| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Verschlüsselungstrojaner e621ca05Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
12.11.2012, 22:26
| #1 |
 |  Verschlüsselungstrojaner e621ca05 Hallo zusammen, ich habe auf allen meinen externen Festplatten nur noch Verknüpfungen zu den Ordnern. Malwarebytes hat mir einen Trojaner gemeldet den ich dann gelöscht habe. Fortan waren die Verknüpfungen nicht mehr zu öffnen (da die Verknüpfung auf den Trjojaner verweist der im Ordner RECYCLER abgelegt war) Dann habe ich die Ordner über die Ordneroptionen wieder sichtbar gemacht. (Eigentlich so wie hier beschrieben: http://www.trojaner-board.de/59624-a...-sichtbar.html) Die Ordner sind jetzt also wieder sichtbar, die Dateien kann ich auch öffnen. Jetzt zu meinem eigentlichen Problem. Ich weiß nicht wie ich aus den Ordnern wieder normale Ordner mache. Ich habe vor kurzem aus versehen etwas von der Festplatte gelöscht, das wollte ich jetzt wiederherstellen. Aber Recuva sowie PC Inspector stellt mir nur die alten Verknüpfungen (auf den Trojaner) wieder her. Daher bin ich mir auch nicht sicher ob mein PC nun Trojanerfrei ist oder nicht (Scan von Alvira und Malwarebytes sagt ja) Wäre sehr nett wenn sich jemand meinem Problem annehmen könnte  OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.11.2012 22:35:59 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Johanna\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 52,05% Memory free 7,60 Gb Paging File | 5,41 Gb Available in Paging File | 71,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,73 Gb Total Space | 2,21 Gb Free Space | 4,54% Space Free | Partition Type: NTFS Drive D: | 6,99 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 416,93 Gb Total Space | 204,06 Gb Free Space | 48,94% Space Free | Partition Type: NTFS Drive F: | 153,38 Gb Total Space | 26,53 Gb Free Space | 17,29% Space Free | Partition Type: NTFS Drive H: | 4,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive I: | 3,72 Gb Total Space | 2,50 Gb Free Space | 67,12% Space Free | Partition Type: FAT32 Drive J: | 465,76 Gb Total Space | 448,97 Gb Free Space | 96,40% Space Free | Partition Type: NTFS Drive L: | 931,51 Gb Total Space | 521,12 Gb Free Space | 55,94% Space Free | Partition Type: NTFS Computer Name: EMIL | User Name: Johanna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.12 22:33:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe PRC - [2012.10.30 09:12:30 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.30 09:12:06 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.10.30 09:12:06 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.22 08:39:20 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.21 18:55:04 | 010,855,544 | ---- | M] (SugarSync, Inc.) -- C:\Program Files (x86)\SugarSync\SugarSyncManager.exe PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.09.05 18:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2011.08.20 18:05:44 | 000,048,618 | ---- | M] (The Pidgin developer community) -- C:\Program Files (x86)\Pidgin\pidgin.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2011.05.12 13:06:00 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2011.05.04 14:14:38 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011.01.25 09:48:30 | 000,380,416 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe PRC - [2010.07.04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe PRC - [2009.11.01 17:04:50 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.11.01 17:04:44 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.10.09 21:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe PRC - [2009.10.08 20:44:54 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe PRC - [2009.09.23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe ========== Modules (No Company Name) ========== MOD - [2012.05.13 17:16:25 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012.05.13 17:15:27 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.13 17:15:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.13 17:15:19 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.13 17:15:00 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.11.10 14:20:04 | 000,090,496 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll MOD - [2011.11.10 14:20:03 | 000,904,525 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll MOD - [2011.11.10 14:20:03 | 000,535,264 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll MOD - [2011.11.10 14:20:03 | 000,482,872 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libgio-2.0-0.dll MOD - [2011.11.10 14:20:03 | 000,279,059 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll MOD - [2011.11.10 14:20:03 | 000,219,305 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll MOD - [2011.11.10 14:20:03 | 000,143,096 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll MOD - [2011.11.10 14:20:03 | 000,095,189 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll MOD - [2011.11.10 14:20:03 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll MOD - [2011.09.05 18:05:06 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu MOD - [2011.08.20 18:05:44 | 000,325,180 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libjabber.dll MOD - [2011.08.20 18:05:44 | 000,288,309 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmsn.dll MOD - [2011.08.20 18:05:44 | 000,251,285 | ---- | M] () -- C:\Program Files (x86)\Pidgin\liboscar.dll MOD - [2011.08.20 18:05:44 | 000,190,214 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libymsg.dll MOD - [2011.08.20 18:05:44 | 000,180,516 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libgg.dll MOD - [2011.08.20 18:05:44 | 000,147,158 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsilc.dll MOD - [2011.08.20 18:05:44 | 000,119,368 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmxit.dll MOD - [2011.08.20 18:05:44 | 000,093,250 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsametime.dll MOD - [2011.08.20 18:05:44 | 000,087,918 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libnovell.dll MOD - [2011.08.20 18:05:44 | 000,086,376 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll MOD - [2011.08.20 18:05:44 | 000,075,085 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libirc.dll MOD - [2011.08.20 18:05:44 | 000,070,345 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll MOD - [2011.08.20 18:05:44 | 000,061,569 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\spellchk.dll MOD - [2011.08.20 18:05:44 | 000,043,176 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsimple.dll MOD - [2011.08.20 18:05:44 | 000,038,873 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\log_reader.dll MOD - [2011.08.20 18:05:44 | 000,033,896 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll MOD - [2011.08.20 18:05:44 | 000,029,185 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll MOD - [2011.08.20 18:05:44 | 000,023,339 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\themeedit.dll MOD - [2011.08.20 18:05:44 | 000,022,446 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ticker.dll MOD - [2011.08.20 18:05:44 | 000,022,242 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll MOD - [2011.08.20 18:05:44 | 000,021,753 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll MOD - [2011.08.20 18:05:44 | 000,021,709 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\winprefs.dll MOD - [2011.08.20 18:05:44 | 000,021,699 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\notify.dll MOD - [2011.08.20 18:05:44 | 000,018,706 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll MOD - [2011.08.20 18:05:44 | 000,017,910 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\convcolors.dll MOD - [2011.08.20 18:05:44 | 000,016,371 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll MOD - [2011.08.20 18:05:44 | 000,016,330 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll MOD - [2011.08.20 18:05:44 | 000,016,291 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll MOD - [2011.08.20 18:05:44 | 000,014,269 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\markerline.dll MOD - [2011.08.20 18:05:44 | 000,013,426 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll MOD - [2011.08.20 18:05:44 | 000,013,291 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll MOD - [2011.08.20 18:05:44 | 000,012,953 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp.dll MOD - [2011.08.20 18:05:44 | 000,012,380 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\history.dll MOD - [2011.08.20 18:05:44 | 000,011,517 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\idle.dll MOD - [2011.08.20 18:05:44 | 000,011,029 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\joinpart.dll MOD - [2011.08.20 18:05:44 | 000,010,521 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll MOD - [2011.08.20 18:05:44 | 000,010,015 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libicq.dll MOD - [2011.08.20 18:05:44 | 000,009,712 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\extplacement.dll MOD - [2011.08.20 18:05:44 | 000,009,476 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\statenotify.dll MOD - [2011.08.20 18:05:44 | 000,009,084 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libaim.dll MOD - [2011.08.20 18:05:44 | 000,009,055 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll MOD - [2011.08.20 18:05:44 | 000,008,927 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\relnot.dll MOD - [2011.08.20 18:05:44 | 000,008,878 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\psychic.dll MOD - [2011.08.20 18:05:44 | 000,007,645 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll MOD - [2011.08.20 18:05:44 | 000,006,954 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\newline.dll MOD - [2011.08.20 18:05:44 | 000,006,875 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\iconaway.dll MOD - [2011.08.20 18:05:44 | 000,006,751 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\buddynote.dll MOD - [2011.08.20 18:05:44 | 000,006,526 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl.dll MOD - [2011.08.20 18:05:42 | 002,719,062 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll MOD - [2011.08.20 18:05:42 | 001,206,642 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilcclient-1-1-2.dll MOD - [2011.08.20 18:05:42 | 000,582,656 | ---- | M] () -- C:\Program Files (x86)\Pidgin\exchndl.dll MOD - [2011.08.20 18:05:42 | 000,475,580 | ---- | M] () -- C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll MOD - [2011.08.20 18:05:42 | 000,417,501 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sqlite3.dll MOD - [2011.08.20 18:05:42 | 000,173,805 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll MOD - [2011.08.20 18:05:40 | 001,213,633 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libxml2-2.dll MOD - [2011.05.12 13:06:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2011.05.12 13:06:00 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2011.05.12 13:06:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2011.05.12 13:06:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2011.05.12 13:06:00 | 000,385,024 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll MOD - [2011.05.12 13:06:00 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2011.05.12 13:06:00 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2011.05.12 13:06:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2011.01.25 09:48:30 | 000,380,416 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe MOD - [2010.11.21 04:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.07.04 22:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll MOD - [2010.07.04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe MOD - [2009.09.08 05:38:00 | 000,278,906 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libjson-glib-1.0.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.10.30 09:12:30 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.30 09:12:06 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.29 17:34:56 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.09 20:38:44 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.01.16 09:02:32 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.05.04 14:14:38 | 000,081,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2010.06.23 17:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Programme\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.24 12:43:40 | 000,145,840 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Programme\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService) SRV - [2009.11.01 17:04:50 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.11.01 17:04:44 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.07.30 10:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Programme\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.30 09:12:35 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.10.12 15:35:24 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2012.10.09 19:31:14 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.09.13 14:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.09 15:12:44 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.19 12:02:05 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.04.22 13:12:38 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.03.04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.12.18 11:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.11.27 05:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.11.01 17:04:44 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.10.26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.10.09 19:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.10.09 02:41:02 | 001,394,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.08 09:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2006.11.01 19:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3) DRV:64bit: - [2006.11.01 19:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1) DRV - [2012.03.09 15:12:44 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2011.01.18 23:16:38 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2010.07.04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0F67909D-4634-4BFB-A465-9CA9BEE6B796}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/" FF - prefs.js..extensions.enabledAddons: amznUWL2@amazon.com:1.10 FF - prefs.js..extensions.enabledAddons: de_DE@dicts.j3e.de:20120628 FF - prefs.js..extensions.enabledAddons: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledAddons: foxyproxy@eric.h.jung:4.0.2 FF - prefs.js..extensions.enabledAddons: next@scribefire.com:4.0 FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: {15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}:1.0.5 FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1 FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8 FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3 FF - prefs.js..extensions.enabledAddons: {F807FACD-E46A-4793-B345-D58CB177673C}:4.0.0.1 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4 FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: {76C80A11-FAD4-406c-8246-F5ED4F9367B5}:0.1.7 FF - prefs.js..keyword.URL: "hxxp://www.arccosine.com/search.php?q=" FF - prefs.js..network.proxy.backup.ftp: "proxy.fh-landshut.de" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.socks: "proxy.fh-landshut.de" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "proxy.fh-landshut.de" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "proxy.fh-landshut.de" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "proxy.fh-landshut.de" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "proxy.fh-landshut.de" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "proxy.fh-landshut.de" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Johanna\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Johanna\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Johanna\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Johanna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Johanna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.12.24 09:25:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.22 08:39:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 17:34:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.12 00:55:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 17:34:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.24 17:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Extensions [2012.01.24 17:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2012.11.12 21:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions [2012.10.05 13:17:32 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012.10.19 13:38:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.12.07 16:37:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.10.05 13:17:07 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\de_DE@dicts.j3e.de [2012.10.05 13:17:07 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\en-GB@dictionaries.addons.mozilla.org [2012.10.14 23:01:39 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\foxyproxy@eric.h.jung [2012.10.05 13:17:06 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\amznUWL2@amazon.com.xpi [2012.10.03 15:20:56 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\extension@ciuvo.com.xpi [2012.10.18 11:02:41 | 000,215,605 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\fbdislike@doweb.fr.xpi [2012.10.05 13:17:29 | 000,580,931 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\next@scribefire.com.xpi [2011.11.10 14:52:57 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\personas@christopher.beard.xpi [2012.10.25 21:44:20 | 000,431,213 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\shoppingassist@ookong.com.xpi [2012.10.17 11:02:40 | 000,071,037 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\SkipScreen@SkipScreen.xpi [2012.03.16 19:03:45 | 000,023,334 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\trustmyweb.addons.firefox@hotmail.com.xpi [2011.12.07 16:32:53 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\youtube2mp3@mondayx.de.xpi [2012.03.16 18:58:25 | 000,035,923 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi [2011.11.10 14:50:54 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2011.11.12 12:14:35 | 000,162,610 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{45e16761-660c-41a4-984f-56986fba2137}.xpi [2012.10.30 23:37:05 | 000,009,664 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}.xpi [2012.10.03 15:21:04 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.05 13:17:34 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012.10.19 13:38:54 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.10.05 13:17:41 | 000,529,750 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}.xpi [2012.11.12 21:54:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.29 17:34:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.11.03 10:31:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.10.22 08:39:47 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2012.10.29 17:34:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.18 09:05:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.09 18:01:50 | 000,005,142 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\arccosine.xml [2012.10.18 09:05:59 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.18 09:05:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.18 09:05:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.18 09:05:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.18 09:05:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc) O4:64bit: - HKLM..