:\Windows\AudStu.INI [2010.12.13 12:14:47 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll [2010.12.13 12:14:20 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2010.12.13 12:12:40 | 000,000,747 | ---- | C] () -- C:\Windows\mgxoschk.ini [2010.12.13 12:12:40 | 000,000,084 | ---- | C] () -- C:\Windows\magix.ini [2010.11.17 11:34:56 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini ========== LOP Check ========== [2012.02.11 23:28:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ACD Systems [2012.09.19 17:54:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite [2012.02.18 12:39:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeFLVConverter [2012.04.01 20:37:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX [2011.11.25 14:05:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\No Company Name [2012.04.24 19:04:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Solveig Multimedia [2011.05.15 12:21:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software [2012.02.11 23:29:13 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\ACD Systems [2010.10.09 11:31:11 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\adma [2010.05.31 13:05:37 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\Advanced Chemistry Development [2012.09.04 18:41:52 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\Audacity [2012.06.25 19:48:04 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\Cakewalk [2011.11.24 12:53:22 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2010.06.18 17:27:14 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\com.hughesnet.HughesNetStatusMeter.01AEF16E74A158B173D9EB6C77C7CD8D859A7566.1 [2010.10.02 13:16:28 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\Crayon Physics Deluxe [2010.06.22 14:48:52 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\DAEMON Tools Lite [2012.07.31 13:04:52 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\Downloaded Installations [2012.09.19 19:07:04 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\Dropbox [2010.05.16 14:37:48 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\FreeFLVConverter [2012.09.18 17:13:17 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\Freemium [2010.10.09 10:18:55 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\GARMIN [2012.08.30 20:37:37 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\gtk-2.0 [2012.08.28 18:24:03 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\ICQ [2012.09.07 23:05:43 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\iFunbox_UserCache [2011.09.14 10:20:31 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\Jens Lorek [2012.01.01 23:14:58 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\Jumping Bytes [2011.01.31 13:04:56 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\Local [2011.11.25 15:30:23 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\MAGIX [2012.01.01 23:33:48 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\Mobile Master [2012.09.17 21:23:14 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\Nitro PDF [2010.06.08 20:45:28 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\OpenOffice.org [2011.09.30 10:19:32 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\Origin [2012.09.07 21:19:49 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\QuickScan [2010.11.13 23:43:45 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\ScummVM [2012.07.18 15:30:23 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\SharePod [2010.06.12 13:26:13 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\SmarThru4 [2012.05.11 20:31:11 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\Solveig Multimedia [2012.07.04 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\Steinberg [2010.05.14 12:44:40 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\Thunderbird [2010.12.25 18:03:55 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\TomTom [2010.05.14 20:02:22 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\TubeBox [2010.05.14 14:46:06 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\TuneUp Software [2010.06.19 17:46:21 | 000,000,000 | ---D | M] -- C:\Users\Maximilian\AppData\Roaming\VoipCheapCom ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.02.11 23:28:49 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ACD Systems [2011.12.30 20:28:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe [2012.01.22 14:33:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Apple Computer [2012.09.19 17:54:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite [2011.11.03 15:55:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DivX [2012.02.18 12:39:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\FreeFLVConverter [2011.05.18 08:46:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities [2010.06.18 17:26:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia [2012.04.01 20:37:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX [2012.09.12 16:43:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs [2012.09.13 10:00:50 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft [2011.06.15 13:40:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla [2011.11.25 14:05:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\No Company Name [2012.04.24 19:04:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Solveig Multimedia [2011.05.15 12:21:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software < %APPDATA%\*.exe /s > [2011.09.20 23:35:48 | 000,207,688 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\odke87nw.default\extensions\{181F4BBC-2453-40D2-B42C-3135E3B07C7B}\chrome\content\id_gooofullsearch\PlayerPlug.exe [2011.09.20 23:35:48 | 000,207,176 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\odke87nw.default\extensions\{181F4BBC-2453-40D2-B42C-3135E3B07C7B}\chrome\content\id_gooofullsearch\PropMgrAsync.exe < %SYSTEMDRIVE%\*.exe > [2012.08.30 01:15:30 | 003,782,214 | ---- | M] () -- C:\chatzum_nt.exe [2007.11.07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe [1 C:\*.tmp files -> C:\*.tmp -> ] < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.12.17 04:42:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x64\iaStor.sys [2009.12.17 20:42:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\drivers\iaStor.sys [2009.12.17 20:42:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=42E00996DFC13C46366689C0EA8ABC5E -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_f26ae7769ab43067\iaStor.sys [2009.12.17 04:25:26 | 000,433,176 | ---- | M] (Intel Corporation) MD5=8CDACD4AD63D49834C6B59DB102E7CD7 -- C:\OEM\Preload\Autorun\DRV\Intel AHCI\f6flpy-x86\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > Gruß Maximilian |
|
20.09.2012, 19:46
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Zero-Access Befall Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - No CLSID value found
IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No CLSID value found
IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\..\SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2E3B}: "URL" = http://www.gooofullsearch.com/google?q={searchTerms}
IE - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\..\SearchScopes\{21D6CCA5-F176-4698-A472-8677FCF64A18}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=NDV&o=41648033&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=96&apn_dtid=&apn_uid=0D69EB74-8EE6-4A1B-8B71-D15264F79C18&apn_sauid=50F65829-0885-40D7-BDBF-66EA03ABC47F&
O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [!SearchquDSFF] C:\Windows\system32\RUNDLL32.EXE C:\Users\Admin\AppData\Local\Temp\SRASSE~1.DLL,_SetFirefoxAssets Search Results,Search_Results,http://dts.search-results.com/sr?src=ffb&appid=0&systemid=413&sr=0&q=, File not found
O4 - HKU\S-1-5-21-3412578525-3315306497-1679237351-1004..\RunOnce: [!SearchquFFHP] C:\Windows\system32\RUNDLL32.EXE C:\Users\Admin\AppData\Local\Temp\INSTAL~1.DLL,_SetFirefoxHP http://www.searchqu.com/413, File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65D46076-D527-41CF-93D9-023565A6D348}: NameServer = 8.26.56.26,156.154.70.22
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.04.28 22:50:19 | 000,000,072 | R--- | M] () - D:\autorun.inf -- [ UDF ]
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Start GeekBuddy.lnk - - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Maximilian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HughesNetStatusMeter.lnk - - File not found
MsConfig:64bit - StartUpReg: Acer ePower Management - hkey= - key= - File not found
:Files
C:\ProgramData\FullRemove.exe
C:\chatzum_nt.exe
C:\ProgramData\mtbjfghn.xbe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.09.2012, 17:11
| #21 |
| | Zero-Access Befall Hallo, habe das Skript ausgeführt. Da sich kein Popup-Fenster mit einem Log geöffnet hat. Hier das Log, das in C:\_OTL\MovedFiles\09212012_175918.log gespeichert wurde. Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3412578525-3315306497-1679237351-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
Registry value HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{CA3EB689-8F09-4026-AA10-B9534C691CE0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ not found.
HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-3412578525-3315306497-1679237351-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2E3B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-1111-472f-A0FF-E1416B8B2E3B}\ not found.
Registry key HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Internet Explorer\SearchScopes\{21D6CCA5-F176-4698-A472-8677FCF64A18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21D6CCA5-F176-4698-A472-8677FCF64A18}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\!SearchquDSFF deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\RunOnce\\!SearchquFFHP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\SoftwareSASGeneration deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{65D46076-D527-41CF-93D9-023565A6D348}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File D:\autorun.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Acer ePower Management\ not found.
========== FILES ==========
C:\ProgramData\FullRemove.exe moved successfully.
C:\chatzum_nt.exe moved successfully.
C:\ProgramData\mtbjfghn.xbe moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Maximilian\Downloads\cmd.bat deleted successfully.
