"H:\RECYCLER\e621ca05.exe" konnte nicht gefunden werden.

Damien91 · 15.10.2012, 21:14

Hallo liebe Forengemeinde,

Ich habe gestern offenbar mehrere dumme fatale Fehler gemacht.
Ich liste die Geschehnisse zuerst einmal hier auf:

1. eine uminöse Skype Nachricht erreichte mich gestern von einem Bekannten, in der erschien dass ich irgendwo tolle Bilder in meinem Profil hätte. Darunter ein Link. Naiv wie ich bin, öffne ich diesen und es lädt sich eine Datei herunter, mit Skype Logo. Also öffne ich sie, und zack, da wars zu spät. Sämtliche Skype Kontakte bekamen von mir dieselbe Nachricht mit solchem Link zugeschickt -.-

Zitat:

moin, kaum zu glauben was für schöne fotos von dir auf deinem profil?

Lautete die Nachricht. Darunter ein Skype Link mit meinem Benutzernamen am Ende.

Mit diesem Video konnte ich offenbar etwas erreichen und den Wurm entfernen:

Zitat:

hxxp://www.youtube.com/watch?v=v5EI_nMhhpQ&feature=plcp

Als ich dann auf meine (sehr wichtige) externe Festplatte "H:\" zugreifen wollte, musste ich feststellen dass dort alle Ordner zu Verknüpfungen geworden sind. Außerdem sind Ordner und Dateien aufgelistet, die ich gar nicht kenne.
Ich habe aus einem Ordner "RECYCLE" alles heraus gelöscht.
Man muss sagen, immer wenn ich einen der Ordner öffnete, kam eine Meldung die mir sagte irgendwo dort wäre eine gefährliche Datei (e621ca05.exe)
Nach dem löschen des RECYCLE Ordnerinhaltes kam ich dann auf der externen Festplatte "H" nirgends mehr rein.

Zitat:

"H:\RECYCLER\e621ca05.exe" konnte nicht gefunden werden.

Ich stellte die gelöschten Dateien wieder her, doch vergebens.

Alles klingt sehr nach diesem Problem:
http://www.trojaner-board.de/115010-...estplatte.html

Da ich mich nun hilfesuchend an euch Fachmänner wende, habe ich schon fleißig vorgearbeitet, wie es im Threat zuvor gewünscht war, und die Logdateien von Malwarebytes, OTL und CCleaner erstellt. Hier das Ergebnis:
Im Anhang.

cosinus · 16.10.2012, 12:52

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Damien91 · 16.10.2012, 17:06

Hallo cosinus,

danke für deine Antwort.
Ich habe zuvor nie mit Malwarebytes gearbeitet.
Wie in meinem Eingangsbeitrag schon beschrieben, habe ich mich an ein bearbeitetes Thema mit den selben Symptomen orientiert, und deswegen schon einige dort geforderten Logs erstellt und ebenfalls im Eingangs-Posting hochgeladen. Sie sind dort im Anhang zu finden.
Leider habe ich sie nicht als Code gepostet, weil in den Forenregeln steht ich soll sie als Anhang hochladen.
Die Datei OLT.txt war dafür zu groß, deswegen habe ich sie zweigeteilt.

Liebe Grüße,
Hannes

cosinus · 16.10.2012, 19:27

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Damien91 · 16.10.2012, 22:33

log.txt

HTML-Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7fb93bf3cc985443b926e9aca1f7c55d
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-16 08:56:04
# local_time=2012-10-16 10:56:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 47750710 47750710 0 0
# compatibility_mode=1024 16777215 100 0 123003 123003 0 0
# compatibility_mode=5893 16776574 66 85 25377530 102043636 0 0
# compatibility_mode=8192 67108863 100 0 137 137 0 0
# scanned=314326
# found=25
# cleaned=0
# scan_time=7178
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hannes\AppData\Local\TempDIR\BetterInstaller.exe	a variant of Win32/Somoto.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hannes\AppData\Roaming\1452.exe	Win32/Rodpicom.B worm (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hannes\AppData\Roaming\2602.exe	Win32/Rodpicom.B worm (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hannes\AppData\Roaming\2E9E.exe	Win32/Rodpicom.B worm (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hannes\AppData\Roaming\3790.exe	Win32/Rodpicom.B worm (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hannes\AppData\Roaming\3FD4.exe	Win32/Rodpicom.B worm (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hannes\AppData\Roaming\56F0.exe	Win32/Rodpicom.B worm (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hannes\AppData\Roaming\5EAC.exe	Win32/Rodpicom.B worm (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hannes\AppData\Roaming\C3B6.exe	Win32/Rodpicom.B worm (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hannes\AppData\Roaming\EFC9.exe	Win32/Rodpicom.B worm (unable to clean)	00000000000000000000000000000000	I
C:\Users\Hannes\AppData\Roaming\Vwgkgf.exe.old	Win32/Dorkbot.B worm (unable to clean)	00000000000000000000000000000000	I
H:\.Trashes.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
H:\PRIVAT!.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
H:\.Spotlight-V100.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
H:\Jonas.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
H:\Nürburg.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
H:\.fseventsd.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
H:\Nagel Sponsorenbild.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
H:\Recycled.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
H:\System Volume Information.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
H:\Eigene Dateien.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
H:\$RECYCLE.BIN.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
H:\Maurice Ullrich.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I
H:\Leon Pfälzer.lnk	Win32/Dorkbot.D worm (unable to clean)	00000000000000000000000000000000	I

cosinus · 17.10.2012, 14:17

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Damien91 · 17.10.2012, 17:32