\Run: [CSRBIP] C:\Programme\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe (CSR, plc) O4:64bit: - HKLM..\Run: [CSRSkype] C:\Programme\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc) O4:64bit: - HKLM..\Run: [FDM7] C:\Programme\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [PSUTility] C:\Programme\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe () O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [Facebook Update] C:\Users\Johanna\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKCU..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.) O4 - Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Diplomarbeit - Verknüpfung.lnk = E:\Dokumente\Diplomarbeit [2012.11.12 22:15:04 | 000,000,000 | ---D | M] O4 - Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{315BF060-8F0E-4CE1-8E4A-12D68A3418A9}: DhcpNameServer = 83.169.184.161 83.169.184.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39106C85-56AD-4448-A429-DB2D0B2268AB}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEAD2434-03C8-487F-A89B-C482A173740A}: DhcpNameServer = 192.168.42.129 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{f4042747-0b8e-11e1-bf1b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f4042747-0b8e-11e1-bf1b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe O33 - MountPoints2\{f4042747-0b8e-11e1-bf1b-806e6f6e6963}\Shell\option1\command - "" = D:\deskupdate\DeskUpdate.exe O33 - MountPoints2\{f4042747-0b8e-11e1-bf1b-806e6f6e6963}\Shell\support\command - "" = D:\deskupdate\support.bat O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.12 22:34:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe [2012.11.09 12:20:02 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\Kontoauszüge [2012.11.08 18:05:38 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\dvdcss [2012.11.08 13:37:44 | 000,000,000 | R--D | C] -- E:\Dokumente\Scanned Documents [2012.11.08 13:37:41 | 000,000,000 | ---D | C] -- E:\Dokumente\Fax [2012.11.06 21:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva [2012.11.06 21:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2012.11.06 13:08:54 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.11.06 12:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software [2012.11.06 12:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software [2012.11.06 12:13:10 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2012.11.06 11:11:47 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Malwarebytes [2012.11.06 11:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.06 11:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.06 11:11:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.06 11:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.06 10:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2012.11.06 10:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine [2012.11.06 10:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security [2012.11.03 10:34:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.11.01 12:30:03 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Bildverkleinerer [2012.10.30 18:57:50 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\Job hunt [2012.10.29 17:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.26 09:32:24 | 000,000,000 | ---D | C] -- C:\totalcmd [2012.10.26 09:32:24 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander [2012.10.26 09:32:24 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\GHISLER [2012.10.26 09:29:11 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\namexif [2012.10.26 09:29:09 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Namexif [2012.10.26 09:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Namexif [2012.10.26 09:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Namexif [2012.10.25 23:01:20 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\PhotoScape [2012.10.25 22:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape [2012.10.25 22:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape [2012.10.25 22:40:38 | 018,376,624 | ---- | C] (Mooii) -- C:\Users\Johanna\Desktop\PhotoScape_V3.6.2.exe [2012.10.25 21:54:11 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\rtw präsi [2012.10.22 08:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2012.10.22 08:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2012.10.22 08:39:24 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012.10.22 08:39:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real [2012.10.22 08:39:06 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Real [2012.10.22 08:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2012.10.19 15:12:15 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2012.10.19 15:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker [2012.10.19 14:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Inspector File Recovery [2012.10.19 14:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Inspector File Recovery [2012.10.19 13:55:19 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Avira [2012.10.19 13:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.19 13:42:44 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.10.19 13:42:44 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.10.19 13:42:44 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.10.19 13:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.19 13:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.10.17 18:27:29 | 000,000,000 | ---D | C] -- C:\Windows\rescache [2012.10.17 13:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center [2012.10.17 13:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center [2012.10.14 22:55:12 | 000,000,000 | ---D | C] -- E:\Dokumente\verkleinern [2012.10.14 22:55:11 | 000,000,000 | ---D | C] -- E:\Dokumente\The Millennium Trilogy - Stieg Larsson [2012.10.14 22:55:11 | 000,000,000 | ---D | C] -- E:\Dokumente\THAILAND [2012.10.14 22:55:04 | 000,000,000 | ---D | C] -- E:\Dokumente\new zealand blog [2012.10.14 22:54:50 | 000,000,000 | ---D | C] -- E:\Dokumente\Mylo Xyloto [2012.10.14 22:31:30 | 000,000,000 | ---D | C] -- E:\Dokumente\handybilder 30 april 2012 [2012.10.14 14:05:38 | 000,000,000 | ---D | C] -- E:\Dokumente\video [2012.10.14 14:02:42 | 000,000,000 | ---D | C] -- E:\Dokumente\non rtw [2012.10.14 12:27:04 | 000,000,000 | ---D | C] -- E:\Dokumente\Pictures [2012.10.14 12:26:43 | 000,000,000 | ---D | C] -- E:\Dokumente\Musik [2012.10.14 12:26:43 | 000,000,000 | ---D | C] -- E:\Dokumente\Music [2012.10.14 12:07:27 | 000,000,000 | ---D | C] -- E:\Dokumente\Downloads [2012.10.14 11:02:20 | 000,000,000 | ---D | C] -- E:\Dokumente\Documents ========== Files - Modified Within 30 Days ========== [2012.11.12 22:41:03 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000UA.job [2012.11.12 22:38:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.12 22:33:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe [2012.11.12 22:32:49 | 000,000,168 | ---- | M] () -- C:\Users\Johanna\defogger_reenable [2012.11.12 22:31:37 | 000,050,477 | ---- | M] () -- C:\Users\Johanna\Desktop\Defogger.exe [2012.11.12 22:06:59 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.12 22:06:59 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.12 22:03:52 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.12 22:03:52 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.12 22:03:52 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.12 22:03:52 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.12 22:03:52 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.12 21:56:45 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib [2012.11.12 21:56:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.12 21:56:14 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys [2012.11.12 21:40:03 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000UA.job [2012.11.12 19:41:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000Core.job [2012.11.12 18:40:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000Core.job [2012.11.06 21:41:53 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk [2012.11.06 21:40:42 | 010,797,876 | ---- | M] () -- C:\Users\Johanna\Desktop\m,..drd [2012.11.06 11:13:43 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.30 09:12:35 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.10.26 09:29:10 | 000,000,995 | ---- | M] () -- C:\Users\Johanna\Desktop\Namexif.lnk [2012.10.25 22:42:05 | 000,001,035 | ---- | M] () -- C:\Users\Johanna\Desktop\PhotoScape.lnk [2012.10.25 22:41:29 | 018,376,624 | ---- | M] (Mooii) -- C:\Users\Johanna\Desktop\PhotoScape_V3.6.2.exe [2012.10.22 08:40:15 | 000,001,268 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012.10.22 08:39:24 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012.10.19 15:01:37 | 000,000,162 | -H-- | M] () -- C:\Users\Johanna\Desktop\~$ psychische Obsoleszenz.odt [2012.10.19 14:53:58 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk [2012.10.19 13:42:50 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.19 13:39:43 | 005,193,498 | -H-- | M] () -- C:\Users\Johanna\AppData\Roaming\Johannalog.dat [2012.10.17 13:12:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf [2012.10.17 13:06:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf [2012.10.17 13:06:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf ========== Files Created - No Company Name ========== [2012.11.12 22:34:20 | 000,050,477 | ---- | C] () -- C:\Users\Johanna\Desktop\Defogger.exe [2012.11.12 22:32:49 | 000,000,168 | ---- | C] () -- C:\Users\Johanna\defogger_reenable [2012.11.06 21:41:53 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk [2012.11.06 21:40:39 | 010,797,876 | ---- | C] () -- C:\Users\Johanna\Desktop\m,..drd [2012.11.06 11:11:35 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.26 09:29:10 | 000,000,995 | ---- | C] () -- C:\Users\Johanna\Desktop\Namexif.lnk [2012.10.25 22:42:05 | 000,001,035 | ---- | C] () -- C:\Users\Johanna\Desktop\PhotoScape.lnk [2012.10.22 08:40:15 | 000,001,268 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012.10.19 15:01:37 | 000,000,162 | -H-- | C] () -- C:\Users\Johanna\Desktop\~$ psychische Obsoleszenz.odt [2012.10.19 15:01:34 | 000,014,122 | ---- | C] () -- C:\Users\Johanna\Desktop\DA psychische Obsoleszenz.odt [2012.10.19 15:01:34 | 000,000,000 | ---- | C] () -- C:\Users\Johanna\Desktop\DA psychische Obsoleszenz2.odt [2012.10.19 14:53:59 | 000,006,200 | ---- | C] () -- C:\Windows\SysWow64\INT13EXT.VXD [2012.10.19 14:53:58 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk [2012.10.19 13:42:50 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.17 13:12:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf [2012.10.17 13:06:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf [2012.10.17 13:06:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf [2012.10.17 13:05:33 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.03.27 16:38:39 | 000,870,683 | ---- | C] () -- C:\Windows\PlagiarismFinder 2.0 Uninstaller.exe [2012.03.10 11:31:46 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.01.24 22:34:26 | 000,001,514 | ---- | C] () -- C:\Users\Johanna\.recently-used.xbel [2012.01.18 15:33:29 | 000,011,442 | ---- | C] () -- C:\Users\Johanna\gsview64.ini [2012.01.16 12:32:03 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2011.12.10 21:35:47 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011.11.22 23:50:05 | 000,003,584 | ---- | C] () -- C:\Users\Johanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.20 18:29:59 | 000,000,000 | ---- | C] () -- C:\Users\Johanna\AppData\Roaming\chrtmp [2011.11.19 13:27:52 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2011.11.19 13:19:38 | 000,000,008 | ---- | C] () -- C:\Users\Johanna\AppData\Roaming\benibelawordCount.usage [2011.06.24 12:38:34 | 000,353,280 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll [2011.06.24 12:38:34 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll [2005.04.08 03:16:43 | 005,193,498 | -H-- | C] () -- C:\Users\Johanna\AppData\Roaming\Johannalog.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.12 21:57:28 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\.purple [2012.03.09 17:32:11 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\adma [2011.11.19 13:19:38 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\benibela [2012.11.01 12:30:03 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Bildverkleinerer [2012.01.16 12:32:54 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\CAD-KAS [2012.04.01 11:52:50 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\calibre [2011.12.10 22:03:25 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.02.05 18:21:43 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\DAEMON Tools Lite [2012.01.16 12:22:25 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Downloaded Installations [2012.11.12 21:57:21 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Dropbox [2012.01.15 14:29:13 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\DVDVideoSoft [2011.12.07 16:37:15 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers [2012.03.13 20:13:04 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\FileZilla [2011.11.10 12:01:21 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Fujitsu [2012.10.26 09:32:24 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\GHISLER [2012.01.24 22:34:26 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\gtk-2.0 [2011.11.24 17:49:34 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\HTC [2012.11.06 11:24:16 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\install [2012.01.02 11:55:03 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\MAGIX [2012.10.26 09:30:43 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\namexif [2012.03.09 18:04:04 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Nitro PDF [2011.12.18 11:51:48 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PDAppFlex [2012.03.04 21:02:38 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PDF Writer [2012.01.24 17:56:00 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Philips-Songbird [2012.10.25 23:01:52 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PhotoScape [2012.03.27 16:38:44 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PlagiarismFinder [2012.03.16 22:37:10 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\QuickScan [2012.01.06 14:20:06 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Rovio [2011.11.27 12:24:44 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\SnapTeam [2011.11.10 15:34:00 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Thunderbird [2012.01.17 10:52:01 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\TrainIt ========== Purity Check ========== < End of report > Geändert von TschaeiBie (12.11.2012 um 23:13 Uhr) |
|
14.11.2012, 16:49
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Verschlüsselungstrojaner e621ca05 Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Zitat:
Bitte beachten => http://www.trojaner-board.de/125889-...tml#post941520
__________________ |
|
14.11.2012, 19:58
| #3 |
| | Verschlüsselungstrojaner e621ca05 Hallo danke für die Antwort,
__________________ich habe einen Log von Malwarebytes mit einem Fund alle jüngeren sind ohne funde Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.06.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Johanna :: EMIL [Administrator] Schutz: Aktiviert 06.11.2012 11:22:34 mbam-log-2012-11-06 (11-22-34).txt Art des Suchlaufs: Flash-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P Durchsuchte Objekte: 188175 Laufzeit: 1 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|HKCU (Backdoor.HMCPol.Gen) -> Daten: C:\Users\Johanna\AppData\Roaming\install\wlcomn.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Johanna\AppData\Roaming\install\wlcomn.exe (Backdoor.HMCPol.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter
Exportierte Ereignisse:
04.11.2012 22:20 [Echtzeit-Scanner] Malware gefunden
In der Datei 'J:\RECYCLER\e621ca05.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.Elzob.4047.1' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
19.10.2012 14:46 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Johanna\AppData\Roaming\709explorer.exe'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/Dixzmer.A' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1dc79151.qua'
verschoben!