C:\Users\Maximilian\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 13888776 bytes
->Temporary Internet Files folder emptied: 292054765 bytes
->FireFox cache emptied: 87413212 bytes
->Google Chrome cache emptied: 6233172 bytes
->Flash cache emptied: 870 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Max II
->Temp folder emptied: 49864 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
User: Maximilian
->Temp folder emptied: 31712586 bytes
->Temporary Internet Files folder emptied: 72144269 bytes
->Java cache emptied: 15955097 bytes
->FireFox cache emptied: 417679389 bytes
->Google Chrome cache emptied: 13993252 bytes
->Flash cache emptied: 93840 bytes
User: Public
%systemdrive% .tmp files removed: 4 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 670032 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1209806 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 301287 bytes
RecycleBin emptied: 143941475 bytes
Total Files Cleaned = 1.047,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.65.1 log created on 09212012_175918
Danke und Gruß, Maximilian  |
|
21.09.2012, 21:01
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Zero-Access Befall Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.09.2012, 11:04
| #23 |
| | Zero-Access Befall Hier das Log von TDSSKiller Code:
ATTFilter 12:00:14.0822 4420 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
12:00:14.0931 4420 ============================================================
12:00:14.0931 4420 Current date / time: 2012/09/23 12:00:14.0931
12:00:14.0931 4420 SystemInfo:
12:00:14.0931 4420
12:00:14.0931 4420 OS Version: 6.1.7601 ServicePack: 1.0
12:00:14.0931 4420 Product type: Workstation
12:00:14.0931 4420 ComputerName: MAXIMILIAN-PC
12:00:14.0931 4420 UserName: Admin
12:00:14.0931 4420 Windows directory: C:\Windows
12:00:14.0931 4420 System windows directory: C:\Windows
12:00:14.0931 4420 Running under WOW64
12:00:14.0931 4420 Processor architecture: Intel x64
12:00:14.0931 4420 Number of processors: 4
12:00:14.0931 4420 Page size: 0x1000
12:00:14.0931 4420 Boot type: Normal boot
12:00:14.0931 4420 ============================================================
12:00:15.0633 4420 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:00:15.0633 4420 ============================================================
12:00:15.0633 4420 \Device\Harddisk0\DR0:
12:00:15.0633 4420 MBR partitions:
12:00:15.0633 4420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
12:00:15.0633 4420 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x38B50904
12:00:15.0633 4420 ============================================================
12:00:15.0664 4420 C: <-> \Device\Harddisk0\DR0\Partition2
12:00:15.0680 4420 ============================================================
12:00:15.0680 4420 Initialize success
12:00:15.0680 4420 ============================================================
12:01:01.0637 4896 ============================================================
12:01:01.0637 4896 Scan started
12:01:01.0637 4896 Mode: Manual; SigCheck; TDLFS;
12:01:01.0637 4896 ============================================================
12:01:02.0480 4896 ================ Scan system memory ========================
12:01:02.0480 4896 System memory - ok
12:01:02.0480 4896 ================ Scan services =============================
12:01:03.0369 4896 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:01:03.0509 4896 1394ohci - ok
12:01:03.0541 4896 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:01:03.0556 4896 ACPI - ok
12:01:03.0603 4896 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:01:03.0665 4896 AcpiPmi - ok
12:01:04.0165 4896 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:01:04.0196 4896 AdobeFlashPlayerUpdateSvc - ok
12:01:04.0243 4896 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:01:04.0258 4896 adp94xx - ok
12:01:04.0289 4896 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:01:04.0305 4896 adpahci - ok
12:01:04.0352 4896 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:01:04.0367 4896 adpu320 - ok
12:01:04.0430 4896 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:01:04.0523 4896 AeLookupSvc - ok
12:01:04.0586 4896 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:01:04.0633 4896 AFD - ok
12:01:04.0695 4896 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:01:04.0711 4896 agp440 - ok
12:01:04.0773 4896 [ 5C44F5AF182074344FAB024FC6316038 ] AirDisplay C:\Windows\system32\DRIVERS\AVVideoCard.sys
12:01:04.0851 4896 AirDisplay - ok
12:01:04.0882 4896 [ 10D7873D31654AE90D4E0902A5AC8049 ] AirDisplayMirror C:\Windows\system32\DRIVERS\AVVideoCardMirror.sys
12:01:04.0898 4896 AirDisplayMirror - ok
12:01:04.0945 4896 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:01:04.0976 4896 ALG - ok
12:01:05.0023 4896 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:01:05.0038 4896 aliide - ok
12:01:05.0116 4896 [ 41A0813F22D3330C0CA71CE5BBD42B12 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:01:05.0179 4896 AMD External Events Utility - ok
12:01:05.0225 4896 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:01:05.0241 4896 amdide - ok
12:01:05.0288 4896 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:01:05.0335 4896 AmdK8 - ok
12:01:05.0615 4896 [ 37456BE85384E4CC38DC899F07F88C45 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:01:05.0865 4896 amdkmdag - ok
12:01:05.0927 4896 [ F8F8A908FDB005A65DDF7238C814EEA5 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:01:05.0974 4896 amdkmdap ( UnsignedFile.Multi.Generic ) - warning
12:01:05.0974 4896 amdkmdap - detected UnsignedFile.Multi.Generic (1)
12:01:05.0990 4896 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:01:06.0052 4896 AmdPPM - ok
12:01:06.0083 4896 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:01:06.0099 4896 amdsata - ok
12:01:06.0130 4896 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:01:06.0146 4896 amdsbs - ok
12:01:06.0146 4896 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:01:06.0161 4896 amdxata - ok
12:01:06.0208 4896 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:01:06.0286 4896 AppID - ok
12:01:06.0349 4896 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:01:06.0427 4896 AppIDSvc - ok
12:01:06.0489 4896 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:01:06.0551 4896 Appinfo - ok
12:01:06.0661 4896 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:01:06.0676 4896 Apple Mobile Device - ok
12:01:06.0707 4896 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:01:06.0723 4896 arc - ok
12:01:06.0754 4896 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:01:06.0770 4896 arcsas - ok
12:01:06.0801 4896 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
12:01:06.0817 4896 aswFsBlk - ok
12:01:06.0848 4896 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
12:01:06.0863 4896 aswMonFlt - ok
12:01:06.0879 4896 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
12:01:06.0895 4896 aswRdr - ok
12:01:06.0957 4896 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
12:01:06.0988 4896 aswSnx - ok
12:01:07.0082 4896 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
12:01:07.0113 4896 aswSP - ok
12:01:07.0144 4896 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
12:01:07.0144 4896 aswTdi - ok
12:01:07.0207 4896 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:01:07.0269 4896 AsyncMac - ok
12:01:07.0300 4896 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:01:07.0316 4896 atapi - ok
12:01:07.0534 4896 [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr C:\Windows\system32\DRIVERS\athrx.sys
12:01:07.0643 4896 athr - ok
12:01:07.0877 4896 [ 37456BE85384E4CC38DC899F07F88C45 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:01:07.0971 4896 atikmdag - ok
12:01:08.0018 4896 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:01:08.0096 4896 AudioEndpointBuilder - ok
12:01:08.0111 4896 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:01:08.0158 4896 AudioSrv - ok
12:01:08.0299 4896 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:01:08.0299 4896 avast! Antivirus - ok
12:01:08.0345 4896 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:01:08.0392 4896 AxInstSV - ok
12:01:08.0439 4896 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:01:08.0486 4896 b06bdrv - ok
12:01:08.0533 4896 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:01:08.0579 4896 b57nd60a - ok
12:01:08.0704 4896 [ B44879610F2DC4A046B14BEFA3AE72DE ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
12:01:08.0767 4896 BCM43XX - ok
12:01:08.0829 4896 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:01:08.0860 4896 BDESVC - ok
12:01:08.0891 4896 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:01:08.0969 4896 Beep - ok
12:01:09.0063 4896 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:01:09.0141 4896 BFE - ok
12:01:09.0235 4896 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
12:01:09.0328 4896 BITS - ok
12:01:09.0359 4896 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:01:09.0391 4896 blbdrive - ok
12:01:09.0484 4896 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:01:09.0500 4896 Bonjour Service - ok
12:01:09.0531 4896 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:01:09.0593 4896 bowser - ok
12:01:09.0625 4896 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:01:09.0671 4896 BrFiltLo - ok
12:01:09.0703 4896 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:01:09.0718 4896 BrFiltUp - ok
12:01:09.0796 4896 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:01:09.0843 4896 Browser - ok
12:01:09.0859 4896 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:01:09.0905 4896 Brserid - ok
12:01:09.0921 4896 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:01:09.0968 4896 BrSerWdm - ok
12:01:09.0999 4896 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:01:10.0046 4896 BrUsbMdm - ok
12:01:10.0077 4896 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:01:10.0124 4896 BrUsbSer - ok
12:01:10.0139 4896 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:01:10.0186 4896 BTHMODEM - ok
12:01:10.0233 4896 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:01:10.0280 4896 bthserv - ok
12:01:10.0311 4896 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:01:10.0373 4896 cdfs - ok
12:01:10.0436 4896 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:01:10.0467 4896 cdrom - ok
12:01:10.0514 4896 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:01:10.0576 4896 CertPropSvc - ok
12:01:10.0623 4896 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:01:10.0670 4896 circlass - ok
12:01:10.0701 4896 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:01:10.0732 4896 CLFS - ok
12:01:10.0795 4896 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:01:10.0826 4896 clr_optimization_v2.0.50727_32 - ok
12:01:10.0873 4896 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:01:10.0888 4896 clr_optimization_v2.0.50727_64 - ok
12:01:10.0982 4896 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:01:10.0997 4896 clr_optimization_v4.0.30319_32 - ok
12:01:11.0044 4896 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:01:11.0060 4896 clr_optimization_v4.0.30319_64 - ok
12:01:11.0075 4896 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:01:11.0122 4896 CmBatt - ok
12:01:11.0138 4896 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:01:11.0153 4896 cmdide - ok
12:01:11.0278 4896 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:01:11.0325 4896 CNG - ok
12:01:11.0356 4896 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:01:11.0372 4896 Compbatt - ok
12:01:11.0403 4896 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:01:11.0434 4896 CompositeBus - ok
12:01:11.0465 4896 COMSysApp - ok
12:01:11.0497 4896 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:01:11.0512 4896 crcdisk - ok
12:01:11.0575 4896 [ 63A7739AC9C1E38589B3EDB1DAEB9DF5 ] CronService C:\Prey\platform\windows\cronsvc.exe
12:01:11.0590 4896 CronService ( UnsignedFile.Multi.Generic ) - warning
12:01:11.0590 4896 CronService - detected UnsignedFile.Multi.Generic (1)
12:01:11.0668 4896 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:01:11.0699 4896 CryptSvc - ok
12:01:11.0746 4896 [ 15C2AFD86D8A58354FC100434C78B621 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
12:01:11.0793 4896 dc3d - ok
12:01:11.0855 4896 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:01:11.0933 4896 DcomLaunch - ok
12:01:12.0011 4896 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:01:12.0089 4896 defragsvc - ok
12:01:12.0136 4896 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:01:12.0245 4896 DfsC - ok
12:01:12.0292 4896 [ 2D589A2C024B2FB238535DB9F7B3597D ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
12:01:12.0308 4896 DgiVecp - ok
12:01:12.0355 4896 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:01:12.0417 4896 Dhcp - ok
12:01:12.0464 4896 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:01:12.0526 4896 discache - ok
12:01:12.0573 4896 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:01:12.0589 4896 Disk - ok
12:01:12.0635 4896 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:01:12.0682 4896 Dnscache - ok
12:01:12.0713 4896 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:01:12.0776 4896 dot3svc - ok
12:01:12.0885 4896 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:01:12.0963 4896 DPS - ok
12:01:13.0010 4896 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:01:13.0041 4896 drmkaud - ok
12:01:13.0103 4896 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:01:13.0119 4896 dtsoftbus01 - ok
12:01:13.0228 4896 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:01:13.0259 4896 DXGKrnl - ok
12:01:13.0306 4896 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:01:13.0384 4896 EapHost - ok
12:01:13.0759 4896 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:01:13.0899 4896 ebdrv - ok
12:01:13.0930 4896 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:01:13.0961 4896 EFS - ok