Code:

ATTFilter

# AdwCleaner v2.005 - Datei am 17/10/2012 um 18:30:21 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Hannes - KIELBASSA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Hannes\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Hannes\AppData\Local\TempDir
Ordner Gefunden : C:\Users\Hannes\AppData\Roaming\Media Finder
Ordner Gefunden : C:\Users\Hannes\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gefunden : C:\Users\Hannes\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\MediaFinder
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MF
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default [Profil par défaut]
Datei : C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\m17vktlk.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2006 octets] - [17/10/2012 18:30:21]

########## EOF - C:\AdwCleaner[R1].txt - [2066 octets] ##########

cosinus · 17.10.2012, 18:33

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Damien91 · 17.10.2012, 21:58

Code:

ATTFilter

# AdwCleaner v2.005 - Datei am 17/10/2012 um 22:51:23 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Hannes - KIELBASSA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Hannes\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Hannes\AppData\Local\TempDir
Ordner Gelöscht : C:\Users\Hannes\AppData\Roaming\Media Finder
Ordner Gelöscht : C:\Users\Hannes\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gelöscht : C:\Users\Hannes\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default [Profil par défaut]
Datei : C:\Users\Hannes\AppData\Roaming\Mozilla\Firefox\Profiles\m17vktlk.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [2133 octets] - [17/10/2012 18:30:21]
AdwCleaner[S1].txt - [2068 octets] - [17/10/2012 22:51:23]

########## EOF - C:\AdwCleaner[S1].txt - [2128 octets] ##########

cosinus · 17.10.2012, 22:39

Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Damien91 · 18.10.2012, 09:11

Okay. Zwischendurch schonmal ein DANKE bis hierhin!

Windows funktionierte auch schon vorher normal. Auch jetzt gibt es keine auffälligen Auswirkungen.
Im Startmenü vermisse ich nichts, alle vorhandenen Ordner dort sind nach wie vor belegt.

Jedoch habe ich immer noch keinen Zugriff auf die Ordner in meiner externen Festplatte "H", und die dort gelisteten Ordner werden auch noch als Verknüpfungen angezeigt. Auch die Ordner dort die vorher nicht da waren existieren noch.

Lieben Gruß
Hannes

cosinus · 18.10.2012, 09:35

Ich lese gerade, dass du mit dem mediyes infiziert bist...

CustomScan mit OTL

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /360
C:\Windows\SysNative\*.dll /360
C:\Windows\SysWOW64\*.dll /360

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Damien91 · 18.10.2012, 16:33

Code:

ATTFilter

OTL logfile created on: 18.10.2012 17:22:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Hannes\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 58,45% Memory free
7,83 Gb Paging File | 5,97 Gb Available in Paging File | 76,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,24 Gb Total Space | 18,55 Gb Free Space | 15,56% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 146,72 Gb Free Space | 95,36% Space Free | Partition Type: NTFS
Drive H: | 298,05 Gb Total Space | 82,68 Gb Free Space | 27,74% Space Free | Partition Type: FAT32
 