19.10.2012 14:46 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Johanna\AppData\Roaming\Gsqkqq.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Graftor.Elzob.4047.1'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4fd0cc7c.qua'
verschoben!
04.11.2012 22:24 [System-Scanner] Malware gefunden
Die Datei 'J:\RECYCLER\e621ca05.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Graftor.Elzob.4047.1'
[trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Die Datei existiert nicht!
04.11.2012 22:24 [System-Scanner] Malware gefunden
Die Datei 'J:\RECYCLER\e621ca05.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Graftor.Elzob.4047.1'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5bf24f22.qua'
verschoben!
04.11.2012 22:23 [Echtzeit-Scanner] Malware gefunden
In der Datei 'J:\RECYCLER\e621ca05.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.Elzob.4047.1' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.11.2012 22:19 [Echtzeit-Scanner] Malware gefunden
In der Datei 'J:\RECYCLER\e621ca05.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.Elzob.4047.1' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
19.10.2012 14:51 [System-Scanner] Malware gefunden
Die Datei 'F:\RECYCLER\e621ca05.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Graftor.Elzob.4047.1'
[trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '588fd850.qua'
verschoben!
19.10.2012 14:50 [Echtzeit-Scanner] Malware gefunden
In der Datei 'F:\RECYCLER\e621ca05.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.Elzob.4047.1' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
19.10.2012 14:47 [Echtzeit-Scanner] Malware gefunden
In der Datei 'F:\RECYCLER\e621ca05.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Graftor.Elzob.4047.1' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
19.10.2012 14:46 [System-Scanner] Malware gefunden
Die Datei 'C:\Program Files (x86)\FoxTabPDFConverter\Uninstall\Uninstall.exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/InstallCore.Gen'
[adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '575fe3e0.qua'
verschoben!
19.10.2012 14:46 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Johanna\AppData\Roaming\306explorer.exe'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/Dixzmer.A' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '3e79f3ae.qua'
verschoben!
19.10.2012 14:46 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Johanna\AppData\Roaming\63explorer.exe'
enthielt einen Virus oder unerwünschtes Programm 'JAVA/Dixzmer.A' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '7bacde97.qua'
verschoben!
|
|
14.11.2012, 21:03
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner e621ca05 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.11.2012, 22:06
| #5 |
| | Verschlüsselungstrojaner e621ca05 Gut also hier der Log von aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-14 21:51:35
-----------------------------
21:51:35.186 OS Version: Windows x64 6.1.7601 Service Pack 1
21:51:35.186 Number of processors: 2 586 0x2505
21:51:35.188 ComputerName: EMIL UserName:
21:51:36.624 Initialize success
21:51:58.192 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:51:58.197 Disk 0 Vendor: TOSHIBA_ GS00 Size: 476940MB BusType: 3
21:51:58.212 Disk 0 MBR read successfully
21:51:58.217 Disk 0 MBR scan
21:51:58.222 Disk 0 Windows 7 default MBR code
21:51:58.235 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:51:58.253 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 49899 MB offset 206848
21:51:58.271 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 426938 MB offset 102400000
21:51:58.313 Disk 0 scanning C:\Windows\system32\drivers
21:52:05.115 Service scanning
21:52:29.652 Modules scanning
21:52:29.670 Disk 0 trace - called modules:
21:52:29.778 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
21:52:29.787 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b035a0]
21:52:29.799 3 CLASSPNP.SYS[fffff88001b4143f] -> nt!IofCallDriver -> [0xfffffa80049a04f0]
21:52:30.027 5 ACPI.sys[fffff88000f297a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049a3050]
21:52:30.040 Scan finished successfully
21:53:18.502 Disk 0 MBR has been saved successfully to "C:\Users\Johanna\Desktop\logs\MBR.dat"
21:53:18.569 The log file has been saved successfully to "C:\Users\Johanna\Desktop\logs\aswMBR.txt"
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-14 21:55:09
-----------------------------
21:55:09.789 OS Version: Windows x64 6.1.7601 Service Pack 1
21:55:09.790 Number of processors: 2 586 0x2505
21:55:09.795 ComputerName: EMIL UserName:
21:55:10.322 Initialize success
21:55:12.794 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:55:12.799 Disk 0 Vendor: TOSHIBA_ GS00 Size: 476940MB BusType: 3
21:55:12.861 Disk 0 MBR read successfully
21:55:12.867 Disk 0 MBR scan
21:55:12.872 Disk 0 Windows 7 default MBR code
21:55:12.885 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:55:12.902 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 49899 MB offset 206848
21:55:12.943 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 426938 MB offset 102400000
21:55:12.981 Disk 0 scanning C:\Windows\system32\drivers
21:55:20.573 Service scanning
21:55:47.012 Modules scanning
21:55:47.014 Disk 0 trace - called modules:
21:55:47.073 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
21:55:47.074 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b035a0]
21:55:47.075 3 CLASSPNP.SYS[fffff88001b4143f] -> nt!IofCallDriver -> [0xfffffa80049a04f0]
21:55:47.078 5 ACPI.sys[fffff88000f297a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049a3050]
21:55:47.079 Scan finished successfully
21:57:15.081 Disk 0 MBR has been saved successfully to "C:\Users\Johanna\Desktop\logs\MBR.dat"
21:57:15.101 The log file has been saved successfully to "C:\Users\Johanna\Desktop\logs\aswMBR.txt"
Code:
ATTFilter 21:59:10.0900 1828 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:59:11.0274 1828 ============================================================
21:59:11.0274 1828 Current date / time: 2012/11/14 21:59:11.0274
21:59:11.0274 1828 SystemInfo:
21:59:11.0274 1828
21:59:11.0274 1828 OS Version: 6.1.7601 ServicePack: 1.0
21:59:11.0274 1828 Product type: Workstation
21:59:11.0274 1828 ComputerName: EMIL
21:59:11.0274 1828 UserName: Johanna
21:59:11.0274 1828 Windows directory: C:\Windows
21:59:11.0274 1828 System windows directory: C:\Windows
21:59:11.0274 1828 Running under WOW64
21:59:11.0274 1828 Processor architecture: Intel x64
21:59:11.0274 1828 Number of processors: 2
21:59:11.0274 1828 Page size: 0x1000
21:59:11.0274 1828 Boot type: Normal boot
21:59:11.0274 1828 ============================================================
21:59:11.0945 1828 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:59:11.0960 1828 Drive \Device\Harddisk1\DR9 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:59:12.0319 1828 Drive \Device\Harddisk2\DR8 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:59:12.0366 1828 Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:59:12.0397 1828 Drive \Device\Harddisk4\DR4 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:59:12.0460 1828 Drive \Device\Harddisk5\DR5 - Size: 0x2658AE0000 (153.39 Gb), SectorSize: 0x200, Cylinders: 0x4E37, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:59:16.0266 1828 ============================================================
21:59:16.0266 1828 \Device\Harddisk0\DR0:
21:59:16.0313 1828 MBR partitions:
21:59:16.0313 1828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:59:16.0313 1828 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6175800
21:59:16.0313 1828 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x61A8000, BlocksNum 0x341DD000
21:59:16.0313 1828 \Device\Harddisk1\DR9:
21:59:16.0313 1828 MBR partitions:
21:59:16.0313 1828 \Device\Harddisk1\DR9\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x3A384441
21:59:16.0313 1828 \Device\Harddisk2\DR8:
21:59:16.0344 1828 MBR partitions:
21:59:16.0344 1828 \Device\Harddisk2\DR8\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705DB0
21:59:16.0344 1828 \Device\Harddisk3\DR3:
21:59:16.0344 1828 MBR partitions:
21:59:16.0344 1828 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385830
21:59:16.0344 1828 \Device\Harddisk4\DR4:
21:59:16.0344 1828 MBR partitions:
21:59:16.0344 1828 \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
21:59:16.0344 1828 \Device\Harddisk5\DR5:
21:59:16.0344 1828 MBR partitions:
21:59:16.0344 1828 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x132C4938
21:59:16.0344 1828 ============================================================
21:59:16.0375 1828 C: <-> \Device\Harddisk0\DR0\Partition2
21:59:16.0391 1828 E: <-> \Device\Harddisk0\DR0\Partition3
21:59:16.0406 1828 F: <-> \Device\Harddisk5\DR5\Partition1
21:59:16.0438 1828 I: <-> \Device\Harddisk1\DR9\Partition1
21:59:16.0500 1828 J: <-> \Device\Harddisk3\DR3\Partition1
21:59:16.0547 1828 K: <-> \Device\Harddisk4\DR4\Partition1
21:59:16.0594 1828 L: <-> \Device\Harddisk2\DR8\Partition1
21:59:16.0594 1828 ============================================================
21:59:16.0594 1828 Initialize success
21:59:16.0594 1828 ============================================================
21:59:28.0715 9000 ============================================================
21:59:28.0715 9000 Scan started
21:59:28.0715 9000 Mode: Manual; SigCheck; TDLFS;
21:59:28.0715 9000 ============================================================
21:59:29.0152 9000 ================ Scan system memory ========================
21:59:29.0152 9000 System memory - ok
21:59:29.0152 9000 ================ Scan services =============================
21:59:29.0401 9000 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:59:29.0557 9000 1394ohci - ok
21:59:29.0620 9000 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:59:29.0651 9000 ACPI - ok
21:59:29.0698 9000 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:59:29.0838 9000 AcpiPmi - ok
21:59:29.0963 9000 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:59:29.0978 9000 AdobeARMservice - ok
21:59:30.0103 9000 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:59:30.0134 9000 AdobeFlashPlayerUpdateSvc - ok
21:59:30.0212 9000 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:59:30.0259 9000 adp94xx - ok
21:59:30.0337 9000 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:59:30.0368 9000 adpahci - ok
21:59:30.0384 9000 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:59:30.0415 9000 adpu320 - ok
21:59:30.0462 9000 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:59:30.0680 9000 AeLookupSvc - ok
21:59:30.0743 9000 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:59:30.0836 9000 AFD - ok
21:59:30.0868 9000 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:59:30.0899 9000 agp440 - ok
21:59:30.0930 9000 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:59:31.0008 9000 ALG - ok
21:59:31.0024 9000 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:59:31.0055 9000 aliide - ok
21:59:31.0070 9000 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:59:31.0086 9000 amdide - ok
21:59:31.0117 9000 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:59:31.0164 9000 AmdK8 - ok
21:59:31.0180 9000 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:59:31.0226 9000 AmdPPM - ok
21:59:31.0258 9000 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:59:31.0289 9000 amdsata - ok
21:59:31.0336 9000 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:59:31.0367 9000 amdsbs - ok
21:59:31.0382 9000 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:59:31.0398 9000 amdxata - ok
21:59:31.0492 9000 [ A5569C4429D1C5494049FBFE2B2D20FF ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:59:31.0507 9000 AntiVirSchedulerService - ok
21:59:31.0523 9000 [ CB7EA00A4E70DF6828EBB68633D000D2 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:59:31.0554 9000 AntiVirService - ok
21:59:31.0616 9000 [ A98662AF1F4FE95E0B1DAF75B98CFAE3 ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
21:59:31.0726 9000 AnyDVD - ok
21:59:31.0772 9000 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:59:31.0960 9000 AppID - ok
21:59:31.0991 9000 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:59:32.0100 9000 AppIDSvc - ok
21:59:32.0131 9000 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:59:32.0256 9000 Appinfo - ok
21:59:32.0303 9000 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:59:32.0365 9000 AppMgmt - ok
21:59:32.0381 9000 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:59:32.0412 9000 arc - ok
21:59:32.0443 9000 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:59:32.0459 9000 arcsas - ok
21:59:32.0490 9000 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:59:32.0599 9000 AsyncMac - ok
21:59:32.0615 9000 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:59:32.0646 9000 atapi - ok
21:59:32.0724 9000 [ 8C56E93749BA53A4B645963D3439E01E ] athr C:\Windows\system32\DRIVERS\athrx.sys
21:59:32.0818 9000 athr - ok
21:59:32.0880 9000 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:59:33.0005 9000 AudioEndpointBuilder - ok
21:59:33.0020 9000 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:59:33.0130 9000 AudioSrv - ok
21:59:33.0145 9000 [ 58AEE8F9E26595ADEB6F008FBB0D6174 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:59:33.0176 9000 avgntflt - ok
21:59:33.0223 9000 [ 37D3D3D28B107BCBC1C0137FF31AE480 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:59:33.0239 9000 avipbb - ok
21:59:33.0254 9000 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:59:33.0270 9000 avkmgr - ok
21:59:33.0317 9000 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:59:33.0457 9000 AxInstSV - ok
21:59:33.0504 9000 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:59:33.0582 9000 b06bdrv - ok
21:59:33.0629 9000 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:59:33.0691 9000 b57nd60a - ok
21:59:33.0738 9000 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:59:33.0816 9000 BDESVC - ok