12:01:14.0071 4896 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:01:14.0102 4896 ehRecvr - ok
12:01:14.0133 4896 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:01:14.0180 4896 ehSched - ok
12:01:14.0227 4896 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:01:14.0242 4896 elxstor - ok
12:01:14.0273 4896 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:01:14.0336 4896 ErrDev - ok
12:01:14.0383 4896 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:01:14.0445 4896 EventSystem - ok
12:01:14.0476 4896 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:01:14.0539 4896 exfat - ok
12:01:14.0601 4896 Fabs - ok
12:01:14.0632 4896 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:01:14.0695 4896 fastfat - ok
12:01:14.0757 4896 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:01:14.0804 4896 Fax - ok
12:01:14.0835 4896 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:01:14.0882 4896 fdc - ok
12:01:14.0897 4896 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:01:14.0975 4896 fdPHost - ok
12:01:15.0007 4896 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:01:15.0085 4896 FDResPub - ok
12:01:15.0116 4896 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:01:15.0131 4896 FileInfo - ok
12:01:15.0147 4896 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:01:15.0209 4896 Filetrace - ok
12:01:15.0537 4896 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
12:01:15.0662 4896 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
12:01:15.0662 4896 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
12:01:15.0724 4896 [ AC7E21145B9348BFC1B1DEC7BC238B3F ] FixZeroAccess C:\Windows\system32\drivers\FixZeroAccess.sys
12:01:15.0740 4896 FixZeroAccess - ok
12:01:15.0771 4896 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:01:15.0833 4896 flpydisk - ok
12:01:15.0880 4896 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:01:15.0896 4896 FltMgr - ok
12:01:16.0083 4896 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:01:16.0145 4896 FontCache - ok
12:01:16.0208 4896 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:01:16.0223 4896 FontCache3.0.0.0 - ok
12:01:18.0251 4896 [ 9C419C14A771726334ED820DFA3ED2F9 ] FreemiumSelfUpdateService C:\Program Files (x86)\Freemium\SystemStore\Freemium.SelfUpdate.exe
12:01:18.0532 4896 FreemiumSelfUpdateService ( UnsignedFile.Multi.Generic ) - warning
12:01:18.0532 4896 FreemiumSelfUpdateService - detected UnsignedFile.Multi.Generic (1)
12:01:20.0373 4896 [ EAE9B4318A46C08037BDB5CFE3053CF2 ] FreemiumSystemStoreService C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe
12:01:20.0950 4896 FreemiumSystemStoreService ( UnsignedFile.Multi.Generic ) - warning
12:01:20.0950 4896 FreemiumSystemStoreService - detected UnsignedFile.Multi.Generic (1)
12:01:20.0966 4896 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:01:20.0997 4896 FsDepends - ok
12:01:21.0044 4896 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
12:01:21.0059 4896 fssfltr - ok
12:01:21.0153 4896 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
12:01:21.0200 4896 fsssvc - ok
12:01:21.0262 4896 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:01:21.0278 4896 Fs_Rec - ok
12:01:21.0309 4896 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:01:21.0340 4896 fvevol - ok
12:01:21.0356 4896 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:01:21.0371 4896 gagp30kx - ok
12:01:21.0418 4896 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:01:21.0434 4896 GEARAspiWDM - ok
12:01:21.0465 4896 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:01:21.0543 4896 gpsvc - ok
12:01:21.0652 4896 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:01:21.0668 4896 gupdate - ok
12:01:21.0699 4896 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:01:21.0699 4896 gupdatem - ok
12:01:21.0746 4896 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:01:21.0761 4896 hcw85cir - ok
12:01:21.0824 4896 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:01:21.0871 4896 HdAudAddService - ok
12:01:21.0902 4896 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:01:21.0949 4896 HDAudBus - ok
12:01:21.0995 4896 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
12:01:22.0011 4896 HECIx64 - ok
12:01:22.0027 4896 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:01:22.0073 4896 HidBatt - ok
12:01:22.0089 4896 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:01:22.0105 4896 HidBth - ok
12:01:22.0151 4896 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:01:22.0183 4896 HidIr - ok
12:01:22.0214 4896 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:01:22.0276 4896 hidserv - ok
12:01:22.0323 4896 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:01:22.0339 4896 HidUsb - ok
12:01:22.0370 4896 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:01:22.0432 4896 hkmsvc - ok
12:01:22.0495 4896 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:01:22.0526 4896 HomeGroupListener - ok
12:01:22.0573 4896 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:01:22.0619 4896 HomeGroupProvider - ok
12:01:22.0666 4896 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:01:22.0682 4896 HpSAMD - ok
12:01:22.0713 4896 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:01:22.0807 4896 HTTP - ok
12:01:22.0853 4896 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:01:22.0853 4896 hwpolicy - ok
12:01:22.0900 4896 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:01:22.0916 4896 i8042prt - ok
12:01:22.0963 4896 [ 42E00996DFC13C46366689C0EA8ABC5E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
12:01:22.0978 4896 iaStor - ok
12:01:23.0041 4896 [ 48362E5DB5CB2C000C514EE1F3890ACD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
12:01:23.0056 4896 IAStorDataMgrSvc - ok
12:01:23.0087 4896 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:01:23.0103 4896 iaStorV - ok
12:01:23.0228 4896 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:01:23.0259 4896 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:01:23.0259 4896 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:01:23.0337 4896 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:01:23.0368 4896 idsvc - ok
12:01:23.0384 4896 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:01:23.0415 4896 iirsp - ok
12:01:23.0446 4896 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:01:23.0540 4896 IKEEXT - ok
12:01:23.0867 4896 [ 51C98815721B44BF70E8AEB3FF3F57D6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:01:23.0930 4896 IntcAzAudAddService - ok
12:01:23.0961 4896 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:01:23.0977 4896 intelide - ok
12:01:24.0055 4896 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:01:24.0101 4896 intelppm - ok
12:01:24.0164 4896 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:01:24.0242 4896 IPBusEnum - ok
12:01:24.0289 4896 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:01:24.0351 4896 IpFilterDriver - ok
12:01:24.0398 4896 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:01:24.0460 4896 iphlpsvc - ok
12:01:24.0523 4896 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:01:24.0554 4896 IPMIDRV - ok
12:01:24.0585 4896 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:01:24.0647 4896 IPNAT - ok
12:01:24.0741 4896 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:01:24.0772 4896 iPod Service - ok
12:01:24.0803 4896 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:01:24.0850 4896 IRENUM - ok
12:01:24.0881 4896 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:01:24.0897 4896 isapnp - ok
12:01:24.0928 4896 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:01:24.0944 4896 iScsiPrt - ok
12:01:25.0006 4896 [ 9D7EA8C7215D8D4AE7BE110EEE61085D ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
12:01:25.0022 4896 k57nd60a - ok
12:01:25.0037 4896 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:01:25.0053 4896 kbdclass - ok
12:01:25.0084 4896 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:01:25.0115 4896 kbdhid - ok
12:01:25.0162 4896 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:01:25.0178 4896 KeyIso - ok
12:01:25.0225 4896 KMService - ok
12:01:25.0287 4896 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:01:25.0303 4896 KSecDD - ok
12:01:25.0318 4896 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:01:25.0334 4896 KSecPkg - ok
12:01:25.0349 4896 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:01:25.0396 4896 ksthunk - ok
12:01:25.0427 4896 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:01:25.0490 4896 KtmRm - ok
12:01:25.0537 4896 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:01:25.0583 4896 LanmanServer - ok
12:01:25.0599 4896 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:01:25.0661 4896 LanmanWorkstation - ok
12:01:25.0693 4896 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:01:25.0739 4896 lltdio - ok
12:01:25.0771 4896 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:01:25.0833 4896 lltdsvc - ok
12:01:25.0864 4896 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:01:25.0927 4896 lmhosts - ok
12:01:26.0020 4896 [ 1E2F802846EB944E0333EFEE7C9532A8 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
12:01:26.0036 4896 LMS - ok
12:01:26.0067 4896 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:01:26.0083 4896 LSI_FC - ok
12:01:26.0098 4896 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:01:26.0114 4896 LSI_SAS - ok
12:01:26.0129 4896 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:01:26.0145 4896 LSI_SAS2 - ok
12:01:26.0161 4896 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:01:26.0176 4896 LSI_SCSI - ok
12:01:26.0207 4896 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:01:26.0270 4896 luafv - ok
12:01:26.0332 4896 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:01:26.0348 4896 MBAMProtector - ok
12:01:26.0395 4896 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:01:26.0410 4896 MBAMScheduler - ok
12:01:26.0426 4896 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:01:26.0457 4896 MBAMService - ok
12:01:26.0457 4896 McAfee SiteAdvisor Service - ok
12:01:26.0488 4896 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:01:26.0535 4896 Mcx2Svc - ok
12:01:26.0551 4896 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:01:26.0566 4896 megasas - ok
12:01:26.0582 4896 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:01:26.0597 4896 MegaSR - ok
12:01:26.0675 4896 Microsoft SharePoint Workspace Audit Service - ok
12:01:26.0707 4896 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:01:26.0769 4896 MMCSS - ok
12:01:26.0800 4896 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:01:26.0878 4896 Modem - ok
12:01:26.0909 4896 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:01:26.0956 4896 monitor - ok
12:01:27.0019 4896 [ 940F4DA752E28E6C4B1090D21AEB7B80 ] motmodem C:\Windows\system32\DRIVERS\motmodem.sys
12:01:27.0050 4896 motmodem - ok
12:01:27.0081 4896 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:01:27.0097 4896 mouclass - ok
12:01:27.0143 4896 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:01:27.0175 4896 mouhid - ok
12:01:27.0206 4896 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:01:27.0221 4896 mountmgr - ok
12:01:27.0268 4896 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:01:27.0284 4896 MozillaMaintenance - ok
12:01:27.0315 4896 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:01:27.0331 4896 mpio - ok
12:01:27.0362 4896 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:01:27.0424 4896 mpsdrv - ok
12:01:27.0549 4896 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:01:27.0643 4896 MpsSvc - ok
12:01:27.0674 4896 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:01:27.0705 4896 MRxDAV - ok
12:01:27.0736 4896 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:01:27.0783 4896 mrxsmb - ok
12:01:27.0830 4896 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:01:27.0861 4896 mrxsmb10 - ok
12:01:27.0877 4896 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:01:27.0892 4896 mrxsmb20 - ok
12:01:27.0939 4896 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:01:27.0955 4896 msahci - ok
12:01:28.0001 4896 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:01:28.0017 4896 msdsm - ok
12:01:28.0033 4896 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:01:28.0064 4896 MSDTC - ok
12:01:28.0111 4896 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:01:28.0173 4896 Msfs - ok
12:01:28.0189 4896 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:01:28.0251 4896 mshidkmdf - ok
12:01:28.0282 4896 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:01:28.0282 4896 msisadrv - ok
12:01:28.0329 4896 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:01:28.0391 4896 MSiSCSI - ok
12:01:28.0407 4896 msiserver - ok
12:01:28.0454 4896 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:01:28.0516 4896 MSKSSRV - ok
12:01:28.0547 4896 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:01:28.0610 4896 MSPCLOCK - ok
12:01:28.0641 4896 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:01:28.0703 4896 MSPQM - ok
12:01:28.0735 4896 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:01:28.0766 4896 MsRPC - ok
12:01:28.0781 4896 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:01:28.0797 4896 mssmbios - ok
12:01:28.0844 4896 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:01:28.0891 4896 MSTEE - ok
12:01:28.0906 4896 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:01:28.0937 4896 MTConfig - ok
12:01:28.0969 4896 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:01:28.0984 4896 Mup - ok
12:01:29.0015 4896 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
12:01:29.0031 4896 mwlPSDFilter - ok
12:01:29.0031 4896 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
12:01:29.0047 4896 mwlPSDNServ - ok
12:01:29.0078 4896 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
12:01:29.0093 4896 mwlPSDVDisk - ok