Computer Name: KIELBASSA | User Name: Hannes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Hannes\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\Hannes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\ProgramData\DatacardService\DCService.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found
SRV:64bit: - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (TiMiniService) -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe (Trend Micro Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (FreemakeVideoCapture) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft)
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)
DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (tcpipBM) -- C:\Windows\SysNative\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV:64bit: - (BMLoad) -- C:\Windows\SysNative\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (ksaud) -- C:\Windows\SysNative\drivers\ksaud.sys (Creative Technology Ltd.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (SaiH0C2D) -- C:\Windows\SysNative\drivers\SaiH0C2D.sys (Saitek)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3038508100-2890377417-1923366057-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3038508100-2890377417-1923366057-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-3038508100-2890377417-1923366057-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3038508100-2890377417-1923366057-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3038508100-2890377417-1923366057-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =  127.0.0.1;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: fmdownloader@gmail.com:1.0.0
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.3.3
FF - prefs.js..network.proxy.http: "93.123.45.23"
FF - prefs.js..network.proxy.http_port: 8008
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.04.13 04:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2011.12.31 17:31:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 20:24:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.10 20:24:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.07.07 18:23:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\Extensions
[2012.10.12 01:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\m17vktlk.default\extensions
[2012.09.16 22:31:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Hannes\AppData\Roaming\mozilla\Firefox\Profiles\m17vktlk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.10.12 01:41:01 | 000,184,864 | ---- | M] () (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\firefox\profiles\m17vktlk.default\extensions\stealthyextension@gmail.com.xpi
[2012.10.01 01:08:24 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Hannes\AppData\Roaming\mozilla\firefox\profiles\m17vktlk.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.09.10 20:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.10 20:24:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2011.12.31 17:31:53 | 000,000,000 | ---D | M] (Freemake Video Downloader Plugin) -- C:\PROGRAM FILES (X86)\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX
[2012.09.10 20:24:41 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 20:22:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 20:10:33 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.28 20:22:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.28 20:22:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.28 20:22:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.28 20:22:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\SysNative\SBAVMon.dll (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\Telekom\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun File not found
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Hannes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Hannes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3038508100-2890377417-1923366057-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3038508100-2890377417-1923366057-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3038508100-2890377417-1923366057-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000011 [] - C:\Windows\system32\nspj7uz8.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{380389F5-1978-4D2C-A1F6-97676C386414}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BDF45EB-8281-455E-BA7F-B7FBF93FE4CB}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DE7CF3B-4145-4F90-A36B-2EF8955EFA1C}: DhcpNameServer = 10.74.210.210 10.74.210.211
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFECACB9-5D82-4CB3-99CD-0C1982721848}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\Utilman.exe: Debugger - C:\Windows\SysNative\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\Utilman.exe: Debugger - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3402b491-a745-11e1-bf6c-14dae93eef71}\Shell - "" = AutoRun
O33 - MountPoints2\{3402b491-a745-11e1-bf6c-14dae93eef71}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3402b497-a745-11e1-bf6c-14dae93eef71}\Shell - "" = AutoRun
O33 - MountPoints2\{3402b497-a745-11e1-bf6c-14dae93eef71}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3905068d-af84-11e1-9356-14dae93eef71}\Shell - "" = AutoRun
O33 - MountPoints2\{3905068d-af84-11e1-9356-14dae93eef71}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5c850714-df5d-11e1-86d0-14dae93eef71}\Shell - "" = AutoRun
O33 - MountPoints2\{5c850714-df5d-11e1-86d0-14dae93eef71}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6818d084-b314-11e1-8293-14dae93eef71}\Shell - "" = AutoRun
O33 - MountPoints2\{6818d084-b314-11e1-8293-14dae93eef71}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ee16af77-3a34-11e1-8e6d-14dae93eef71}\Shell - "" = AutoRun
O33 - MountPoints2\{ee16af77-3a34-11e1-8e6d-14dae93eef71}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ee16af84-3a34-11e1-8e6d-14dae93eef71}\Shell - "" = AutoRun
O33 - MountPoints2\{ee16af84-3a34-11e1-8e6d-14dae93eef71}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.16 20:54:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.16 20:53:38 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Hannes\Desktop\esetsmartinstaller_enu.exe
[2012.10.16 09:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.10.15 21:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.10.15 21:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.15 20:53:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe
[2012.10.15 18:41:47 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\Malwarebytes
[2012.10.15 18:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.15 18:41:34 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.15 18:41:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.10.15 18:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.15 18:34:55 | 000,000,000 | ---D | C] -- C:\Users\Hannes\Desktop\maurice