21:59:33.0847 9000 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:59:33.0956 9000 Beep - ok
21:59:34.0034 9000 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:59:34.0159 9000 BFE - ok
21:59:34.0206 9000 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:59:34.0362 9000 BITS - ok
21:59:34.0409 9000 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:59:34.0440 9000 blbdrive - ok
21:59:34.0471 9000 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:59:34.0534 9000 bowser - ok
21:59:34.0565 9000 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:59:34.0612 9000 BrFiltLo - ok
21:59:34.0627 9000 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:59:34.0658 9000 BrFiltUp - ok
21:59:34.0705 9000 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:59:34.0752 9000 Browser - ok
21:59:34.0783 9000 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:59:34.0861 9000 Brserid - ok
21:59:34.0892 9000 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:59:34.0939 9000 BrSerWdm - ok
21:59:34.0970 9000 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:59:35.0017 9000 BrUsbMdm - ok
21:59:35.0064 9000 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:59:35.0111 9000 BrUsbSer - ok
21:59:35.0158 9000 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
21:59:35.0236 9000 BthEnum - ok
21:59:35.0282 9000 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:59:35.0314 9000 BTHMODEM - ok
21:59:35.0360 9000 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:59:35.0423 9000 BthPan - ok
21:59:35.0470 9000 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
21:59:35.0516 9000 BTHPORT - ok
21:59:35.0548 9000 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:59:35.0672 9000 bthserv - ok
21:59:35.0704 9000 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
21:59:35.0750 9000 BTHUSB - ok
21:59:35.0782 9000 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:59:35.0906 9000 cdfs - ok
21:59:35.0938 9000 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:59:35.0969 9000 cdrom - ok
21:59:36.0000 9000 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:59:36.0109 9000 CertPropSvc - ok
21:59:36.0125 9000 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:59:36.0187 9000 circlass - ok
21:59:36.0218 9000 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:59:36.0265 9000 CLFS - ok
21:59:36.0328 9000 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:59:36.0359 9000 clr_optimization_v2.0.50727_32 - ok
21:59:36.0390 9000 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:59:36.0406 9000 clr_optimization_v2.0.50727_64 - ok
21:59:36.0499 9000 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:59:36.0530 9000 clr_optimization_v4.0.30319_32 - ok
21:59:36.0577 9000 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:59:36.0593 9000 clr_optimization_v4.0.30319_64 - ok
21:59:36.0655 9000 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:59:36.0702 9000 CmBatt - ok
21:59:36.0718 9000 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:59:36.0749 9000 cmdide - ok
21:59:36.0842 9000 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:59:36.0952 9000 CNG - ok
21:59:36.0998 9000 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:59:37.0030 9000 Compbatt - ok
21:59:37.0045 9000 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:59:37.0092 9000 CompositeBus - ok
21:59:37.0108 9000 COMSysApp - ok
21:59:37.0139 9000 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:59:37.0170 9000 crcdisk - ok
21:59:37.0217 9000 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:59:37.0279 9000 CryptSvc - ok
21:59:37.0310 9000 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
21:59:37.0404 9000 CSC - ok
21:59:37.0435 9000 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
21:59:37.0498 9000 CscService - ok
21:59:37.0544 9000 [ E6CE7188CC47AE5DAFDAF552D370C52F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
21:59:37.0560 9000 dc3d - ok
21:59:37.0622 9000 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:59:37.0732 9000 DcomLaunch - ok
21:59:37.0778 9000 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:59:37.0903 9000 defragsvc - ok
21:59:37.0919 9000 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:59:38.0028 9000 DfsC - ok
21:59:38.0059 9000 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:59:38.0168 9000 Dhcp - ok
21:59:38.0200 9000 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:59:38.0309 9000 discache - ok
21:59:38.0340 9000 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:59:38.0356 9000 Disk - ok
21:59:38.0402 9000 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
21:59:38.0465 9000 dmvsc - ok
21:59:38.0496 9000 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:59:38.0558 9000 Dnscache - ok
21:59:38.0605 9000 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:59:38.0714 9000 dot3svc - ok
21:59:38.0730 9000 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:59:38.0839 9000 DPS - ok
21:59:38.0886 9000 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:59:38.0933 9000 drmkaud - ok
21:59:38.0980 9000 [ 400582B09E0BB557D0EC28A945150EEB ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:59:39.0011 9000 dtsoftbus01 - ok
21:59:39.0058 9000 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:59:39.0120 9000 DXGKrnl - ok
21:59:39.0151 9000 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:59:39.0245 9000 EapHost - ok
21:59:39.0354 9000 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:59:39.0479 9000 ebdrv - ok
21:59:39.0526 9000 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:59:39.0588 9000 EFS - ok
21:59:39.0666 9000 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:59:39.0744 9000 ehRecvr - ok
21:59:39.0760 9000 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:59:39.0791 9000 ehSched - ok
21:59:39.0853 9000 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
21:59:39.0884 9000 ElbyCDIO - ok
21:59:39.0978 9000 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:59:40.0009 9000 elxstor - ok
21:59:40.0025 9000 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:59:40.0056 9000 ErrDev - ok
21:59:40.0103 9000 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:59:40.0228 9000 EventSystem - ok
21:59:40.0259 9000 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:59:40.0352 9000 exfat - ok
21:59:40.0399 9000 Fabs - ok
21:59:40.0430 9000 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:59:40.0524 9000 fastfat - ok
21:59:40.0571 9000 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:59:40.0664 9000 Fax - ok
21:59:40.0696 9000 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
21:59:40.0742 9000 fdc - ok
21:59:40.0774 9000 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:59:40.0867 9000 fdPHost - ok
21:59:40.0898 9000 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:59:41.0008 9000 FDResPub - ok
21:59:41.0054 9000 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:59:41.0070 9000 FileInfo - ok
21:59:41.0101 9000 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:59:41.0210 9000 Filetrace - ok
21:59:41.0320 9000 [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
21:59:41.0413 9000 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
21:59:41.0413 9000 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
21:59:41.0460 9000 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:59:41.0476 9000 flpydisk - ok
21:59:41.0507 9000 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:59:41.0554 9000 FltMgr - ok
21:59:41.0616 9000 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:59:41.0710 9000 FontCache - ok
21:59:41.0788 9000 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:59:41.0803 9000 FontCache3.0.0.0 - ok
21:59:41.0819 9000 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:59:41.0850 9000 FsDepends - ok
21:59:41.0881 9000 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:59:41.0912 9000 Fs_Rec - ok
21:59:41.0959 9000 [ BA0C1FFDA496D8BCBCAC63F8D98D20E3 ] FUJ02B1 C:\Windows\system32\DRIVERS\FUJ02B1.sys
21:59:42.0022 9000 FUJ02B1 - ok
21:59:42.0037 9000 [ 7135030CBF87D724B6037BB023923730 ] FUJ02E3 C:\Windows\system32\DRIVERS\FUJ02E3.sys
21:59:42.0084 9000 FUJ02E3 - ok
21:59:42.0115 9000 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:59:42.0162 9000 fvevol - ok
21:59:42.0193 9000 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:59:42.0224 9000 gagp30kx - ok
21:59:42.0271 9000 GEARAspiWDM - ok
21:59:42.0318 9000 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:59:42.0443 9000 gpsvc - ok
21:59:42.0490 9000 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:59:42.0521 9000 gusvc - ok
21:59:42.0552 9000 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:59:42.0630 9000 hcw85cir - ok
21:59:42.0677 9000 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:59:42.0724 9000 HdAudAddService - ok
21:59:42.0770 9000 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:59:42.0817 9000 HDAudBus - ok
21:59:42.0864 9000 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:59:42.0880 9000 HECIx64 - ok
21:59:42.0911 9000 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:59:42.0942 9000 HidBatt - ok
21:59:42.0958 9000 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:59:43.0020 9000 HidBth - ok
21:59:43.0051 9000 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:59:43.0098 9000 HidIr - ok
21:59:43.0129 9000 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:59:43.0223 9000 hidserv - ok
21:59:43.0270 9000 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:59:43.0301 9000 HidUsb - ok
21:59:43.0332 9000 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:59:43.0441 9000 hkmsvc - ok
21:59:43.0472 9000 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:59:43.0535 9000 HomeGroupListener - ok
21:59:43.0582 9000 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:59:43.0613 9000 HomeGroupProvider - ok
21:59:43.0660 9000 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:59:43.0691 9000 HpSAMD - ok
21:59:43.0722 9000 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:59:43.0784 9000 HTCAND64 - ok
21:59:43.0847 9000 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
21:59:43.0862 9000 htcnprot - ok
21:59:43.0909 9000 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:59:44.0034 9000 HTTP - ok
21:59:44.0065 9000 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:59:44.0096 9000 hwpolicy - ok
21:59:44.0128 9000 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:59:44.0159 9000 i8042prt - ok
21:59:44.0190 9000 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:59:44.0221 9000 iaStor - ok
21:59:44.0284 9000 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:59:44.0315 9000 iaStorV - ok
21:59:44.0377 9000 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:59:44.0424 9000 idsvc - ok
21:59:44.0674 9000 [ 8E509DE232CFA4F8A5B34F01802F500E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:59:45.0048 9000 igfx - ok
21:59:45.0095 9000 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:59:45.0126 9000 iirsp - ok
21:59:45.0173 9000 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:59:45.0298 9000 IKEEXT - ok
21:59:45.0329 9000 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
21:59:45.0376 9000 Impcd - ok
21:59:45.0485 9000 [ 42943BB3AB7A405B30EFF7C8283CC129 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:59:45.0578 9000 IntcAzAudAddService - ok
21:59:45.0625 9000 [ D248AAE81C156C0D47A77CD61BC24CD4 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:59:45.0688 9000 IntcDAud - ok
21:59:45.0719 9000 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:59:45.0734 9000 intelide - ok
21:59:45.0766 9000 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:59:45.0812 9000 intelppm - ok
21:59:45.0844 9000 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:59:45.0953 9000 IPBusEnum - ok
21:59:45.0968 9000 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:59:46.0062 9000 IpFilterDriver - ok
21:59:46.0109 9000 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:59:46.0234 9000 iphlpsvc - ok
21:59:46.0265 9000 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:59:46.0312 9000 IPMIDRV - ok
21:59:46.0327 9000 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:59:46.0421 9000 IPNAT - ok
21:59:46.0452 9000 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:59:46.0514 9000 IRENUM - ok
21:59:46.0514 9000 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:59:46.0546 9000 isapnp - ok
21:59:46.0577 9000 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:59:46.0608 9000 iScsiPrt - ok
21:59:46.0624 9000 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:59:46.0655 9000 kbdclass - ok
21:59:46.0670 9000 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:59:46.0717 9000 kbdhid - ok
21:59:46.0748 9000 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:59:46.0764 9000 KeyIso - ok
21:59:46.0795 9000 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:59:46.0826 9000 KSecDD - ok
21:59:46.0842 9000 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:59:46.0873 9000 KSecPkg - ok
21:59:46.0936 9000 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:59:47.0092 9000 ksthunk - ok
21:59:47.0123 9000 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:59:47.0248 9000 KtmRm - ok
21:59:47.0310 9000 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:59:47.0404 9000 LanmanServer - ok
21:59:47.0435 9000 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:59:47.0544 9000 LanmanWorkstation - ok
21:59:47.0560 9000 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:59:47.0669 9000 lltdio - ok
21:59:47.0700 9000 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:59:47.0809 9000 lltdsvc - ok
21:59:47.0840 9000 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:59:47.0950 9000 lmhosts - ok
21:59:48.0012 9000 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:59:48.0043 9000 LMS ( UnsignedFile.Multi.Generic ) - warning