12:01:29.0140 4896 [ 2F139207F618EC2933830227EEFFDDB4 ] MWLService C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
12:01:29.0156 4896 MWLService - ok
12:01:29.0171 4896 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:01:29.0249 4896 napagent - ok
12:01:29.0296 4896 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:01:29.0343 4896 NativeWifiP - ok
12:01:29.0405 4896 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:01:29.0437 4896 NDIS - ok
12:01:29.0483 4896 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:01:29.0546 4896 NdisCap - ok
12:01:29.0577 4896 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:01:29.0624 4896 NdisTapi - ok
12:01:29.0655 4896 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:01:29.0702 4896 Ndisuio - ok
12:01:29.0733 4896 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:01:29.0795 4896 NdisWan - ok
12:01:29.0842 4896 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:01:29.0905 4896 NDProxy - ok
12:01:29.0936 4896 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:01:29.0983 4896 NetBIOS - ok
12:01:29.0998 4896 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:01:30.0061 4896 NetBT - ok
12:01:30.0076 4896 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:01:30.0092 4896 Netlogon - ok
12:01:30.0139 4896 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:01:30.0201 4896 Netman - ok
12:01:30.0248 4896 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:01:30.0295 4896 netprofm - ok
12:01:30.0326 4896 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:01:30.0341 4896 NetTcpPortSharing - ok
12:01:30.0373 4896 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:01:30.0388 4896 nfrd960 - ok
12:01:30.0529 4896 [ 3CC771FDB4FAAFD49B5925545FC158D6 ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
12:01:30.0544 4896 NitroReaderDriverReadSpool2 - ok
12:01:30.0575 4896 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:01:30.0653 4896 NlaSvc - ok
12:01:30.0685 4896 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:01:30.0747 4896 Npfs - ok
12:01:30.0778 4896 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:01:30.0856 4896 nsi - ok
12:01:30.0872 4896 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:01:30.0934 4896 nsiproxy - ok
12:01:30.0997 4896 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:01:31.0075 4896 Ntfs - ok
12:01:31.0106 4896 ntiomin - ok
12:01:31.0153 4896 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
12:01:31.0168 4896 NuidFltr - ok
12:01:31.0199 4896 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:01:31.0262 4896 Null - ok
12:01:31.0309 4896 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:01:31.0324 4896 nvraid - ok
12:01:31.0324 4896 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:01:31.0355 4896 nvstor - ok
12:01:31.0387 4896 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:01:31.0418 4896 nv_agp - ok
12:01:31.0449 4896 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:01:31.0465 4896 ohci1394 - ok
12:01:31.0543 4896 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:01:31.0558 4896 ose64 - ok
12:01:31.0917 4896 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:01:32.0089 4896 osppsvc - ok
12:01:32.0151 4896 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:01:32.0198 4896 p2pimsvc - ok
12:01:32.0229 4896 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:01:32.0276 4896 p2psvc - ok
12:01:32.0323 4896 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:01:32.0338 4896 Parport - ok
12:01:32.0369 4896 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:01:32.0385 4896 partmgr - ok
12:01:32.0416 4896 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:01:32.0479 4896 PcaSvc - ok
12:01:32.0588 4896 PCDSRVC{0368CD8C-92B4284F-06020101}_0 - ok
12:01:32.0603 4896 PCDSRVC{4368CD8C-DB62D375-06020101}_0 - ok
12:01:32.0650 4896 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:01:32.0666 4896 pci - ok
12:01:32.0697 4896 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:01:32.0713 4896 pciide - ok
12:01:32.0744 4896 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:01:32.0759 4896 pcmcia - ok
12:01:32.0775 4896 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:01:32.0791 4896 pcw - ok
12:01:32.0822 4896 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:01:32.0900 4896 PEAUTH - ok
12:01:32.0978 4896 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:01:33.0025 4896 PerfHost - ok
12:01:33.0087 4896 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:01:33.0181 4896 pla - ok
12:01:33.0227 4896 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:01:33.0259 4896 PlugPlay - ok
12:01:33.0290 4896 PnkBstrA - ok
12:01:33.0305 4896 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:01:33.0337 4896 PNRPAutoReg - ok
12:01:33.0352 4896 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:01:33.0368 4896 PNRPsvc - ok
12:01:33.0430 4896 [ 33328FA8A580885AB0065BE6DB266E9F ] Point64 C:\Windows\system32\DRIVERS\point64.sys
12:01:33.0430 4896 Point64 - ok
12:01:33.0477 4896 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:01:33.0539 4896 PolicyAgent - ok
12:01:33.0571 4896 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:01:33.0649 4896 Power - ok
12:01:33.0695 4896 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:01:33.0758 4896 PptpMiniport - ok
12:01:33.0789 4896 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:01:33.0820 4896 Processor - ok
12:01:33.0851 4896 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:01:33.0898 4896 ProfSvc - ok
12:01:33.0929 4896 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:01:33.0945 4896 ProtectedStorage - ok
12:01:33.0976 4896 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:01:34.0039 4896 Psched - ok
12:01:34.0132 4896 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:01:34.0179 4896 ql2300 - ok
12:01:34.0195 4896 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:01:34.0226 4896 ql40xx - ok
12:01:34.0241 4896 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:01:34.0273 4896 QWAVE - ok
12:01:34.0304 4896 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:01:34.0351 4896 QWAVEdrv - ok
12:01:34.0366 4896 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:01:34.0413 4896 RasAcd - ok
12:01:34.0444 4896 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:01:34.0507 4896 RasAgileVpn - ok
12:01:34.0538 4896 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:01:34.0600 4896 RasAuto - ok
12:01:34.0616 4896 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:01:34.0678 4896 Rasl2tp - ok
12:01:34.0741 4896 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:01:34.0803 4896 RasMan - ok
12:01:34.0850 4896 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:01:34.0928 4896 RasPppoe - ok
12:01:34.0943 4896 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:01:35.0006 4896 RasSstp - ok
12:01:35.0053 4896 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:01:35.0115 4896 rdbss - ok
12:01:35.0162 4896 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:01:35.0224 4896 rdpbus - ok
12:01:35.0255 4896 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:01:35.0318 4896 RDPCDD - ok
12:01:35.0349 4896 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:01:35.0411 4896 RDPENCDD - ok
12:01:35.0458 4896 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:01:35.0505 4896 RDPREFMP - ok
12:01:35.0536 4896 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:01:35.0599 4896 RDPWD - ok
12:01:35.0661 4896 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:01:35.0677 4896 rdyboost - ok
12:01:35.0739 4896 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:01:35.0817 4896 RemoteAccess - ok
12:01:35.0864 4896 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:01:35.0926 4896 RemoteRegistry - ok
12:01:35.0957 4896 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:01:36.0004 4896 RpcEptMapper - ok
12:01:36.0035 4896 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:01:36.0067 4896 RpcLocator - ok
12:01:36.0098 4896 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:01:36.0145 4896 RpcSs - ok
12:01:36.0207 4896 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:01:36.0285 4896 rspndr - ok
12:01:36.0285 4896 RSUSBSTOR - ok
12:01:36.0332 4896 [ 4E821C740A675F6D040BE41D59A62B1D ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
12:01:36.0347 4896 RTHDMIAzAudService - ok
12:01:36.0363 4896 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:01:36.0379 4896 SamSs - ok
12:01:36.0410 4896 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:01:36.0425 4896 sbp2port - ok
12:01:36.0457 4896 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:01:36.0753 4896 SCardSvr - ok
12:01:36.0800 4896 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:01:36.0893 4896 scfilter - ok
12:01:36.0940 4896 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:01:37.0003 4896 Schedule - ok
12:01:37.0034 4896 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:01:37.0081 4896 SCPolicySvc - ok
12:01:37.0096 4896 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:01:37.0159 4896 SDRSVC - ok
12:01:37.0190 4896 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:01:37.0252 4896 secdrv - ok
12:01:37.0283 4896 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:01:37.0361 4896 seclogon - ok
12:01:37.0408 4896 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:01:37.0486 4896 SENS - ok
12:01:37.0517 4896 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:01:37.0549 4896 SensrSvc - ok
12:01:37.0611 4896 [ BC7ED37FBA7CD8A46A63C6EDFE98BB36 ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl64.sys
12:01:37.0642 4896 Ser2pl - ok
12:01:37.0658 4896 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:01:37.0705 4896 Serenum - ok
12:01:37.0767 4896 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:01:37.0798 4896 Serial - ok
12:01:37.0845 4896 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:01:37.0861 4896 sermouse - ok
12:01:37.0892 4896 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:01:37.0985 4896 SessionEnv - ok
12:01:38.0048 4896 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:01:38.0095 4896 sffdisk - ok
12:01:38.0110 4896 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:01:38.0157 4896 sffp_mmc - ok
12:01:38.0173 4896 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:01:38.0204 4896 sffp_sd - ok
12:01:38.0251 4896 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:01:38.0297 4896 sfloppy - ok
12:01:38.0344 4896 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:01:38.0422 4896 SharedAccess - ok
12:01:38.0453 4896 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:01:38.0500 4896 ShellHWDetection - ok
12:01:38.0531 4896 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:01:38.0547 4896 SiSRaid2 - ok
12:01:38.0563 4896 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:01:38.0609 4896 SiSRaid4 - ok
12:01:38.0812 4896 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:01:38.0828 4896 SkypeUpdate - ok
12:01:38.0921 4896 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:01:39.0031 4896 Smb - ok
12:01:39.0155 4896 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:01:39.0187 4896 SNMPTRAP - ok
12:01:39.0218 4896 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:01:39.0233 4896 spldr - ok
12:01:39.0436 4896 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:01:39.0483 4896 Spooler - ok
12:01:39.0592 4896 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:01:39.0748 4896 sppsvc - ok
12:01:39.0857 4896 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:01:39.0982 4896 sppuinotify - ok
12:01:40.0169 4896 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\System32\Drivers\sptd.sys
12:01:40.0216 4896 sptd - ok
12:01:40.0435 4896 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:01:40.0513 4896 srv - ok
12:01:40.0715 4896 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:01:40.0793 4896 srv2 - ok
12:01:40.0840 4896 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:01:40.0918 4896 srvnet - ok
12:01:40.0965 4896 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:01:41.0012 4896 SSDPSRV - ok
12:01:41.0090 4896 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
12:01:41.0105 4896 SSPORT - ok
12:01:41.0137 4896 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:01:41.0246 4896 SstpSvc - ok
12:01:41.0636 4896 Steam Client Service - ok
12:01:41.0651 4896 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:01:41.0667 4896 stexstor - ok
12:01:41.0979 4896 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:01:42.0260 4896 stisvc - ok
12:01:42.0385 4896 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:01:42.0400 4896 swenum - ok
12:01:42.0478 4896 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:01:42.0572 4896 swprv - ok
12:01:42.0728 4896 [ 064A2530A4A7C7CEC1BE6A1945645BE4 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:01:42.0743 4896 SynTP - ok
12:01:43.0118 4896 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:01:43.0445 4896 SysMain - ok
12:01:43.0492 4896 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:01:43.0539 4896 TabletInputService - ok
12:01:43.0601 4896 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:01:43.0711 4896 TapiSrv - ok
12:01:43.0742 4896 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:01:43.0804 4896 TBS - ok
12:01:44.0225 4896 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:01:44.0303 4896 Tcpip - ok
12:01:44.0381 4896 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:01:44.0428 4896 TCPIP6 - ok
12:01:44.0506 4896 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:01:44.0584 4896 tcpipreg - ok
12:01:44.0647 4896 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:01:44.0693 4896 TDPIPE - ok
12:01:44.0740 4896 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:01:44.0787 4896 TDTCP - ok
12:01:44.0834 4896 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:01:44.0896 4896 tdx - ok