[2012.10.15 18:08:11 | 000,000,000 | ---D | C] -- C:\PPF_Scan2
[2012.10.15 13:29:59 | 000,000,000 | ---D | C] -- C:\PPFScan
[2012.10.15 10:51:46 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\AVG2013
[2012.10.15 10:47:40 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\TuneUp Software
[2012.10.15 10:47:09 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012.10.15 10:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012.10.15 10:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012.10.15 10:43:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.10.15 10:43:15 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Local\MFAData
[2012.10.15 10:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.10.15 10:43:15 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Local\Avg2013
[2012.10.15 02:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2012.10.15 01:46:55 | 001,036,288 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Hannes\AppData\Roaming\Vwgkgf.exe.old
[2012.10.15 00:47:33 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.10.15 00:47:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.10.15 00:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.10.05 21:45:09 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Roaming\GoforFiles
[2012.10.05 03:26:22 | 000,111,456 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012.10.02 03:30:38 | 000,185,696 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2012.09.25 18:56:12 | 000,000,000 | ---D | C] -- C:\Users\Hannes\Documents\Native Instruments
[2012.09.25 18:37:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7707EA53-E29B-48FC-B28B-C8EE171EA0EB}
[2012.09.25 18:35:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments
[2012.09.25 18:35:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A2A4D724-2D08-46E4-BAA8-EC9EE875D133}
[2012.09.25 18:35:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}
[2012.09.25 18:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2012.09.25 18:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2012.09.25 18:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2012.09.25 18:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2012.09.24 15:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.09.24 15:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.09.24 15:50:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.09.24 15:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.09.24 15:50:22 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.09.24 07:58:54 | 000,000,000 | ---D | C] -- C:\Users\Hannes\AppData\Local\ElevatedDiagnostics
[2012.09.21 03:46:04 | 000,200,032 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2012.09.21 03:46:00 | 000,225,120 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2012.09.21 03:45:50 | 000,061,792 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.18 17:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.18 10:55:00 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012.10.18 10:12:34 | 000,018,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.18 10:12:34 | 000,018,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.18 10:04:45 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012.10.18 10:04:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.18 10:04:20 | 3152,203,776 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.17 18:29:21 | 000,538,941 | ---- | M] () -- C:\Users\Hannes\Desktop\adwcleaner.exe
[2012.10.17 18:15:17 | 010,215,277 | ---- | M] () -- C:\Users\Hannes\Desktop\prezentacja2012.ppsx
[2012.10.16 22:00:02 | 005,142,464 | ---- | M] () -- C:\Users\Hannes\Desktop\R.I.O. feat. U-Jean - Animal (PH Electro Radio Edit) (Official Video HD).mp3
[2012.10.16 20:53:38 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Hannes\Desktop\esetsmartinstaller_enu.exe
[2012.10.16 20:45:38 | 017,434,899 | ---- | M] () -- C:\Users\Hannes\Desktop\IMG_0985.MOV
[2012.10.16 09:32:34 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.10.15 22:03:52 | 123,434,612 | ---- | M] () -- C:\Users\Hannes\Desktop\IMG_0983.mpg
[2012.10.15 21:24:38 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.15 20:53:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hannes\Desktop\OTL.exe
[2012.10.15 18:41:35 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.15 13:29:38 | 006,170,946 | ---- | M] () -- C:\PPFScan.zip
[2012.10.15 10:53:28 | 000,001,391 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.10.15 10:53:27 | 000,002,250 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.10.15 10:41:04 | 000,006,904 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012.10.15 01:46:58 | 000,076,288 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\56F0.exe
[2012.10.15 01:46:55 | 001,036,288 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Hannes\AppData\Roaming\Vwgkgf.exe.old
[2012.10.15 01:39:47 | 000,076,288 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\C3B6.exe
[2012.10.15 00:56:33 | 000,076,288 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\2E9E.exe
[2012.10.15 00:47:33 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.10.15 00:34:26 | 000,076,288 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\EFC9.exe
[2012.10.15 00:16:11 | 000,076,288 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\3790.exe
[2012.10.14 23:54:15 | 000,076,288 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\2602.exe
[2012.10.14 22:38:02 | 000,091,136 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\5EAC.exe
[2012.10.14 22:20:15 | 000,091,136 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\1452.exe
[2012.10.14 22:02:57 | 000,091,136 | ---- | M] () -- C:\Users\Hannes\AppData\Roaming\3FD4.exe
[2012.10.12 21:32:10 | 003,255,641 | ---- | M] () -- C:\Users\Hannes\Desktop\Linkin Park - Castle of Glass.mp3
[2012.10.05 16:50:32 | 000,054,039 | ---- | M] () -- C:\Users\Hannes\.recently-used.xbel
[2012.10.05 03:26:22 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012.10.02 17:35:17 | 001,531,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.02 17:35:17 | 000,666,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.02 17:35:17 | 000,628,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.02 17:35:17 | 000,134,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.02 17:35:17 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2012.10.01 21:56:54 | 000,015,477 | ---- | M] () -- C:\Users\Hannes\Desktop\relativ.odt
[2012.09.30 01:43:59 | 000,518,876 | ---- | M] () -- C:\Users\Hannes\Desktop\Kreise ziehen_Main1.pdf
[2012.09.29 17:17:29 | 000,283,745 | ---- | M] () -- C:\Users\Hannes\Desktop\screen_aragon.jpg
[2012.09.28 22:15:46 | 000,000,023 | ---- | M] () -- C:\Windows\Telemax.cfg