21:59:48.0043 9000 LMS - detected UnsignedFile.Multi.Generic (1)
21:59:48.0106 9000 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:59:48.0137 9000 LSI_FC - ok
21:59:48.0168 9000 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:59:48.0199 9000 LSI_SAS - ok
21:59:48.0215 9000 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:59:48.0246 9000 LSI_SAS2 - ok
21:59:48.0277 9000 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:59:48.0293 9000 LSI_SCSI - ok
21:59:48.0324 9000 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:59:48.0433 9000 luafv - ok
21:59:48.0496 9000 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:59:48.0511 9000 MBAMProtector - ok
21:59:48.0605 9000 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:59:48.0636 9000 MBAMScheduler - ok
21:59:48.0683 9000 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:59:48.0730 9000 MBAMService - ok
21:59:48.0761 9000 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:59:48.0792 9000 Mcx2Svc - ok
21:59:48.0823 9000 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:59:48.0839 9000 megasas - ok
21:59:48.0870 9000 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:59:48.0901 9000 MegaSR - ok
21:59:48.0932 9000 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:59:49.0026 9000 MMCSS - ok
21:59:49.0057 9000 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:59:49.0151 9000 Modem - ok
21:59:49.0182 9000 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:59:49.0229 9000 monitor - ok
21:59:49.0276 9000 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:59:49.0291 9000 mouclass - ok
21:59:49.0322 9000 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:59:49.0354 9000 mouhid - ok
21:59:49.0385 9000 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:59:49.0416 9000 mountmgr - ok
21:59:49.0510 9000 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:59:49.0541 9000 MozillaMaintenance - ok
21:59:49.0556 9000 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:59:49.0572 9000 mpio - ok
21:59:49.0603 9000 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:59:49.0697 9000 mpsdrv - ok
21:59:49.0744 9000 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:59:49.0853 9000 MpsSvc - ok
21:59:49.0868 9000 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:59:49.0931 9000 MRxDAV - ok
21:59:49.0962 9000 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:59:50.0009 9000 mrxsmb - ok
21:59:50.0040 9000 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:59:50.0056 9000 mrxsmb10 - ok
21:59:50.0087 9000 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:59:50.0102 9000 mrxsmb20 - ok
21:59:50.0149 9000 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:59:50.0180 9000 msahci - ok
21:59:50.0212 9000 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:59:50.0227 9000 msdsm - ok
21:59:50.0258 9000 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:59:50.0305 9000 MSDTC - ok
21:59:50.0321 9000 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:59:50.0430 9000 Msfs - ok
21:59:50.0446 9000 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:59:50.0555 9000 mshidkmdf - ok
21:59:50.0570 9000 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:59:50.0586 9000 msisadrv - ok
21:59:50.0633 9000 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:59:50.0726 9000 MSiSCSI - ok
21:59:50.0742 9000 msiserver - ok
21:59:50.0758 9000 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:59:50.0867 9000 MSKSSRV - ok
21:59:50.0882 9000 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:59:50.0992 9000 MSPCLOCK - ok
21:59:50.0992 9000 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:59:51.0101 9000 MSPQM - ok
21:59:51.0116 9000 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:59:51.0163 9000 MsRPC - ok
21:59:51.0179 9000 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:59:51.0210 9000 mssmbios - ok
21:59:51.0241 9000 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:59:51.0350 9000 MSTEE - ok
21:59:51.0350 9000 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:59:51.0397 9000 MTConfig - ok
21:59:51.0413 9000 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:59:51.0444 9000 Mup - ok
21:59:51.0475 9000 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:59:51.0584 9000 napagent - ok
21:59:51.0631 9000 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:59:51.0694 9000 NativeWifiP - ok
21:59:51.0756 9000 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:59:51.0818 9000 NDIS - ok
21:59:51.0850 9000 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:59:51.0943 9000 NdisCap - ok
21:59:51.0974 9000 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:59:52.0052 9000 NdisTapi - ok
21:59:52.0068 9000 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:59:52.0162 9000 Ndisuio - ok
21:59:52.0193 9000 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:59:52.0286 9000 NdisWan - ok
21:59:52.0302 9000 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:59:52.0396 9000 NDProxy - ok
21:59:52.0427 9000 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:59:52.0520 9000 NetBIOS - ok
21:59:52.0552 9000 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:59:52.0645 9000 NetBT - ok
21:59:52.0692 9000 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:59:52.0723 9000 Netlogon - ok
21:59:52.0770 9000 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:59:52.0879 9000 Netman - ok
21:59:52.0895 9000 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:59:53.0020 9000 netprofm - ok
21:59:53.0051 9000 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:59:53.0066 9000 NetTcpPortSharing - ok
21:59:53.0113 9000 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:59:53.0129 9000 nfrd960 - ok
21:59:53.0285 9000 [ 0526356C6FABC0F0CE3BFB3039338BBE ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
21:59:53.0316 9000 NitroReaderDriverReadSpool2 - ok
21:59:53.0363 9000 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:59:53.0472 9000 NlaSvc - ok
21:59:53.0503 9000 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:59:53.0597 9000 Npfs - ok
21:59:53.0612 9000 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:59:53.0706 9000 nsi - ok
21:59:53.0722 9000 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:59:53.0831 9000 nsiproxy - ok
21:59:53.0893 9000 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:59:54.0002 9000 Ntfs - ok
21:59:54.0018 9000 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:59:54.0112 9000 Null - ok
21:59:54.0143 9000 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:59:54.0174 9000 nvraid - ok
21:59:54.0205 9000 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:59:54.0236 9000 nvstor - ok
21:59:54.0252 9000 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:59:54.0283 9000 nv_agp - ok
21:59:54.0377 9000 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:59:54.0408 9000 odserv - ok
21:59:54.0439 9000 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:59:54.0486 9000 ohci1394 - ok
21:59:54.0548 9000 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:59:54.0580 9000 ose - ok
21:59:54.0626 9000 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:59:54.0689 9000 p2pimsvc - ok
21:59:54.0720 9000 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:59:54.0751 9000 p2psvc - ok
21:59:54.0782 9000 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
21:59:54.0829 9000 Parport - ok
21:59:54.0860 9000 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:59:54.0892 9000 partmgr - ok
21:59:54.0954 9000 [ 8F873BD8188ED208922CAE9B79DD6A35 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
21:59:54.0985 9000 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
21:59:54.0985 9000 PassThru Service - detected UnsignedFile.Multi.Generic (1)
21:59:55.0016 9000 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:59:55.0079 9000 PcaSvc - ok
21:59:55.0110 9000 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:59:55.0141 9000 pci - ok
21:59:55.0157 9000 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:59:55.0188 9000 pciide - ok
21:59:55.0219 9000 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:59:55.0250 9000 pcmcia - ok
21:59:55.0266 9000 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:59:55.0282 9000 pcw - ok
21:59:55.0313 9000 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:59:55.0422 9000 PEAUTH - ok
21:59:55.0484 9000 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:59:55.0562 9000 PeerDistSvc - ok
21:59:55.0640 9000 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:59:55.0672 9000 PerfHost - ok
21:59:55.0734 9000 [ C0F1CFCEE7E8AFF3AE0A7F54A7D3D6BE ] PFNService C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
21:59:55.0765 9000 PFNService ( UnsignedFile.Multi.Generic ) - warning
21:59:55.0765 9000 PFNService - detected UnsignedFile.Multi.Generic (1)
21:59:55.0828 9000 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:59:55.0968 9000 pla - ok
21:59:56.0030 9000 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:59:56.0093 9000 PlugPlay - ok
21:59:56.0124 9000 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:59:56.0155 9000 PNRPAutoReg - ok
21:59:56.0171 9000 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:59:56.0218 9000 PNRPsvc - ok
21:59:56.0249 9000 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
21:59:56.0280 9000 Point64 - ok
21:59:56.0311 9000 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:59:56.0436 9000 PolicyAgent - ok
21:59:56.0467 9000 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:59:56.0576 9000 Power - ok
21:59:56.0623 9000 [ 843BA5F09A391D52AC1F8486C5FC3D4F ] PowerSavingUtilityService C:\Program Files\Fujitsu\PSUtility\PSUService.exe
21:59:56.0639 9000 PowerSavingUtilityService - ok
21:59:56.0686 9000 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:59:56.0795 9000 PptpMiniport - ok
21:59:56.0826 9000 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:59:56.0857 9000 Processor - ok
21:59:56.0904 9000 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:59:56.0982 9000 ProfSvc - ok
21:59:56.0998 9000 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:59:57.0029 9000 ProtectedStorage - ok
21:59:57.0044 9000 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:59:57.0154 9000 Psched - ok
21:59:57.0200 9000 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:59:57.0294 9000 ql2300 - ok
21:59:57.0310 9000 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:59:57.0341 9000 ql40xx - ok
21:59:57.0372 9000 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:59:57.0419 9000 QWAVE - ok
21:59:57.0434 9000 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:59:57.0481 9000 QWAVEdrv - ok
21:59:57.0497 9000 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:59:57.0590 9000 RasAcd - ok
21:59:57.0637 9000 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:59:57.0731 9000 RasAgileVpn - ok
21:59:57.0824 9000 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:59:57.0949 9000 RasAuto - ok
21:59:57.0996 9000 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:59:58.0090 9000 Rasl2tp - ok
21:59:58.0121 9000 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:59:58.0214 9000 RasMan - ok
21:59:58.0230 9000 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:59:58.0339 9000 RasPppoe - ok
21:59:58.0355 9000 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:59:58.0464 9000 RasSstp - ok
21:59:58.0480 9000 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:59:58.0589 9000 rdbss - ok
21:59:58.0604 9000 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:59:58.0651 9000 rdpbus - ok
21:59:58.0682 9000 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:59:58.0760 9000 RDPCDD - ok
21:59:58.0807 9000 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:59:58.0885 9000 RDPDR - ok
21:59:58.0916 9000 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:59:59.0026 9000 RDPENCDD - ok
21:59:59.0104 9000 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:59:59.0182 9000 RDPREFMP - ok
21:59:59.0213 9000 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:59:59.0291 9000 RDPWD - ok
21:59:59.0322 9000 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:59:59.0353 9000 rdyboost - ok
21:59:59.0384 9000 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:59:59.0478 9000 RemoteAccess - ok
21:59:59.0509 9000 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:59:59.0618 9000 RemoteRegistry - ok
21:59:59.0650 9000 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:59:59.0696 9000 RFCOMM - ok
21:59:59.0712 9000 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:59:59.0821 9000 RpcEptMapper - ok
21:59:59.0852 9000 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:59:59.0884 9000 RpcLocator - ok
21:59:59.0930 9000 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:00:00.0040 9000 RpcSs - ok
22:00:00.0102 9000 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:00:00.0180 9000 rspndr - ok
22:00:00.0227 9000 [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
22:00:00.0274 9000 RSUSBSTOR - ok
22:00:00.0320 9000 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:00:00.0352 9000 RTL8167 - ok
22:00:00.0367 9000 RtsUIR - ok
22:00:00.0398 9000 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:00:00.0430 9000 s3cap - ok
22:00:00.0445 9000 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:00:00.0461 9000 SamSs - ok
22:00:00.0492 9000 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:00:00.0523 9000 sbp2port - ok
22:00:00.0554 9000 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:00:00.0648 9000 SCardSvr - ok
22:00:00.0679 9000 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:00:00.0773 9000 scfilter - ok
22:00:00.0820 9000 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:00:00.0960 9000 Schedule - ok
22:00:00.0991 9000 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:00:01.0069 9000 SCPolicySvc - ok
22:00:01.0100 9000 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:00:01.0178 9000 SDRSVC - ok