12:01:44.0943 4896 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:01:44.0959 4896 TermDD - ok
12:01:44.0990 4896 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:01:45.0052 4896 TermService - ok
12:01:45.0083 4896 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:01:45.0130 4896 Themes - ok
12:01:45.0161 4896 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:01:45.0208 4896 THREADORDER - ok
12:01:45.0255 4896 [ EFEF22B9577E5051057FDE1AE381B50C ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
12:01:45.0271 4896 TomTomHOMEService - ok
12:01:45.0317 4896 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:01:45.0364 4896 TrkWks - ok
12:01:45.0427 4896 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:01:45.0505 4896 TrustedInstaller - ok
12:01:45.0551 4896 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:01:45.0598 4896 tssecsrv - ok
12:01:45.0629 4896 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:01:45.0661 4896 TsUsbFlt - ok
12:01:45.0739 4896 [ 350A6D76176E832D4424767E1B019972 ] TuneUp.Defrag C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
12:01:45.0770 4896 TuneUp.Defrag - ok
12:01:45.0832 4896 [ 7BB182CE6EDB2FDEA6E0D1602C70AAB7 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
12:01:45.0863 4896 TuneUp.UtilitiesSvc - ok
12:01:45.0895 4896 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
12:01:45.0910 4896 TuneUpUtilitiesDrv - ok
12:01:45.0957 4896 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:01:46.0019 4896 tunnel - ok
12:01:46.0082 4896 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:01:46.0129 4896 uagp35 - ok
12:01:46.0160 4896 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:01:46.0238 4896 udfs - ok
12:01:46.0269 4896 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:01:46.0316 4896 UI0Detect - ok
12:01:46.0347 4896 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:01:46.0363 4896 uliagpkx - ok
12:01:46.0394 4896 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
12:01:46.0441 4896 umbus - ok
12:01:46.0487 4896 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:01:46.0503 4896 UmPass - ok
12:01:46.0643 4896 [ AF905F4966CFC8B973623AB150CD4B2B ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
12:01:46.0737 4896 UNS - ok
12:01:46.0846 4896 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
12:01:46.0862 4896 Updater Service - ok
12:01:46.0955 4896 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:01:47.0018 4896 upnphost - ok
12:01:47.0065 4896 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:01:47.0111 4896 USBAAPL64 - ok
12:01:47.0158 4896 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:01:47.0189 4896 usbaudio - ok
12:01:47.0252 4896 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:01:47.0267 4896 usbccgp - ok
12:01:47.0299 4896 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:01:47.0361 4896 usbcir - ok
12:01:47.0392 4896 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:01:47.0423 4896 usbehci - ok
12:01:47.0455 4896 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:01:47.0470 4896 usbhub - ok
12:01:47.0517 4896 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:01:47.0548 4896 usbohci - ok
12:01:47.0595 4896 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:01:47.0611 4896 usbprint - ok
12:01:47.0642 4896 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:01:47.0657 4896 usbscan - ok
12:01:47.0704 4896 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:01:47.0735 4896 USBSTOR - ok
12:01:47.0782 4896 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:01:47.0813 4896 usbuhci - ok
12:01:47.0845 4896 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
12:01:47.0876 4896 usbvideo - ok
12:01:47.0923 4896 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:01:47.0985 4896 UxSms - ok
12:01:48.0016 4896 [ 7671F2141163A4E28020A59DE882C246 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
12:01:48.0032 4896 UxTuneUp - ok
12:01:48.0063 4896 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:01:48.0079 4896 VaultSvc - ok
12:01:48.0110 4896 [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
12:01:48.0141 4896 VClone - ok
12:01:48.0188 4896 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:01:48.0203 4896 vdrvroot - ok
12:01:48.0250 4896 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:01:48.0297 4896 vds - ok
12:01:48.0328 4896 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:01:48.0359 4896 vga - ok
12:01:48.0391 4896 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:01:48.0453 4896 VgaSave - ok
12:01:48.0484 4896 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:01:48.0500 4896 vhdmp - ok
12:01:48.0531 4896 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:01:48.0547 4896 viaide - ok
12:01:48.0562 4896 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:01:48.0578 4896 volmgr - ok
12:01:48.0593 4896 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:01:48.0625 4896 volmgrx - ok
12:01:48.0656 4896 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:01:48.0671 4896 volsnap - ok
12:01:48.0703 4896 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:01:48.0734 4896 vsmraid - ok
12:01:48.0781 4896 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:01:48.0874 4896 VSS - ok
12:01:48.0921 4896 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:01:48.0952 4896 vwifibus - ok
12:01:48.0968 4896 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:01:49.0015 4896 vwififlt - ok
12:01:49.0046 4896 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
12:01:49.0061 4896 vwifimp - ok
12:01:49.0139 4896 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:01:49.0233 4896 W32Time - ok
12:01:49.0280 4896 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:01:49.0295 4896 WacomPen - ok
12:01:49.0342 4896 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:01:49.0405 4896 WANARP - ok
12:01:49.0405 4896 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:01:49.0451 4896 Wanarpv6 - ok
12:01:49.0529 4896 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:01:49.0592 4896 WatAdminSvc - ok
12:01:49.0763 4896 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:01:49.0810 4896 wbengine - ok
12:01:49.0857 4896 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:01:49.0888 4896 WbioSrvc - ok
12:01:49.0966 4896 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:01:50.0013 4896 wcncsvc - ok
12:01:50.0029 4896 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:01:50.0060 4896 WcsPlugInService - ok
12:01:50.0091 4896 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:01:50.0122 4896 Wd - ok
12:01:50.0153 4896 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:01:50.0185 4896 Wdf01000 - ok
12:01:50.0200 4896 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:01:50.0247 4896 WdiServiceHost - ok
12:01:50.0263 4896 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:01:50.0278 4896 WdiSystemHost - ok
12:01:50.0356 4896 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:01:50.0434 4896 WebClient - ok
12:01:50.0497 4896 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:01:50.0575 4896 Wecsvc - ok
12:01:50.0606 4896 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:01:50.0668 4896 wercplsupport - ok
12:01:50.0699 4896 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:01:50.0762 4896 WerSvc - ok
12:01:50.0809 4896 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:01:50.0855 4896 WfpLwf - ok
12:01:50.0887 4896 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:01:50.0902 4896 WIMMount - ok
12:01:50.0933 4896 WinDefend - ok
12:01:50.0933 4896 WinHttpAutoProxySvc - ok
12:01:51.0167 4896 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:01:51.0245 4896 Winmgmt - ok
12:01:51.0542 4896 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:01:51.0698 4896 WinRM - ok
12:01:51.0745 4896 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:01:51.0776 4896 WinUsb - ok
12:01:51.0979 4896 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:01:52.0088 4896 Wlansvc - ok
12:01:52.0150 4896 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:01:52.0181 4896 wlcrasvc - ok
12:01:52.0665 4896 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:01:52.0759 4896 wlidsvc - ok
12:01:52.0805 4896 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
12:01:52.0837 4896 WmiAcpi - ok
12:01:52.0883 4896 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:01:52.0915 4896 wmiApSrv - ok
12:01:52.0961 4896 WMPNetworkSvc - ok
12:01:53.0008 4896 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:01:53.0024 4896 WPCSvc - ok
12:01:53.0055 4896 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:01:53.0086 4896 WPDBusEnum - ok
12:01:53.0164 4896 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:01:53.0242 4896 ws2ifsl - ok
12:01:53.0273 4896 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
12:01:53.0289 4896 wscsvc - ok
12:01:53.0305 4896 WSearch - ok
12:01:53.0367 4896 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:01:53.0476 4896 wuauserv - ok
12:01:53.0492 4896 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:01:53.0539 4896 WudfPf - ok
12:01:53.0601 4896 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:01:53.0648 4896 WUDFRd - ok
12:01:53.0695 4896 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:01:53.0741 4896 wudfsvc - ok
12:01:53.0788 4896 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:01:53.0851 4896 WwanSvc - ok
12:01:53.0929 4896 [ 2C6BC21B2D5B58D8B1D638C1704CB494 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
12:01:53.0944 4896 xusb21 - ok
12:01:53.0991 4896 ================ Scan global ===============================
12:01:54.0022 4896 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:01:54.0053 4896 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:01:54.0069 4896 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
12:01:54.0100 4896 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:01:54.0131 4896 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:01:54.0147 4896 [Global] - ok
12:01:54.0147 4896 ================ Scan MBR ==================================
12:01:54.0163 4896 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:01:57.0127 4896 \Device\Harddisk0\DR0 - ok
12:01:57.0127 4896 ================ Scan VBR ==================================
12:01:57.0173 4896 [ BEDD70C3ED3461CC751ED6FABE339140 ] \Device\Harddisk0\DR0\Partition1
12:01:57.0173 4896 \Device\Harddisk0\DR0\Partition1 - ok
12:01:57.0205 4896 [ 212E0A21E6805EBA31A61896D2AC713C ] \Device\Harddisk0\DR0\Partition2
12:01:57.0251 4896 \Device\Harddisk0\DR0\Partition2 - ok
12:01:57.0251 4896 ============================================================
12:01:57.0251 4896 Scan finished
12:01:57.0251 4896 ============================================================
12:01:57.0251 4556 Detected object count: 6
12:01:57.0251 4556 Actual detected object count: 6
12:02:07.0080 4556 amdkmdap ( UnsignedFile.Multi.Generic ) - skipped by user
12:02:07.0080 4556 amdkmdap ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:02:07.0080 4556 CronService ( UnsignedFile.Multi.Generic ) - skipped by user
12:02:07.0080 4556 CronService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:02:07.0095 4556 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
12:02:07.0095 4556 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:02:07.0095 4556 FreemiumSelfUpdateService ( UnsignedFile.Multi.Generic ) - skipped by user
12:02:07.0095 4556 FreemiumSelfUpdateService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:02:07.0095 4556 FreemiumSystemStoreService ( UnsignedFile.Multi.Generic ) - skipped by user
12:02:07.0095 4556 FreemiumSystemStoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:02:07.0095 4556 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
12:02:07.0095 4556 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
Maximilian |
|
23.09.2012, 17:33
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Zero-Access Befall Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.09.2012, 11:09
| #25 |
| | Zero-Access Befall Hallo, irgendetwas ist beim Ausführen von Combofix schiefgegangen. Hab das Programm gestartet und das Programm werkeln lassen. Nach ca. 15min poppten immer wieder Programme für einen Sekundenbruchteil auf und verschwanden wieder. Dachte, dass das zum Ausführen des Programms gehört. Nach weiteren 20min erschienen immer noch Programmfenster und verschwanden sofort wieder. Habe dann meinen Rechner ausgeschaltet und neu gestartet. Jedoch sind weiterhin Programmfenster aufgepoppt. Erst als ich mich im Admin-Account angemeldet habe, erschien die Meldung, dass Combofix nun das Log erstellen würde. Jetzt funktioniert das System wieder normal. Ich hoffe ich habe durch den Neustart keine Schäden verursacht!? Code:
ATTFilter ComboFix 12-09-23.03 - Admin 24.09.2012 11:10:30.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3959.2558 [GMT 2:00]
ausgeführt von:: c:\users\Maximilian\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\Maximilian\AppData\Roaming\Local
c:\users\Maximilian\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Maximilian\AppData\Roaming\Local\Temp\DDM\Settings\Popp_oder_Hopp_19.avi.ddr
c:\users\Maximilian\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_de.divx.ddr
c:\users\Maximilian\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Maximilian\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\users\Maximilian\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\Maximilian\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Popp_oder_Hopp_19.avi.ddp
c:\users\Maximilian\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_de.divx
c:\users\Maximilian\Gigaset_SE515_FW_2.14.02.19e_BA09b6f.exe
c:\users\Maximilian\lame_enc.dll
c:\users\Maximilian\lametritonus_en.dll
c:\windows\IsUn0407.exe
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-24 bis 2012-09-24 ))))))))))))))))))))))))))))))
.