[2012.09.26 23:50:45 | 003,257,187 | ---- | M] () -- C:\Users\Hannes\Desktop\Filterfunk - S.O.S. (Message in a bottle).mp3
[2012.09.26 18:14:00 | 000,072,320 | ---- | M] () -- C:\Users\Hannes\Desktop\screen.jpg
[2012.09.25 18:37:05 | 000,001,004 | ---- | M] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2012.09.24 15:51:26 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2012.09.21 03:45:50 | 000,061,792 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.17 18:29:20 | 000,538,941 | ---- | C] () -- C:\Users\Hannes\Desktop\adwcleaner.exe
[2012.10.17 18:15:04 | 010,215,277 | ---- | C] () -- C:\Users\Hannes\Desktop\prezentacja2012.ppsx
[2012.10.16 21:59:18 | 005,142,464 | ---- | C] () -- C:\Users\Hannes\Desktop\R.I.O. feat. U-Jean - Animal (PH Electro Radio Edit) (Official Video HD).mp3
[2012.10.15 21:24:38 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.15 18:41:35 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.15 13:29:30 | 006,170,946 | ---- | C] () -- C:\PPFScan.zip
[2012.10.15 10:47:40 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.10.15 03:58:59 | 000,006,904 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012.10.15 01:46:58 | 000,076,288 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\56F0.exe
[2012.10.15 01:39:47 | 000,076,288 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\C3B6.exe
[2012.10.15 00:56:33 | 000,076,288 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\2E9E.exe
[2012.10.15 00:47:33 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.10.15 00:34:26 | 000,076,288 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\EFC9.exe
[2012.10.15 00:16:11 | 000,076,288 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\3790.exe
[2012.10.14 23:54:15 | 000,076,288 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\2602.exe
[2012.10.14 22:38:02 | 000,091,136 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\5EAC.exe
[2012.10.14 22:20:15 | 000,091,136 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\1452.exe
[2012.10.14 22:02:57 | 000,091,136 | ---- | C] () -- C:\Users\Hannes\AppData\Roaming\3FD4.exe
[2012.10.12 21:32:02 | 003,255,641 | ---- | C] () -- C:\Users\Hannes\Desktop\Linkin Park - Castle of Glass.mp3
[2012.10.05 16:50:32 | 000,054,039 | ---- | C] () -- C:\Users\Hannes\.recently-used.xbel
[2012.10.01 21:56:53 | 000,015,477 | ---- | C] () -- C:\Users\Hannes\Desktop\relativ.odt
[2012.09.30 01:43:59 | 000,518,876 | ---- | C] () -- C:\Users\Hannes\Desktop\Kreise ziehen_Main1.pdf
[2012.09.29 17:17:28 | 000,283,745 | ---- | C] () -- C:\Users\Hannes\Desktop\screen_aragon.jpg
[2012.09.26 23:50:39 | 003,257,187 | ---- | C] () -- C:\Users\Hannes\Desktop\Filterfunk - S.O.S. (Message in a bottle).mp3
[2012.09.26 21:21:24 | 004,596,611 | ---- | C] () -- C:\Users\Hannes\Desktop\O Holy Night.mp3
[2012.09.26 18:14:00 | 000,072,320 | ---- | C] () -- C:\Users\Hannes\Desktop\screen.jpg
[2012.09.25 18:37:05 | 000,001,004 | ---- | C] () -- C:\Users\Public\Desktop\Traktor 2.lnk
[2012.09.24 15:51:26 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.01 18:36:16 | 000,001,352 | ---- | C] () -- C:\ProgramData\CfSB1090.ini
[2012.01.01 18:36:16 | 000,001,352 | ---- | C] () -- C:\ProgramData\CfSB0910.ini
[2012.01.01 18:36:16 | 000,001,302 | ---- | C] () -- C:\ProgramData\CfSB0300.ini
[2012.01.01 18:36:16 | 000,001,282 | ---- | C] () -- C:\ProgramData\CfSB0471.ini
[2012.01.01 18:36:16 | 000,001,208 | ---- | C] () -- C:\ProgramData\CfSB0490.ini
[2012.01.01 18:36:16 | 000,001,027 | ---- | C] () -- C:\ProgramData\CfSB0560.ini
[2012.01.01 18:36:16 | 000,001,026 | ---- | C] () -- C:\ProgramData\CfSB0271.ini
[2012.01.01 18:36:16 | 000,001,026 | ---- | C] () -- C:\ProgramData\CfSB0270.ini
[2011.12.28 21:58:49 | 000,001,320 | ---- | C] () -- C:\Users\Hannes\.xmlcopyeditor
[2011.12.26 11:57:01 | 001,557,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.25 23:18:29 | 000,000,023 | ---- | C] () -- C:\Windows\AIM_LANGUAGE.INI
[2011.12.25 23:18:26 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\glut32.dll
[2011.08.01 22:10:25 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011.08.01 22:10:21 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2011.08.01 22:10:21 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2011.08.01 22:05:52 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.05.31 05:23:33 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.31 05:23:31 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.31 05:23:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.06.16 13:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.16 09:32:33 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012.10.16 09:32:33 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012.03.13 14:08:02 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\AnvSoft
[2011.12.25 20:51:53 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\ASUS WebStorage
[2012.09.24 19:47:46 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Audacity
[2012.10.15 10:51:46 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\AVG2013
[2011.12.28 19:39:50 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Capcom
[2012.10.18 10:06:24 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Dropbox
[2012.02.19 20:06:37 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\DVDVideoSoft
[2012.09.11 15:06:44 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\FileZilla
[2012.10.05 21:45:09 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\GoforFiles
[2012.10.05 16:50:32 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\gtk-2.0
[2012.08.15 10:12:55 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\MAGIX
[2011.12.27 20:35:54 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Nuance
[2012.02.26 22:03:35 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Pamela
[2012.10.05 15:01:01 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\SoftGrid Client
[2012.01.08 22:13:36 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Telekom
[2012.01.08 22:29:42 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Telekom Internet Manager
[2011.12.26 11:57:51 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\TP
[2012.09.05 00:02:38 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\TS3Client
[2012.10.15 10:47:40 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\TuneUp Software
[2012.05.26 18:34:03 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Vodafone
[2011.12.26 15:49:02 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Windows Live Writer
[2012.09.04 23:09:21 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\XnView
[2011.12.27 20:35:51 | 000,000,000 | ---D | M] -- C:\Users\Hannes\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 5
"ProviderFileName0" = unimdm.tsp -- [2010.11.20 14:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 4
 
< HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 5
"ProviderFileName0" = unimdm.tsp -- [2010.11.20 14:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 4
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters >
"ServiceDll" = %SystemRoot%\System32\wkssvc.dll
"ServiceDllUnloadOnStop" = 1
"EnablePlainTextPassword" = 0
"EnableSecuritySignature" = 1
"RequireSecuritySignature" = 0
"OtherDomains" =  [binary data]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S >
"DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101
"Group" = TDI
"ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\dnsapi.dll,-102
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = Tdxnsi [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00  [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll" = %SystemRoot%\System32\pouaavei8.dll
"ServiceDllUnloadOnStop" = 1
"extension" = %SystemRoot%\System32\dnsext.dll
"ServiceMain" = SetAccessPolicy
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache]
"ShutdownOnIdle" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security]
"Security" = 01 00 14 80 F8 00 00 00 04 01 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 C8 00 08 00 00 00 00 02 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 02 28 00 CD 01 02 00 01 06 00 00 00 00 00 05 50 00 00 00 04 C9 44 AF 94 D9 D3 E5 2B E1 B7 1C 17 84 87 13 6E 1A FA 65 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00  [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0]
"Type" = 4
"Action" = 1
"GUID" = 07 9E 56 B7 21 84 E0 4E AD 10 86 91 5A FD AD 09  [binary data]
"Data0" = 5355UDP [binary data]
"DataType0" = 2
 