22:00:01.0225 9000 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:00:01.0319 9000 secdrv - ok
22:00:01.0334 9000 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:00:01.0428 9000 seclogon - ok
22:00:01.0444 9000 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:00:01.0537 9000 SENS - ok
22:00:01.0553 9000 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:00:01.0615 9000 SensrSvc - ok
22:00:01.0631 9000 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
22:00:01.0678 9000 Serenum - ok
22:00:01.0709 9000 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
22:00:01.0756 9000 Serial - ok
22:00:01.0771 9000 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:00:01.0802 9000 sermouse - ok
22:00:01.0849 9000 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:00:01.0958 9000 SessionEnv - ok
22:00:01.0990 9000 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:00:02.0021 9000 sffdisk - ok
22:00:02.0036 9000 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:00:02.0083 9000 sffp_mmc - ok
22:00:02.0083 9000 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:00:02.0130 9000 sffp_sd - ok
22:00:02.0161 9000 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:00:02.0208 9000 sfloppy - ok
22:00:02.0239 9000 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:00:02.0348 9000 SharedAccess - ok
22:00:02.0380 9000 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:00:02.0489 9000 ShellHWDetection - ok
22:00:02.0520 9000 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:00:02.0551 9000 SiSRaid2 - ok
22:00:02.0567 9000 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:00:02.0598 9000 SiSRaid4 - ok
22:00:02.0629 9000 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:00:02.0723 9000 Smb - ok
22:00:02.0770 9000 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:00:02.0801 9000 SNMPTRAP - ok
22:00:02.0832 9000 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:00:02.0848 9000 spldr - ok
22:00:02.0910 9000 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:00:03.0004 9000 Spooler - ok
22:00:03.0160 9000 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:00:03.0378 9000 sppsvc - ok
22:00:03.0394 9000 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:00:03.0503 9000 sppuinotify - ok
22:00:03.0550 9000 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:00:03.0612 9000 srv - ok
22:00:03.0643 9000 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:00:03.0674 9000 srv2 - ok
22:00:03.0706 9000 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:00:03.0737 9000 srvnet - ok
22:00:03.0784 9000 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:00:03.0877 9000 SSDPSRV - ok
22:00:03.0893 9000 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:00:03.0986 9000 SstpSvc - ok
22:00:04.0033 9000 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:00:04.0049 9000 stexstor - ok
22:00:04.0096 9000 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:00:04.0174 9000 stisvc - ok
22:00:04.0205 9000 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:00:04.0220 9000 storflt - ok
22:00:04.0236 9000 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
22:00:04.0314 9000 StorSvc - ok
22:00:04.0345 9000 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:00:04.0361 9000 storvsc - ok
22:00:04.0392 9000 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:00:04.0423 9000 swenum - ok
22:00:04.0454 9000 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:00:04.0564 9000 swprv - ok
22:00:04.0610 9000 [ 2F827BB08CC7F1A17DF2EAD7B424D731 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:00:04.0642 9000 SynTP - ok
22:00:04.0688 9000 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:00:04.0798 9000 SysMain - ok
22:00:04.0829 9000 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:00:04.0891 9000 TabletInputService - ok
22:00:04.0922 9000 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:00:05.0032 9000 TapiSrv - ok
22:00:05.0047 9000 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:00:05.0141 9000 TBS - ok
22:00:05.0234 9000 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:00:05.0344 9000 Tcpip - ok
22:00:05.0390 9000 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:00:05.0484 9000 TCPIP6 - ok
22:00:05.0515 9000 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:00:05.0609 9000 tcpipreg - ok
22:00:05.0624 9000 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:00:05.0687 9000 TDPIPE - ok
22:00:05.0702 9000 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:00:05.0734 9000 TDTCP - ok
22:00:05.0780 9000 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:00:05.0874 9000 tdx - ok
22:00:05.0890 9000 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:00:05.0921 9000 TermDD - ok
22:00:05.0968 9000 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:00:06.0077 9000 TermService - ok
22:00:06.0108 9000 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:00:06.0139 9000 Themes - ok
22:00:06.0155 9000 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:00:06.0248 9000 THREADORDER - ok
22:00:06.0280 9000 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:00:06.0373 9000 TrkWks - ok
22:00:06.0436 9000 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:00:06.0529 9000 TrustedInstaller - ok
22:00:06.0560 9000 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:00:06.0654 9000 tssecsrv - ok
22:00:06.0701 9000 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:00:06.0779 9000 TsUsbFlt - ok
22:00:06.0794 9000 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
22:00:06.0826 9000 TsUsbGD - ok
22:00:06.0872 9000 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:00:06.0982 9000 tunnel - ok
22:00:06.0997 9000 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:00:07.0028 9000 uagp35 - ok
22:00:07.0044 9000 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:00:07.0153 9000 udfs - ok
22:00:07.0184 9000 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:00:07.0231 9000 UI0Detect - ok
22:00:07.0262 9000 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:00:07.0294 9000 uliagpkx - ok
22:00:07.0325 9000 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:00:07.0356 9000 umbus - ok
22:00:07.0372 9000 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
22:00:07.0418 9000 UmPass - ok
22:00:07.0450 9000 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
22:00:07.0496 9000 UmRdpService - ok
22:00:07.0559 9000 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys
22:00:07.0559 9000 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
22:00:07.0559 9000 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
22:00:07.0637 9000 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:00:07.0730 9000 UNS ( UnsignedFile.Multi.Generic ) - warning
22:00:07.0730 9000 UNS - detected UnsignedFile.Multi.Generic (1)
22:00:07.0777 9000 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:00:07.0886 9000 upnphost - ok
22:00:07.0918 9000 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:00:07.0949 9000 usbccgp - ok
22:00:07.0964 9000 USBCCID - ok
22:00:08.0011 9000 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:00:08.0042 9000 usbcir - ok
22:00:08.0058 9000 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:00:08.0089 9000 usbehci - ok
22:00:08.0152 9000 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:00:08.0183 9000 usbhub - ok
22:00:08.0214 9000 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:00:08.0245 9000 usbohci - ok
22:00:08.0292 9000 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:00:08.0339 9000 usbprint - ok
22:00:08.0354 9000 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:00:08.0401 9000 USBSTOR - ok
22:00:08.0432 9000 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:00:08.0479 9000 usbuhci - ok
22:00:08.0510 9000 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:00:08.0573 9000 usbvideo - ok
22:00:08.0620 9000 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
22:00:08.0682 9000 usb_rndisx - ok
22:00:08.0713 9000 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:00:08.0807 9000 UxSms - ok
22:00:08.0838 9000 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:00:08.0854 9000 VaultSvc - ok
22:00:08.0900 9000 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
22:00:08.0932 9000 VClone - ok
22:00:08.0978 9000 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:00:09.0010 9000 vdrvroot - ok
22:00:09.0041 9000 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:00:09.0166 9000 vds - ok
22:00:09.0197 9000 [ D9656445499625B0ED88C0B203F3C16F ] VFPRadioSupportService C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
22:00:09.0228 9000 VFPRadioSupportService - ok
22:00:09.0275 9000 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:00:09.0306 9000 vga - ok
22:00:09.0322 9000 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:00:09.0431 9000 VgaSave - ok
22:00:09.0446 9000 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:00:09.0478 9000 vhdmp - ok
22:00:09.0493 9000 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:00:09.0524 9000 viaide - ok
22:00:09.0556 9000 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:00:09.0587 9000 vmbus - ok
22:00:09.0602 9000 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:00:09.0634 9000 VMBusHID - ok
22:00:09.0649 9000 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:00:09.0680 9000 volmgr - ok
22:00:09.0696 9000 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:00:09.0743 9000 volmgrx - ok
22:00:09.0774 9000 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:00:09.0805 9000 volsnap - ok
22:00:09.0836 9000 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:00:09.0868 9000 vsmraid - ok
22:00:09.0914 9000 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:00:10.0055 9000 VSS - ok
22:00:10.0086 9000 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:00:10.0133 9000 vwifibus - ok
22:00:10.0148 9000 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:00:10.0195 9000 vwififlt - ok
22:00:10.0211 9000 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:00:10.0273 9000 vwifimp - ok
22:00:10.0320 9000 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:00:10.0414 9000 W32Time - ok
22:00:10.0445 9000 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:00:10.0492 9000 WacomPen - ok
22:00:10.0523 9000 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:00:10.0632 9000 WANARP - ok
22:00:10.0632 9000 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:00:10.0726 9000 Wanarpv6 - ok
22:00:10.0788 9000 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:00:10.0897 9000 wbengine - ok
22:00:10.0913 9000 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:00:10.0960 9000 WbioSrvc - ok
22:00:10.0991 9000 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:00:11.0038 9000 wcncsvc - ok
22:00:11.0069 9000 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:00:11.0147 9000 WcsPlugInService - ok
22:00:11.0162 9000 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
22:00:11.0178 9000 Wd - ok
22:00:11.0240 9000 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:00:11.0303 9000 Wdf01000 - ok
22:00:11.0334 9000 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:00:11.0428 9000 WdiServiceHost - ok
22:00:11.0443 9000 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:00:11.0490 9000 WdiSystemHost - ok
22:00:11.0506 9000 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:00:11.0584 9000 WebClient - ok
22:00:11.0599 9000 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:00:11.0708 9000 Wecsvc - ok
22:00:11.0724 9000 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:00:11.0833 9000 wercplsupport - ok
22:00:11.0864 9000 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:00:11.0958 9000 WerSvc - ok
22:00:12.0005 9000 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:00:12.0083 9000 WfpLwf - ok
22:00:12.0114 9000 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:00:12.0130 9000 WIMMount - ok
22:00:12.0145 9000 WinDefend - ok
22:00:12.0161 9000 WinHttpAutoProxySvc - ok
22:00:12.0223 9000 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:00:12.0317 9000 Winmgmt - ok
22:00:12.0395 9000 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:00:12.0535 9000 WinRM - ok
22:00:12.0598 9000 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:00:12.0676 9000 Wlansvc - ok
22:00:12.0707 9000 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:00:12.0738 9000 WmiAcpi - ok
22:00:12.0769 9000 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:00:12.0816 9000 wmiApSrv - ok
22:00:12.0847 9000 WMPNetworkSvc - ok
22:00:12.0879 9000 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:00:12.0941 9000 WPCSvc - ok
22:00:12.0941 9000 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:00:12.0988 9000 WPDBusEnum - ok
22:00:13.0019 9000 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:00:13.0097 9000 ws2ifsl - ok
22:00:13.0128 9000 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:00:13.0191 9000 wscsvc - ok
22:00:13.0191 9000 WSearch - ok
22:00:13.0284 9000 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:00:13.0425 9000 wuauserv - ok
22:00:13.0440 9000 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:00:13.0549 9000 WudfPf - ok
22:00:13.0596 9000 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:00:13.0690 9000 WUDFRd - ok
22:00:13.0721 9000 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:00:13.0815 9000 wudfsvc - ok
22:00:13.0846 9000 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:00:13.0908 9000 WwanSvc - ok
22:00:13.0924 9000 ================ Scan global ===============================
22:00:13.0955 9000 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:00:13.0986 9000 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:00:14.0002 9000 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
22:00:14.0033 9000 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:00:14.0064 9000 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:00:14.0064 9000 [Global] - ok