.
2012-09-24 09:19 . 2012-09-24 09:34 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-09-24 09:19 . 2012-09-24 09:19 -------- d-----w- c:\users\Max II\AppData\Local\temp
2012-09-24 09:19 . 2012-09-24 09:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-24 08:55 . 2012-08-21 09:13 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-09-24 08:54 . 2012-08-21 09:13 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-09-24 08:54 . 2012-08-21 09:13 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-09-24 08:54 . 2012-07-13 10:47 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-09-21 15:59 . 2012-09-21 15:59 -------- d-----w- C:\_OTL
2012-09-19 15:52 . 2012-09-19 15:52 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-09-19 15:52 . 2012-09-19 15:54 -------- d-----w- c:\users\Admin\AppData\Roaming\DAEMON Tools Lite
2012-09-19 15:52 . 2012-09-19 15:52 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-09-18 15:13 . 2012-09-18 15:13 -------- d-----w- c:\users\Maximilian\AppData\Local\IsolatedStorage
2012-09-18 15:13 . 2012-09-18 15:13 -------- d-----w- c:\users\Maximilian\AppData\Roaming\Freemium
2012-09-18 15:13 . 2012-09-18 15:13 -------- d-----w- c:\users\Maximilian\AppData\Local\Freemium TubeBox
2012-09-18 15:12 . 2012-09-18 15:12 -------- d-----w- c:\users\Admin\AppData\Local\Freemium TubeBox
2012-09-18 15:12 . 2012-09-18 15:12 -------- d-----w- c:\program files (x86)\Freemium
2012-09-16 15:09 . 2012-09-16 15:10 -------- d-----w- c:\users\Maximilian\reifen
2012-09-14 22:20 . 2012-09-14 22:20 -------- d-----w- c:\users\Maximilian\AppData\Roaming\Malwarebytes
2012-09-13 08:01 . 2012-09-13 08:01 -------- d-----w- c:\program files (x86)\ESET
2012-09-13 08:00 . 2012-09-13 08:00 -------- d-----w- c:\users\Admin\AppData\Local\Macromedia
2012-09-12 20:13 . 2012-09-12 20:13 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics
2012-09-12 14:43 . 2012-09-12 14:43 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2012-09-12 14:42 . 2012-09-12 14:42 -------- d-----w- c:\programdata\Malwarebytes
2012-09-12 14:42 . 2012-09-12 14:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-12 14:42 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-12 14:34 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 14:34 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 14:34 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:34 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 14:34 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 14:34 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 14:34 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-08 07:14 . 2012-09-08 07:14 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-07 21:05 . 2012-09-07 21:05 -------- d-----w- c:\users\Maximilian\AppData\Roaming\iFunbox_UserCache
2012-09-07 21:02 . 2012-09-07 21:02 -------- d-----w- c:\program files (x86)\i-Funbox DevTeam
2012-09-07 18:32 . 2012-09-07 19:19 -------- d-----w- c:\users\Maximilian\AppData\Roaming\QuickScan
2012-09-07 15:38 . 2012-09-07 15:42 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-09-05 20:00 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-05 20:00 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-05 20:00 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-05 20:00 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-05 20:00 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-05 20:00 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-05 20:00 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-05 19:59 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-05 19:59 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-09-05 19:58 . 2012-09-05 19:58 -------- d-----w- c:\programdata\AVAST Software
2012-09-05 19:58 . 2012-09-05 19:58 -------- d-----w- c:\program files\AVAST Software
2012-09-05 19:05 . 2012-09-05 19:11 -------- d-----w- c:\programdata\CPA_VA
2012-09-05 18:49 . 2012-09-17 14:06 -------- d-----w- c:\programdata\Comodo
2012-09-05 18:49 . 2012-09-05 18:49 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-24 09:33 . 2011-05-14 14:11 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2012-09-21 15:52 . 2012-05-15 07:25 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 15:52 . 2011-05-17 05:31 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 07:52 . 2010-05-15 08:05 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-30 07:27 . 2012-09-21 06:07 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FCBE5BA-E026-4870-871F-98BF9AA15BD6}\mpengine.dll
2012-07-18 18:15 . 2012-08-15 15:48 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-07 21:14 . 2011-08-24 17:37 282104 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-07 21:14 . 2011-04-06 20:17 282104 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-07 20:59 . 2010-12-17 19:14 282104 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-06 09:59 . 2012-07-06 10:00 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-06 09:59 . 2012-07-06 10:00 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-05 20:06 . 2012-07-15 22:09 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 20:06 . 2010-05-15 09:40 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-04 22:16 . 2012-08-15 15:48 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 15:48 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 15:48 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 15:48 41984 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
c:\users\Maximilian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Maximilian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"TrayServer"=c:\progra~2\MAGIX\VIDEO_~1\TrayServer.exe
.
R1 ntiomin;ntiomin; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 FreemiumSelfUpdateService;Freemium Self Update Service;c:\program files (x86)\Freemium\SystemStore\Freemium.SelfUpdate.exe [2012-08-21 8492544]
R2 FreemiumSystemStoreService;Freemium System Store Service;c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe -displayname Freemium System Store Service -servicename:FreemiumSystemStoreService [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-15 136176]
R2 KMService;KMService;c:\windows\System32\srvany.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 AirDisplay;Air Display Support;c:\windows\system32\DRIVERS\AVVideoCard.sys [2011-12-20 15768]
R3 AirDisplayMirror;Air Display Mirror Support;c:\windows\system32\DRIVERS\AVVideoCardMirror.sys [2011-12-20 15768]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2009-12-10 6179328]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-08 310784]
R3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-08 47616]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-15 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{0368CD8C-92B4284F-06020101}_0;PCDSRVC{0368CD8C-92B4284F-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\maximi~1\appdata\local\temp\zjlewwquu41v\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 PCDSRVC{4368CD8C-DB62D375-06020101}_0;PCDSRVC{4368CD8C-DB62D375-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\maximi~1\appdata\local\temp\uiy0oed4bwhk\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-14 1255736]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-16 834544]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-07-13 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 FixZeroAccess;Zero Access Fixtool driver;c:\windows\system32\drivers\FixZeroAccess.sys [2012-09-07 27256]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-09-19 283200]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-09 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-08-21 133912]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-06-25 216080]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2008-01-03 11576]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-04-01 1401672]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 15:52]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-15 09:35]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-15 09:35]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3412578525-3315306497-1679237351-1001Core.job
- c:\users\Maximilian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-07 20:15]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3412578525-3315306497-1679237351-1001UA.job
- c:\users\Maximilian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-07 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5741g&r=27360510f145l0424z1m5t4422j817
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{95C86FD0-9309-4931-9220-033654B82A43}: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{95C86FD0-9309-4931-9220-033654B82A43}\46C696E6B6: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{95C86FD0-9309-4931-9220-033654B82A43}\64259445A51224F6870275C414E40233237303: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{95C86FD0-9309-4931-9220-033654B82A43}\6435F6234435C4: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\odke87nw.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-CodInstl - c:\windows\system32\CDUninst.isu
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FreemiumSystemStoreService]
"ImagePath"="\"c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe\" -displayname \"Freemium System Store Service\" -servicename:FreemiumSystemStoreService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{0368CD8C-92B4284F-06020101}_0]
"ImagePath"="\??\c:\users\maximi~1\appdata\local\temp\zjlewwquu41v\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{4368CD8C-DB62D375-06020101}_0]
"ImagePath"="\??\c:\users\maximi~1\appdata\local\temp\uiy0oed4bwhk\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.032"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.abr"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ani"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.apd"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.arw"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.bay"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.bmp"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.bw"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.bwf"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.caf"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.cdda"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.cel"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.cr2"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.crw"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.cs1"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.cur"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.dcr"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.dcx"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.dib"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.djv"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.djvu"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.dng"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.emf"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.eps"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.erf"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.fff"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.flc"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.fli"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.fpx"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.gif"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.gsm"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.hdr"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.icl"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.icn"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.iff"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ilbm"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.int"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.inta"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.iw4"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.j2c"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.j2k"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jbr"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jfif"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jif"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jp2"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jpc"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jpe"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jpeg"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jpg"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jpk"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jpx"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.kdc"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.lbm"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.m15"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.m1a"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.m2a"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.m4a"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.m4b"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.m4p"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.m75"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.mef"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.mos"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.mp2"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.mpv"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.mrw"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.nef"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.nrw"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.orf"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pbm"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pbr"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pcd"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pct"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pcx"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pef"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pgm"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pic"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pics"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pict"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pix"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.png"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ppm"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.psd"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.psp"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pspbrush"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pspimage"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.qtpf"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.raf"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ras"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.raw"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rgb"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rgba"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rle"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rsb"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rw2"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rwl"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.sfil"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.sgi"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.sml"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.sr2"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.srf"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.srw"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.swa"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.tga"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.thm"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.tif"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.tiff"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ttc"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ttf"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ulw"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.v14o"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.v14p"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.v14pf"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.vfw"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.wbm"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.wbmp"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.wmf"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xbm"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xif"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xmp"
.