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost >
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes]
"LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes]
"LocalServiceNoNetwork" = PLA [binary data] -- [2010.11.20 14:20:56 | 001,508,864 | ---- | M] (Microsoft Corporation)
"rpcss" = RpcSs [binary data]
"LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
"Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data]
"Update-Service" = Update-Service [binary data]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc]
 
< HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost >
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes]
"LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes]
"LocalServiceNoNetwork" = PLA [binary data] -- [2010.11.20 14:20:56 | 001,508,864 | ---- | M] (Microsoft Corporation)
"rpcss" = RpcSs [binary data]
"LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
"Update-Service-Installer-Service" = Update-Service-Installer-Service [binary data]
"Update-Service" = Update-Service [binary data]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkService]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\termsvcs]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\wcssvc]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com >
 
< %SystemRoot%\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %SystemRoot%\system32\*.tsp /64 >
[2009.07.14 03:38:54 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\hidphone.tsp
[2009.07.14 03:38:54 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kmddsp.tsp
[2009.07.14 03:38:54 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ndptsp.tsp
[2009.07.14 03:38:54 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\remotesp.tsp
[2010.11.20 15:24:26 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\unimdm.tsp
 
< C:\Windows\system32\*.dll /360 >
[2012.08.20 19:32:12 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2012.08.20 19:32:13 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 19:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2012.08.20 19:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2012.08.20 19:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.08.20 19:32:13 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
[2012.08.20 19:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2012.08.20 19:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.08.20 17:33:28 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.08.20 17:33:28 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
[2012.08.20 17:33:28 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2012.08.20 17:33:28 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdosys.dll
[2012.06.02 06:36:29 | 001,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2012.06.02 06:36:29 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll
[2012.06.02 06:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll
[2012.08.02 18:57:20 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll
[2012.09.05 14:35:01 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\system32\deployJava1.dll
[2012.03.03 07:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll
[2012.08.21 13:01:20 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\Windows\system32\GEARAspi.dll
[2012.08.24 09:03:49 | 009,738,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2012.08.24 08:44:35 | 001,793,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2012.08.24 08:40:11 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2012.03.01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll
[2012.08.24 08:47:36 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
[2012.08.24 08:59:17 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll
[2012.08.24 08:48:38 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2012.08.11 01:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll
[2012.08.20 19:37:18 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll
[2012.08.20 19:37:18 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll
[2012.08.24 08:45:46 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2012.08.24 09:27:00 | 012,319,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2012.08.24 08:44:10 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll
[2011.12.16 09:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcrt.dll
[2012.06.06 07:05:52 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2012.06.06 07:05:52 | 001,390,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2012.06.02 06:39:10 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2012.09.05 14:35:01 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\system32\npdeployJava1.dll
[2011.11.17 07:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll
[2012.01.04 10:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntshrui.dll
[2012.08.20 19:40:21 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntvdm64.dll
[2011.11.19 16:01:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\packager.dll
[2011.10.26 06:32:11 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll
[2011.10.26 06:32:11 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\quartz.dll
[2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcore.dll
[2012.02.27 11:22:12 | 000,158,208 | ---- | M] (Scendix Software-Vertriebsges. mbH) -- C:\Windows\system32\RemoteControl.dll
[2012.06.02 06:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2012.06.02 06:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll
[2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2012.05.26 18:33:08 | 000,008,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\SpOrder.dll
[2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\srclient.dll
[2012.06.02 06:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll
[2012.09.14 20:28:53 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2011.12.26 11:43:59 | 000,114,000 | ---- | M] (Joosoft.com GmbH) -- C:\Windows\system32\UpdSvc.dll
[2012.08.24 08:49:57 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2012.08.24 08:51:50 | 001,103,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2012.08.24 08:47:12 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2011.11.17 07:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webio.dll
[2012.02.11 07:43:49 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll
[2012.08.24 08:51:27 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2012.08.24 18:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2012.03.01 07:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll
[2012.08.20 19:37:19 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wow32.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.01.22 18:02:21 | 000,000,266 | ---- | C] () -- C:\Windows\Tasks\AutoKMS.job
[2012.06.26 10:05:53 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< C:\Windows\SysNative\*.dll /360 >
[2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.08.20 20:38:31 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.08.20 20:38:31 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.08.20 20:38:31 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.08.20 20:38:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 20:38:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.08.20 20:38:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.08.20 20:38:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.08.20 20:38:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.08.20 20:38:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.08.20 20:38:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.08.20 20:38:32 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.08.20 20:38:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.08.20 20:38:32 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.08.20 20:38:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.08.20 20:38:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.08.20 20:38:32 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.08.20 20:38:32 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.08.20 20:38:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.08.20 20:38:32 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.08.20 20:38:32 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.07.05 00:13:27 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.07.05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browser.dll
[2012.06.06 08:02:54 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.06.02 07:41:27 | 001,464,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.02 07:41:28 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.02 07:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsvc.dll
[2011.10.26 07:21:20 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012.08.02 19:58:52 | 000,574,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.03.03 08:35:38 | 001,544,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.08.21 13:01:20 | 000,125,872 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012.08.24 12:39:42 | 010,925,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2012.08.24 12:12:04 | 002,144,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2012.08.24 12:04:06 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.03.01 08:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.08.24 12:14:34 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.08.24 12:31:32 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.08.24 12:17:03 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2012.08.11 02:56:03 | 000,715,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kerberos.dll
[2012.08.20 20:48:35 | 001,162,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.08.20 20:48:35 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.05.14 07:26:34 | 000,956,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2011.11.17 08:35:19 | 001,447,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.08.24 12:11:57 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.08.24 13:15:45 | 017,810,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2012.08.24 12:10:14 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.07 14:31:40 | 003,216,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2011.12.16 10:46:06 | 000,634,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.06.06 08:06:16 | 001,881,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3.dll
[2012.06.06 08:06:16 | 002,004,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6.dll
[2012.06.02 07:44:21 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.05 00:16:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2011.11.17 08:41:18 | 001,731,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.04 12:44:20 | 000,509,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.08.20 20:48:37 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011.11.19 16:58:00 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.05.01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\profsvc.dll
[2011.10.26 07:25:15 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2011.10.26 07:25:16 | 001,572,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.02.17 08:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.04.26 07:41:55 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.04.26 07:41:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.02 07:45:31 | 000,340,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\schannel.dll
[2011.11.17 08:35:25 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shell32.dll
[2012.05.05 10:36:55 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2011.11.17 08:35:26 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2011.11.17 08:35:26 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.09.14 21:19:29 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tzres.dll
[2012.08.24 12:18:46 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.08.24 12:22:46 | 001,346,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2012.07.09 13:42:56 | 004,547,984 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll
[2012.08.24 12:13:29 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.11.17 08:35:28 | 000,395,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.02.11 08:43:47 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012.08.24 12:21:18 | 001,392,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2012.08.20 20:48:43 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.08.24 20:05:07 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.03.01 08:28:47 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmi.dll
[2012.08.20 20:48:44 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.08.20 20:48:44 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.08.20 20:48:44 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuaueng.dll
[2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
 