22:00:14.0064 9000 ================ Scan MBR ==================================
22:00:14.0080 9000 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:00:15.0219 9000 \Device\Harddisk0\DR0 - ok
22:00:15.0219 9000 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR9
22:00:15.0733 9000 \Device\Harddisk1\DR9 - ok
22:00:15.0765 9000 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR8
22:00:16.0233 9000 \Device\Harddisk2\DR8 - ok
22:00:20.0569 9000 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
22:00:20.0757 9000 \Device\Harddisk3\DR3 - ok
22:00:20.0757 9000 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
22:00:21.0006 9000 \Device\Harddisk4\DR4 - ok
22:00:21.0006 9000 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk5\DR5
22:00:21.0162 9000 \Device\Harddisk5\DR5 - ok
22:00:21.0162 9000 ================ Scan VBR ==================================
22:00:21.0240 9000 [ 185B025061A16D6DE0A44981E7D6CB58 ] \Device\Harddisk0\DR0\Partition1
22:00:21.0240 9000 \Device\Harddisk0\DR0\Partition1 - ok
22:00:21.0256 9000 [ 757FA0FAE3CBBB78B4C86600FFC8D4A6 ] \Device\Harddisk0\DR0\Partition2
22:00:21.0256 9000 \Device\Harddisk0\DR0\Partition2 - ok
22:00:21.0271 9000 [ D13A14F1B89C0C9D36E3C5A3ADD0A39F ] \Device\Harddisk0\DR0\Partition3
22:00:21.0287 9000 \Device\Harddisk0\DR0\Partition3 - ok
22:00:21.0287 9000 [ F884B36201CA1E5E4761A114E33DDE4A ] \Device\Harddisk1\DR9\Partition1
22:00:21.0287 9000 \Device\Harddisk1\DR9\Partition1 - ok
22:00:21.0334 9000 [ 4204DDEAAAFFBC5ACEB33492F340D198 ] \Device\Harddisk2\DR8\Partition1
22:00:21.0334 9000 \Device\Harddisk2\DR8\Partition1 - ok
22:00:21.0334 9000 [ C84B11C31C8979BA7875D69E337D1907 ] \Device\Harddisk3\DR3\Partition1
22:00:21.0334 9000 \Device\Harddisk3\DR3\Partition1 - ok
22:00:21.0349 9000 [ 7EFE1A85F3039E3919565DEEA0FBCE57 ] \Device\Harddisk4\DR4\Partition1
22:00:21.0349 9000 \Device\Harddisk4\DR4\Partition1 - ok
22:00:21.0349 9000 [ 608A00E3DAEFB11B7B74FA345246E2BA ] \Device\Harddisk5\DR5\Partition1
22:00:21.0365 9000 \Device\Harddisk5\DR5\Partition1 - ok
22:00:21.0365 9000 ============================================================
22:00:21.0365 9000 Scan finished
22:00:21.0365 9000 ============================================================
22:00:21.0381 7444 Detected object count: 6
22:00:21.0381 7444 Actual detected object count: 6
22:02:00.0050 7444 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:00.0050 7444 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:00.0050 7444 LMS ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:00.0050 7444 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:00.0060 7444 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:00.0060 7444 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:00.0060 7444 PFNService ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:00.0060 7444 PFNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:00.0060 7444 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:00.0060 7444 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:02:00.0070 7444 UNS ( UnsignedFile.Multi.Generic ) - skipped by user
22:02:00.0070 7444 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
14.11.2012, 22:38
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner e621ca05 Mach bitte einen CustomScan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Verschlüsselungstrojaner e621ca05 |
|
14.11.2012, 23:06
| #7 |
| | Verschlüsselungstrojaner e621ca05 OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.11.2012 22:49:40 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Johanna\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 60,83% Memory free 7,60 Gb Paging File | 5,68 Gb Available in Paging File | 74,70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,73 Gb Total Space | 1,84 Gb Free Space | 3,77% Space Free | Partition Type: NTFS Drive D: | 6,35 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 416,93 Gb Total Space | 322,67 Gb Free Space | 77,39% Space Free | Partition Type: NTFS Drive F: | 153,38 Gb Total Space | 26,53 Gb Free Space | 17,29% Space Free | Partition Type: NTFS Drive I: | 465,64 Gb Total Space | 228,01 Gb Free Space | 48,97% Space Free | Partition Type: FAT32 Drive J: | 465,76 Gb Total Space | 448,98 Gb Free Space | 96,40% Space Free | Partition Type: NTFS Drive K: | 931,51 Gb Total Space | 48,77 Gb Free Space | 5,24% Space Free | Partition Type: NTFS Drive L: | 931,51 Gb Total Space | 400,29 Gb Free Space | 42,97% Space Free | Partition Type: NTFS Computer Name: EMIL | User Name: Johanna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.13 18:32:55 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.11.12 22:33:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe PRC - [2012.10.30 09:12:30 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.10.30 09:12:06 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.10.22 08:39:20 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.21 18:55:04 | 010,855,544 | ---- | M] (SugarSync, Inc.) -- C:\Program Files (x86)\SugarSync\SugarSyncManager.exe PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.09.05 18:04:58 | 002,904,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2011.05.12 13:06:00 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2011.05.04 14:14:38 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011.03.15 17:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2011.01.25 09:48:30 | 000,380,416 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe PRC - [2010.07.04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe PRC - [2009.11.01 17:04:50 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.11.01 17:04:44 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.10.09 21:06:50 | 000,047,976 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe PRC - [2009.10.08 20:44:54 | 000,036,712 | ---- | M] (FUJITSU LIMITED) -- C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe ========== Modules (No Company Name) ========== MOD - [2012.05.13 17:16:25 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012.05.13 17:15:27 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.13 17:15:23 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.13 17:15:19 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.13 17:15:00 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.09.05 18:05:06 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu MOD - [2011.05.12 13:06:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2011.05.12 13:06:00 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2011.05.12 13:06:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2011.05.12 13:06:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2011.05.12 13:06:00 | 000,385,024 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll MOD - [2011.05.12 13:06:00 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2011.05.12 13:06:00 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2011.05.12 13:06:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2011.01.25 09:48:30 | 000,380,416 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe MOD - [2010.11.21 04:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.07.04 22:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll MOD - [2010.07.04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.10.30 09:12:30 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.10.30 09:12:06 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.10.29 17:34:56 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.09 20:38:44 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.01.16 09:02:32 | 000,343,032 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.05.04 14:14:38 | 000,081,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2010.06.23 17:14:38 | 000,330,240 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Programme\Fujitsu\Plugfree NETWORK\PFNService.exe -- (PFNService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.24 12:43:40 | 000,145,840 | ---- | M] (CSR, plc) [Auto | Running] -- C:\Programme\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe -- (VFPRadioSupportService) SRV - [2009.11.01 17:04:50 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.11.01 17:04:44 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.07.30 10:43:00 | 000,063,336 | ---- | M] (FUJITSU LIMITED) [Auto | Running] -- C:\Programme\Fujitsu\PSUtility\PSUService.exe -- (PowerSavingUtilityService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.13 18:34:40 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.11.13 18:34:39 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.10.12 15:35:24 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2012.10.09 19:31:14 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.09 15:12:44 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.19 12:02:05 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010.04.22 13:12:38 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.03.04 21:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.12.18 11:38:56 | 008,038,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.11.27 05:15:00 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009.11.01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.11.01 17:04:44 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.10.26 12:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.10.09 19:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.10.09 02:41:02 | 001,394,176 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.08 09:15:18 | 000,215,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2006.11.01 19:59:24 | 000,007,296 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02e3.sys -- (FUJ02E3) DRV:64bit: - [2006.11.01 19:20:28 | 000,007,808 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fuj02b1.sys -- (FUJ02B1) DRV - [2012.03.09 15:12:44 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2011.01.18 23:16:38 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2010.07.04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\..\SearchScopes\{0F67909D-4634-4BFB-A465-9CA9BEE6B796}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/" FF - prefs.js..extensions.enabledAddons: amznUWL2@amazon.com:1.10 FF - prefs.js..extensions.enabledAddons: de_DE@dicts.j3e.de:20120628 FF - prefs.js..extensions.enabledAddons: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledAddons: foxyproxy@eric.h.jung:4.0.2 FF - prefs.js..extensions.enabledAddons: next@scribefire.com:4.0 FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: {15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}:1.0.5 FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1 FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8 FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3 FF - prefs.js..extensions.enabledAddons: {F807FACD-E46A-4793-B345-D58CB177673C}:4.0.0.1 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4 FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: {76C80A11-FAD4-406c-8246-F5ED4F9367B5}:0.1.7 FF - prefs.js..keyword.URL: "hxxp://www.arccosine.com/search.php?q=" FF - prefs.js..network.proxy.backup.ftp: "proxy.fh-landshut.de" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.socks: "proxy.fh-landshut.de" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "proxy.fh-landshut.de" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "proxy.fh-landshut.de" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "proxy.fh-landshut.de" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "proxy.fh-landshut.de" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "proxy.fh-landshut.de" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Johanna\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Johanna\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Johanna\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Johanna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Johanna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.12.24 09:25:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.22 08:39:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 17:34:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.12 00:55:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 17:34:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.24 17:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Extensions [2012.01.24 17:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2012.11.12 21:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions [2012.10.05 13:17:32 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012.10.19 13:38:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.12.07 16:37:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.10.05 13:17:07 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\de_DE@dicts.j3e.de [2012.10.05 13:17:07 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\en-GB@dictionaries.addons.mozilla.org [2012.10.14 23:01:39 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\foxyproxy@eric.h.jung [2012.10.05 13:17:06 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\amznUWL2@amazon.com.xpi [2012.10.03 15:20:56 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\extension@ciuvo.com.xpi [2012.10.18 11:02:41 | 000,215,605 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\fbdislike@doweb.fr.xpi [2012.10.05 13:17:29 | 000,580,931 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\next@scribefire.com.xpi [2011.11.10 14:52:57 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\personas@christopher.beard.xpi [2012.10.25 21:44:20 | 000,431,213 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\shoppingassist@ookong.com.xpi [2012.10.17 11:02:40 | 000,071,037 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\SkipScreen@SkipScreen.xpi [2012.03.16 19:03:45 | 000,023,334 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\trustmyweb.addons.firefox@hotmail.com.xpi [2011.12.07 16:32:53 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\youtube2mp3@mondayx.de.xpi [2012.03.16 18:58:25 | 000,035,923 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi [2011.11.10 14:50:54 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2011.11.12 12:14:35 | 000,162,610 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{45e16761-660c-41a4-984f-56986fba2137}.xpi [2012.10.30 23:37:05 | 000,009,664 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}.xpi [2012.10.03 15:21:04 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.05 13:17:34 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012.10.19 13:38:54 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.10.05 13:17:41 | 000,529,750 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}.xpi [2012.11.12 21:54:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.29 17:34:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.11.03 10:31:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.10.22 08:39:47 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2012.10.29 17:34:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.18 09:05:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.09 18:01:50 | 000,005,142 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\arccosine.xml [2012.10.18 09:05:59 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.18 09:05:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.18 09:05:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.18 09:05:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.18 09:05:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc) O4:64bit: - HKLM..