[HKEY_USERS\S-1-5-21-3412578525-3315306497-1679237351-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-24 11:41:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-24 09:41
.
Vor Suchlauf: 25 Verzeichnis(se), 56.330.010.624 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 55.915.839.488 Bytes frei
.
- - End Of File - - 97664ACECDFA70B170AF0BC4AC4F6156
Maximilian |
|
24.09.2012, 18:07
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Zero-Access Befall Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.09.2012, 16:58
| #27 |
| | Zero-Access Befall Guten Abend, Gmer: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-25 17:23:32
Windows 6.1.7601 Service Pack 1
Running: 39lh8e69.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFC 0x5E 0x39 0x57 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x06 0x78 0x39 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1F 0x39 0xD5 0x3B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x1B 0x69 0xFB 0x8F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFC 0x5E 0x39 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x06 0x78 0x39 0xC2 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1F 0x39 0xD5 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x1B 0x69 0xFB 0x8F ...
---- Files - GMER 1.0.15 ----
File C:\avast! sandbox 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Program Files 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Program Files\AVAST Software 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Program Files\AVAST Software\Avast 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Program Files\AVAST Software\Avast\sfzone 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\chrome_shutdown_ms.txt 3 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Network Action Predictor 3072 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Archived History 53248 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Bookmarks 767 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Cache 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Cache\data_0 45056 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Cache\data_1 270336 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Cache\data_2 1056768 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Cache\data_3 4202496 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Cache\f_000001 16393 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Cache\f_000002 47613 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Cache\f_000003 47102 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Cache\f_000004 156951 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Cache\f_000005 62486 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Cache\index 524656 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Cookies 7168 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Current Session 2121 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Current Tabs 1046 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Favicons 16384 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\History 86016 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\History Index 2012-09 36864 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\History Provider Cache 11 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\JumpListIcons 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\JumpListIconsOld 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Preferences 8254 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Shortcuts 12288 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Top Sites 20480 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\User StyleSheets 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\User StyleSheets\Custom.css 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Visited Links 131072 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Default\Web Data 75776 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Local State 1909 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\PepperFlash 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Safe Browsing Bloom 2562624 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Safe Browsing Bloom Filter 2 781418 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Safe Browsing Csd Whitelist 134352 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Safe Browsing Download 1008168 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\sfzone_profile\Safe Browsing Download Whitelist 19960 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\Local 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\Local\Temp 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\LocalLow 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\LocalLow\Microsoft 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\LocalLow\Microsoft\CryptnetUrlCache 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\23B523C9E7746F715D33C6527C18EB9D 3694 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\48C226A0FE7D97DE1C716B47235CB639_A62A12E9232B27717F82C4F61F73EB86 1084 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_1E5D470765E0BE1964814B1F5A3581DC 471 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_D3DB95C0E7608ACC9AA10ACCCCEBBDF5 471 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4B372709D6C2AD766C34D274501DC76_C08D897FBCD7D5D638FCD154D1404CBE 1938 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FDCDA60516A338BF2CE73506D1835F5D_EB0A434D23B40DF48D0DE6FB6A09D527 471 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D 252 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\48C226A0FE7D97DE1C716B47235CB639_A62A12E9232B27717F82C4F61F73EB86 400 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_1E5D470765E0BE1964814B1F5A3581DC 396 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_D3DB95C0E7608ACC9AA10ACCCCEBBDF5 400 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4B372709D6C2AD766C34D274501DC76_C08D897FBCD7D5D638FCD154D1404CBE 374 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FDCDA60516A338BF2CE73506D1835F5D_EB0A434D23B40DF48D0DE6FB6A09D527 404 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\Roaming 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\Roaming\Microsoft 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\Roaming\Microsoft\Windows 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\Roaming\Microsoft\Windows\Recent 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Users\Maximilian\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d8b393b9387fc13c.customDestinations-ms 6164 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Windows 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Windows\Prefetch 0 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\C\Windows\Prefetch\CTFMON.EXE-43603594.pf 22168 bytes
File C:\avast! sandbox\S-1-5-21-3412578525-3315306497-1679237351-1001\sfzone\snx_fs.dat 13402 bytes
File C:\avast! sandbox\snx_rhive 262144 bytes
File C:\avast! sandbox\snx_rhive.LOG1 25600 bytes
File C:\avast! sandbox\snx_rhive.LOG2 0 bytes
File C:\avast! sandbox\snx_rhive{49ca703d-0643-11e2-83ac-705ab6399b76}.TM.blf 65536 bytes
File C:\avast! sandbox\snx_rhive{49ca703d-0643-11e2-83ac-705ab6399b76}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\avast! sandbox\snx_rhive{49ca703d-0643-11e2-83ac-705ab6399b76}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:26:45 on 25.09.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 15.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-3412578525-3315306497-1679237351-1001Core.job" - "Google Inc." - C:\Users\Maximilian\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-3412578525-3315306497-1679237351-1001UA.job" - "Google Inc." - C:\Users\Maximilian\AppData\Local\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "amdkmdap" (amdkmdap) - "Advanced Micro Devices, Inc." - C:\Windows\System32\DRIVERS\atikmpag.sys "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys "aswKbd" (aswKbd) - "AVAST Software" - C:\Windows\system32\drivers\aswKbd.sys "aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\System32\Drivers\aswrdr2.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys "avast! Firewall Core Firewall Service" (aswNdis2) - "AVAST Software" - C:\Windows\system32\drivers\aswNdis2.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys "avast! TDI Firewall driver" (aswFW) - "AVAST Software" - C:\Windows\system32\drivers\aswFW.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "Microsoft IntelliPoint Filter Driver" (Point64) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\point64.sys "ntiomin" (ntiomin) - ? - C:\Windows\system32\drivers\ntiomin.sys (File not found) "PCDSRVC{0368CD8C-92B4284F-06020101}_0 - PCDR Kernel Mode Service Helper Driver" (PCDSRVC{0368CD8C-92B4284F-06020101}_0) - ? - c:\users\maximi~1\appdata\local\temp\zjlewwquu41v\pcdrdiag\bin\pcdsrvc_x64.pkms (File not found) "PCDSRVC{4368CD8C-DB62D375-06020101}_0 - PCDR Kernel Mode Service Helper Driver" (PCDSRVC{4368CD8C-DB62D375-06020101}_0) - ? - c:\users\maximi~1\appdata\local\temp\uiy0oed4bwhk\pcdrdiag\bin\pcdsrvc_x64.pkms (File not found) "RtsUStor.Sys Realtek USB Card Reader" (RSUSBSTOR) - ? - C:\Windows\System32\Drivers\RtsUStor.sys (File not found) "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys "Zero Access Fixtool driver" (FixZeroAccess) - "Symantec Corporation" - C:\Windows\System32\drivers\FixZeroAccess.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {5513F07E-936B-4E52-9B00-067394E91CC5} "dssrequest" - ? - (File not found | COM-object registry key not found) {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "ms-help" - ? - (File not found | COM-object registry key not found) {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {5513F07E-936B-4E52-9B00-067394E91CC5} "sacore" - ? - (File not found | COM-object registry key not found) {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll {7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} "Enterprise-Projekte" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\NAMEEXT.DLL {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {BB7DF450-F119-11CD-8465-00AA00425D90} "Microsoft Access Custom Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\soa800.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Microsoft Outlook Custom Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files (x86)\real\realplayer\rpshell.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2010\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2010\SDShelEx-win32.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.7.0_05" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll {593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [Known DLLs] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )----- "advapi32" - "Microsoft Corporation" - C:\Windows\system32\advapi32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "clbcatq" - "Microsoft Corporation" - C:\Windows\system32\clbcatq.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "COMDLG32" - "Microsoft Corporation" - C:\Windows\system32\COMDLG32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "DifxApi" - "Microsoft Corporation" - C:\Windows\system32\difxapi.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "gdi32" - "Microsoft Corporation" - C:\Windows\system32\gdi32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IERTUTIL" - "Microsoft Corporation" - C:\Windows\system32\IERTUTIL.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IMAGEHLP" - "Microsoft Corporation" - C:\Windows\system32\IMAGEHLP.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IMM32" - "Microsoft Corporation" - C:\Windows\system32\IMM32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "kernel32" - "Microsoft Corporation" - C:\Windows\system32\kernel32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "LPK" - "Microsoft Corporation" - C:\Windows\system32\LPK.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "MSCTF" - "Microsoft Corporation" - C:\Windows\system32\MSCTF.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "MSVCRT" - "Microsoft Corporation" - C:\Windows\system32\MSVCRT.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "NORMALIZ" - "Microsoft Corporation" - C:\Windows\system32\NORMALIZ.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "NSI" - "Microsoft Corporation" - C:\Windows\system32\NSI.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "ole32" - "Microsoft Corporation" - C:\Windows\system32\ole32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "OLEAUT32" - "Microsoft Corporation" - C:\Windows\system32\OLEAUT32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "PSAPI" - "Microsoft Corporation" - C:\Windows\system32\PSAPI.DLL (Hidden registry entry, rootkit activity | File signed by Microsoft) "rpcrt4" - "Microsoft Corporation" - C:\Windows\system32\rpcrt4.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "sechost" - "Microsoft Corporation" - C:\Windows\system32\sechost.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "Setupapi" - "Microsoft Corporation" - C:\Windows\system32\Setupapi.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "SHELL32" - "Microsoft Corporation" - C:\Windows\system32\SHELL32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "SHLWAPI" - "Microsoft Corporation" - C:\Windows\system32\SHLWAPI.