< C:\Windows\SysWOW64\*.dll /360 >
[2012.08.20 19:32:12 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
[2012.08.20 19:32:13 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.08.20 19:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
[2012.08.20 19:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
[2012.08.20 19:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.08.20 19:32:13 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.08.20 19:32:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
[2012.08.20 19:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
[2012.08.20 19:32:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.08.20 17:33:28 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.08.20 17:33:28 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
[2012.08.20 17:33:28 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
[2012.08.20 17:33:28 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\browcli.dll
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cdosys.dll
[2012.06.02 06:36:29 | 001,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
[2012.06.02 06:36:29 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll
[2012.06.02 06:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsvc.dll
[2012.08.02 18:57:20 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10level9.dll
[2012.09.05 14:35:01 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\deployJava1.dll
[2012.03.03 07:31:19 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll
[2012.08.21 13:01:20 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysWOW64\GEARAspi.dll
[2012.08.24 09:03:49 | 009,738,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll
[2012.08.24 08:44:35 | 001,793,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
[2012.08.24 08:40:11 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieui.dll
[2012.03.01 07:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
[2012.08.24 08:47:36 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript.dll
[2012.08.24 08:59:17 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript9.dll
[2012.08.24 08:48:38 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jsproxy.dll
[2012.08.11 01:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kerberos.dll
[2012.08.20 19:37:18 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
[2012.08.20 19:37:18 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
[2012.08.24 08:45:46 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msfeeds.dll
[2012.08.24 09:27:00 | 012,319,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtml.dll
[2012.08.24 08:44:10 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmled.dll
[2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
[2011.12.16 09:52:58 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcrt.dll
[2012.06.06 07:05:52 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3.dll
[2012.06.06 07:05:52 | 001,390,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml6.dll
[2012.06.02 06:39:10 | 000,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll
[2012.09.05 14:35:01 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\npdeployJava1.dll
[2011.11.17 07:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntdll.dll
[2012.01.04 10:58:41 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
[2012.08.20 19:40:21 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntvdm64.dll
[2011.11.19 16:01:00 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\packager.dll
[2011.10.26 06:32:11 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\qdvd.dll
[2011.10.26 06:32:11 | 001,328,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\quartz.dll
[2012.02.17 07:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rdpcore.dll
[2012.02.27 11:22:12 | 000,158,208 | ---- | M] (Scendix Software-Vertriebsges. mbH) -- C:\Windows\SysWOW64\RemoteControl.dll
[2012.06.02 06:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll
[2012.06.02 06:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
[2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
[2012.05.26 18:33:08 | 000,008,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SpOrder.dll
[2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
[2012.06.02 06:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
[2012.09.14 20:28:53 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\tzres.dll
[2011.12.26 11:43:59 | 000,114,000 | ---- | M] (Joosoft.com GmbH) -- C:\Windows\SysWOW64\UpdSvc.dll
[2012.08.24 08:49:57 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\url.dll
[2012.08.24 08:51:50 | 001,103,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
[2012.08.24 08:47:12 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vbscript.dll
[2011.11.17 07:35:02 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webio.dll
[2012.02.11 07:43:49 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\win32spl.dll
[2012.08.24 08:51:27 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
[2012.08.24 18:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
[2012.03.01 07:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wmi.dll
[2012.08.20 19:37:19 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wow32.dll
[2 C:\Windows\SysWOW64\*.tmp files -> C:\Windows\SysWOW64\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 173 bytes -> C:\ProgramData\Temp:FB1B13D8
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:52DBE86F

< End of report >

cosinus · 18.10.2012, 19:49

Beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
SRV - (Update-Service) -- C:\Windows\SysWOW64\UpdSvc.dll (Joosoft.com GmbH)
[2011.12.26 11:43:59 | 000,114,000 | ---- | M] (Joosoft.com GmbH) -- C:\Windows\system32\UpdSvc.dll

:Reg
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
"Update-Service-Installer-Service"=-
"Update-Service"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"Update-Service-Installer-Service"=-
"Update-Service"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  64,00,6e,00,73,00,72,00,73,00,6c,00,76,00,72,00,2e,00,64,00,6c,00,6c,00,00,\
  00

:Commands
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Damien91 · 18.10.2012, 21:31

10182012_222306.txt

Code:

ATTFilter

All processes killed
========== OTL ==========
Service Update-Service stopped successfully!
Service Update-Service deleted successfully!
C:\Windows\SysWOW64\UpdSvc.dll moved successfully.
File C:\Windows\system32\UpdSvc.dll not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\\Update-Service-Installer-Service deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\\Update-Service deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\\Update-Service-Installer-Service not found.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\\Update-Service not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,6e,00,73,00,72,00,73,00,6c,00,76,00,72,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Hannes
->Temp folder emptied: 598221 bytes
->Temporary Internet Files folder emptied: 8116005 bytes
->Java cache emptied: 1401765 bytes
->FireFox cache emptied: 735495756 bytes
->Flash cache emptied: 48306 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1564672 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 522392 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 790070172 bytes
 
Total Files Cleaned = 1.467,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10182012_222306

Files\Folders moved on Reboot...
C:\Users\Hannes\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...