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "URLMON" - "Microsoft Corporation" - C:\Windows\system32\URLMON.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "user32" - "Microsoft Corporation" - C:\Windows\system32\user32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "USP10" - "Microsoft Corporation" - C:\Windows\system32\USP10.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WININET" - "Microsoft Corporation" - C:\Windows\system32\WININET.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WLDAP32" - "Microsoft Corporation" - C:\Windows\system32\WLDAP32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WS2_32" - "Microsoft Corporation" - C:\Windows\system32\WS2_32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui "FreePDF Assistant" - "shbox.de" - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Nitro PDF Port Monitor" - "Nitro PDF Software" - C:\Windows\system32\nitrolocalmon2.dll "Redirected Port" - ? - C:\Windows\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "@C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe "avast! Firewall" (avast! Firewall) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\afwServ.exe "Cron Service for Prey" (CronService) - "Fork Ltd." - C:\Prey\platform\windows\cronsvc.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe "Freemium Self Update Service" (FreemiumSelfUpdateService) - ? - C:\Program Files (x86)\Freemium\SystemStore\Freemium.SelfUpdate.exe "Freemium System Store Service" (FreemiumSystemStoreService) - ? - C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "KMService" (KMService) - ? - C:\Windows\System32\srvany.exe (File not found) "MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service) - ? - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (File not found) "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe "NitroPDFReaderDriverCreatorReadSpool2" (NitroReaderDriverReadSpool2) - "Nitro PDF Software" - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe "Office 64 Source Engine" (ose64) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File not found) "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe "TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe "Updater Service" (Updater Service) - "Acer" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe "Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru aswMBR: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:26:45 on 25.09.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 15.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-3412578525-3315306497-1679237351-1001Core.job" - "Google Inc." - C:\Users\Maximilian\AppData\Local\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskUserS-1-5-21-3412578525-3315306497-1679237351-1001UA.job" - "Google Inc." - C:\Users\Maximilian\AppData\Local\Google\Update\GoogleUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "amdkmdap" (amdkmdap) - "Advanced Micro Devices, Inc." - C:\Windows\System32\DRIVERS\atikmpag.sys "aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys "aswKbd" (aswKbd) - "AVAST Software" - C:\Windows\system32\drivers\aswKbd.sys "aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys "aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\System32\Drivers\aswrdr2.sys "aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys "aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys "avast! Firewall Core Firewall Service" (aswNdis2) - "AVAST Software" - C:\Windows\system32\drivers\aswNdis2.sys "avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys "avast! TDI Firewall driver" (aswFW) - "AVAST Software" - C:\Windows\system32\drivers\aswFW.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "Microsoft IntelliPoint Filter Driver" (Point64) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\point64.sys "ntiomin" (ntiomin) - ? - C:\Windows\system32\drivers\ntiomin.sys (File not found) "PCDSRVC{0368CD8C-92B4284F-06020101}_0 - PCDR Kernel Mode Service Helper Driver" (PCDSRVC{0368CD8C-92B4284F-06020101}_0) - ? - c:\users\maximi~1\appdata\local\temp\zjlewwquu41v\pcdrdiag\bin\pcdsrvc_x64.pkms (File not found) "PCDSRVC{4368CD8C-DB62D375-06020101}_0 - PCDR Kernel Mode Service Helper Driver" (PCDSRVC{4368CD8C-DB62D375-06020101}_0) - ? - c:\users\maximi~1\appdata\local\temp\uiy0oed4bwhk\pcdrdiag\bin\pcdsrvc_x64.pkms (File not found) "RtsUStor.Sys Realtek USB Card Reader" (RSUSBSTOR) - ? - C:\Windows\System32\Drivers\RtsUStor.sys (File not found) "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys "Zero Access Fixtool driver" (FixZeroAccess) - "Symantec Corporation" - C:\Windows\System32\drivers\FixZeroAccess.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {5513F07E-936B-4E52-9B00-067394E91CC5} "dssrequest" - ? - (File not found | COM-object registry key not found) {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "ms-help" - ? - (File not found | COM-object registry key not found) {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {5513F07E-936B-4E52-9B00-067394E91CC5} "sacore" - ? - (File not found | COM-object registry key not found) {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll {7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} "Enterprise-Projekte" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\NAMEEXT.DLL {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {BB7DF450-F119-11CD-8465-00AA00425D90} "Microsoft Access Custom Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office\soa800.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Microsoft Outlook Custom Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files (x86)\real\realplayer\rpshell.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2010\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2010\SDShelEx-win32.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.7.0_05" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab {E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll {593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll {326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [Known DLLs] -----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )----- "advapi32" - "Microsoft Corporation" - C:\Windows\system32\advapi32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "clbcatq" - "Microsoft Corporation" - C:\Windows\system32\clbcatq.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "COMDLG32" - "Microsoft Corporation" - C:\Windows\system32\COMDLG32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "DifxApi" - "Microsoft Corporation" - C:\Windows\system32\difxapi.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "gdi32" - "Microsoft Corporation" - C:\Windows\system32\gdi32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IERTUTIL" - "Microsoft Corporation" - C:\Windows\system32\IERTUTIL.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IMAGEHLP" - "Microsoft Corporation" - C:\Windows\system32\IMAGEHLP.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "IMM32" - "Microsoft Corporation" - C:\Windows\system32\IMM32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "kernel32" - "Microsoft Corporation" - C:\Windows\system32\kernel32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "LPK" - "Microsoft Corporation" - C:\Windows\system32\LPK.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "MSCTF" - "Microsoft Corporation" - C:\Windows\system32\MSCTF.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "MSVCRT" - "Microsoft Corporation" - C:\Windows\system32\MSVCRT.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "NORMALIZ" - "Microsoft Corporation" - C:\Windows\system32\NORMALIZ.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "NSI" - "Microsoft Corporation" - C:\Windows\system32\NSI.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "ole32" - "Microsoft Corporation" - C:\Windows\system32\ole32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "OLEAUT32" - "Microsoft Corporation" - C:\Windows\system32\OLEAUT32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "PSAPI" - "Microsoft Corporation" - C:\Windows\system32\PSAPI.DLL (Hidden registry entry, rootkit activity | File signed by Microsoft) "rpcrt4" - "Microsoft Corporation" - C:\Windows\system32\rpcrt4.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "sechost" - "Microsoft Corporation" - C:\Windows\system32\sechost.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "Setupapi" - "Microsoft Corporation" - C:\Windows\system32\Setupapi.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "SHELL32" - "Microsoft Corporation" - C:\Windows\system32\SHELL32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "SHLWAPI" - "Microsoft Corporation" - C:\Windows\system32\SHLWAPI.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "URLMON" - "Microsoft Corporation" - C:\Windows\system32\URLMON.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "user32" - "Microsoft Corporation" - C:\Windows\system32\user32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "USP10" - "Microsoft Corporation" - C:\Windows\system32\USP10.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WININET" - "Microsoft Corporation" - C:\Windows\system32\WININET.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WLDAP32" - "Microsoft Corporation" - C:\Windows\system32\WLDAP32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) "WS2_32" - "Microsoft Corporation" - C:\Windows\system32\WS2_32.dll (Hidden registry entry, rootkit activity | File signed by Microsoft) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui "FreePDF Assistant" - "shbox.de" - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Nitro PDF Port Monitor" - "Nitro PDF Software" - C:\Windows\system32\nitrolocalmon2.dll "Redirected Port" - ? - C:\Windows\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "@C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe "avast! Firewall" (avast! Firewall) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\afwServ.exe "Cron Service for Prey" (CronService) - "Fork Ltd." - C:\Prey\platform\windows\cronsvc.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe "Freemium Self Update Service" (FreemiumSelfUpdateService) - ? - C:\Program Files (x86)\Freemium\SystemStore\Freemium.SelfUpdate.exe "Freemium System Store Service" (FreemiumSystemStoreService) - ? - C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Intel(R) Management & Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "KMService" (KMService) - ? - C:\Windows\System32\srvany.exe (File not found) "MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service) - ? - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (File not found) "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "MyWinLocker Service" (MWLService) - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe "NitroPDFReaderDriverCreatorReadSpool2" (NitroReaderDriverReadSpool2) - "Nitro PDF Software" - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe "Office 64 Source Engine" (ose64) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File not found) "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe "TomTomHOMEService" (TomTomHOMEService) - "TomTom" - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe "Updater Service" (Updater Service) - "Acer" - C:\Program Files\Acer\Acer Updater\UpdaterService.exe "Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Maximilian |
|
26.09.2012, 06:05
| #29 |
| | Zero-Access Befall Guten Morgen, stimmt da ist was schief gelaufen! Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-25 17:35:42
-----------------------------
17:35:42.613 OS Version: Windows x64 6.1.7601 Service Pack 1
17:35:42.613 Number of processors: 4 586 0x2502
17:35:42.613 ComputerName: MAXIMILIAN-PC UserName: Admin
17:35:44.626 Initialize success
17:35:44.673 AVAST engine defs: 12092500
17:35:59.118 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:35:59.118 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
17:35:59.165 Disk 0 MBR read successfully
17:35:59.165 Disk 0 MBR scan
17:35:59.165 Disk 0 Windows 7 default MBR code
17:35:59.181 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
17:35:59.196 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855
17:35:59.212 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464545 MB offset 25382700
17:35:59.274 Disk 0 scanning C:\Windows\system32\drivers
17:36:09.087 Service scanning
17:36:35.140 Modules scanning
17:36:35.140 Disk 0 trace - called modules:
17:36:35.171 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:36:35.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80070e4060]
17:36:35.187 3 CLASSPNP.SYS[fffff88001bd043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80050fc050]
17:36:35.187 Scan finished successfully
17:37:29.412 Disk 0 MBR has been saved successfully to "C:\Users\Maximilian\Desktop\virus\MBR.dat"
17:37:29.412 The log file has been saved successfully to "C:\Users\Maximilian\Desktop\virus\aswMBR.txt"
Gruß, Maximilian |
|
26.09.2012, 14:33
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Zero-Access Befall Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Zero-Access Befall |
| acer, acer aspire, admin-passwort, avast, avira, befall, comodo, dateien, ebanking, firefox, gelöscht, installation, onlinebanking, paypal, pdf, plötzlich, probleme, scan, sekunden, software, sperren, system, viren, virenwarnung, warnung, win, woche, zip-datei |
Linear-Darstellung