\Run: [CSRBIP] C:\Programme\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe (CSR, plc) O4:64bit: - HKLM..\Run: [CSRSkype] C:\Programme\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc) O4:64bit: - HKLM..\Run: [FDM7] C:\Programme\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [PSUTility] C:\Programme\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000..\Run: [Facebook Update] C:\Users\Johanna\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Diplomarbeit - Verknüpfung.lnk = File not found O4 - Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{315BF060-8F0E-4CE1-8E4A-12D68A3418A9}: DhcpNameServer = 83.169.184.161 83.169.184.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39106C85-56AD-4448-A429-DB2D0B2268AB}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEAD2434-03C8-487F-A89B-C482A173740A}: DhcpNameServer = 192.168.42.129 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{f4042747-0b8e-11e1-bf1b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f4042747-0b8e-11e1-bf1b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe O33 - MountPoints2\{f4042747-0b8e-11e1-bf1b-806e6f6e6963}\Shell\option1\command - "" = D:\deskupdate\DeskUpdate.exe O33 - MountPoints2\{f4042747-0b8e-11e1-bf1b-806e6f6e6963}\Shell\support\command - "" = D:\deskupdate\support.bat O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.11.14 21:59:04 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Johanna\Desktop\tdsskiller.exe [2012.11.14 21:50:30 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Johanna\Desktop\aswMBR.exe [2012.11.14 19:47:51 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\logs [2012.11.12 22:34:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe [2012.11.09 12:20:02 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\Kontoauszüge [2012.11.08 18:05:38 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\dvdcss [2012.11.08 13:37:44 | 000,000,000 | R--D | C] -- L:\System wiederherstellung JOhanna\Dokumente\Scanned Documents [2012.11.08 13:37:41 | 000,000,000 | ---D | C] -- L:\System wiederherstellung JOhanna\Dokumente\Fax [2012.11.06 21:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva [2012.11.06 21:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2012.11.06 13:08:54 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.11.06 12:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software [2012.11.06 12:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software [2012.11.06 12:13:10 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2012.11.06 11:11:47 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Malwarebytes [2012.11.06 11:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.06 11:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.06 11:11:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.06 11:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.06 10:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2012.11.06 10:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine [2012.11.06 10:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security [2012.11.03 10:34:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.11.01 12:30:03 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Bildverkleinerer [2012.10.30 18:57:50 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\Job hunt [2012.10.29 17:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.26 09:32:24 | 000,000,000 | ---D | C] -- C:\totalcmd [2012.10.26 09:32:24 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander [2012.10.26 09:32:24 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\GHISLER [2012.10.26 09:29:11 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\namexif [2012.10.26 09:29:09 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Namexif [2012.10.26 09:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Namexif [2012.10.26 09:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Namexif [2012.10.25 23:01:20 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\PhotoScape [2012.10.25 22:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape [2012.10.25 22:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape [2012.10.25 22:40:38 | 018,376,624 | ---- | C] (Mooii) -- C:\Users\Johanna\Desktop\PhotoScape_V3.6.2.exe [2012.10.25 21:54:11 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\rtw präsi [2012.10.22 08:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2012.10.22 08:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2012.10.22 08:39:24 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012.10.22 08:39:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real [2012.10.22 08:39:06 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Real [2012.10.22 08:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2012.10.19 15:12:15 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2012.10.19 15:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker [2012.10.19 14:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Inspector File Recovery [2012.10.19 14:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Inspector File Recovery [2012.10.19 13:55:19 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Avira [2012.10.19 13:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.19 13:42:44 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.10.19 13:42:44 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.10.19 13:42:44 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.10.19 13:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.19 13:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.10.17 18:27:29 | 000,000,000 | ---D | C] -- C:\Windows\rescache [2012.10.17 13:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center [2012.10.17 13:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center ========== Files - Modified Within 30 Days ========== [2012.11.14 22:41:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000UA.job [2012.11.14 22:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.14 21:56:52 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Johanna\Desktop\tdsskiller.exe [2012.11.14 21:56:00 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.14 21:56:00 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.14 21:56:00 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.14 21:55:59 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.14 21:55:59 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.14 21:50:54 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Johanna\Desktop\aswMBR.exe [2012.11.14 21:40:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000UA.job [2012.11.14 19:41:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000Core.job [2012.11.14 18:40:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000Core.job [2012.11.14 18:15:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.14 10:14:11 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.14 10:14:11 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.14 10:07:06 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib [2012.11.14 10:06:23 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys [2012.11.13 18:34:40 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.13 18:34:39 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.12 22:33:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe [2012.11.12 22:32:49 | 000,000,168 | ---- | M] () -- C:\Users\Johanna\defogger_reenable [2012.11.12 22:31:37 | 000,050,477 | ---- | M] () -- C:\Users\Johanna\Desktop\Defogger.exe [2012.11.06 21:41:53 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk [2012.11.06 21:40:42 | 010,797,876 | ---- | M] () -- C:\Users\Johanna\Desktop\m,..drd [2012.11.06 11:13:43 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.26 09:29:10 | 000,000,995 | ---- | M] () -- C:\Users\Johanna\Desktop\Namexif.lnk [2012.10.25 22:42:05 | 000,001,035 | ---- | M] () -- C:\Users\Johanna\Desktop\PhotoScape.lnk [2012.10.25 22:41:29 | 018,376,624 | ---- | M] (Mooii) -- C:\Users\Johanna\Desktop\PhotoScape_V3.6.2.exe [2012.10.22 08:40:15 | 000,001,268 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012.10.22 08:39:24 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012.10.19 15:01:37 | 000,000,162 | -H-- | M] () -- C:\Users\Johanna\Desktop\~$ psychische Obsoleszenz.odt [2012.10.19 14:53:58 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk [2012.10.19 13:42:50 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.19 13:39:43 | 005,193,498 | -H-- | M] () -- C:\Users\Johanna\AppData\Roaming\Johannalog.dat [2012.10.17 13:12:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf [2012.10.17 13:06:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf [2012.10.17 13:06:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf ========== Files Created - No Company Name ========== [2012.11.12 22:34:20 | 000,050,477 | ---- | C] () -- C:\Users\Johanna\Desktop\Defogger.exe [2012.11.12 22:32:49 | 000,000,168 | ---- | C] () -- C:\Users\Johanna\defogger_reenable [2012.11.06 21:41:53 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk [2012.11.06 21:40:39 | 010,797,876 | ---- | C] () -- C:\Users\Johanna\Desktop\m,..drd [2012.11.06 11:11:35 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.26 09:29:10 | 000,000,995 | ---- | C] () -- C:\Users\Johanna\Desktop\Namexif.lnk [2012.10.25 22:42:05 | 000,001,035 | ---- | C] () -- C:\Users\Johanna\Desktop\PhotoScape.lnk [2012.10.22 08:40:15 | 000,001,268 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012.10.19 15:01:37 | 000,000,162 | -H-- | C] () -- C:\Users\Johanna\Desktop\~$ psychische Obsoleszenz.odt [2012.10.19 15:01:34 | 000,014,122 | ---- | C] () -- C:\Users\Johanna\Desktop\DA psychische Obsoleszenz.odt [2012.10.19 15:01:34 | 000,000,000 | ---- | C] () -- C:\Users\Johanna\Desktop\DA psychische Obsoleszenz2.odt [2012.10.19 14:53:59 | 000,006,200 | ---- | C] () -- C:\Windows\SysWow64\INT13EXT.VXD [2012.10.19 14:53:58 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk [2012.10.19 13:42:50 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.17 13:12:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf [2012.10.17 13:06:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf [2012.10.17 13:06:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf [2012.10.17 13:05:33 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.03.27 16:38:39 | 000,870,683 | ---- | C] () -- C:\Windows\PlagiarismFinder 2.0 Uninstaller.exe [2012.03.10 11:31:46 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.01.24 22:34:26 | 000,001,514 | ---- | C] () -- C:\Users\Johanna\.recently-used.xbel [2012.01.18 15:33:29 | 000,011,442 | ---- | C] () -- C:\Users\Johanna\gsview64.ini [2012.01.16 12:32:03 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2011.12.10 21:35:47 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011.11.22 23:50:05 | 000,003,584 | ---- | C] () -- C:\Users\Johanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.20 18:29:59 | 000,000,000 | ---- | C] () -- C:\Users\Johanna\AppData\Roaming\chrtmp [2011.11.19 13:27:52 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2011.11.19 13:19:38 | 000,000,008 | ---- | C] () -- C:\Users\Johanna\AppData\Roaming\benibelawordCount.usage [2011.06.24 12:38:34 | 000,353,280 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll [2011.06.24 12:38:34 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll [2005.04.08 03:16:43 | 005,193,498 | -H-- | C] () -- C:\Users\Johanna\AppData\Roaming\Johannalog.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.05.20 09:27:33 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\.purple [2012.05.06 07:04:58 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\calibre [2012.05.20 09:27:45 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Dropbox [2012.05.05 14:06:58 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Fujitsu [2012.04.03 02:15:18 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\HTC [2012.05.06 07:42:19 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012.05.06 07:08:10 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Philips-Songbird [2012.05.06 07:10:49 | 000,000,000 | ---D | M] -- C:\Users\Anna\AppData\Roaming\Rovio [2012.11.14 22:48:11 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\.purple [2012.03.09 17:32:11 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\adma [2011.11.19 13:19:38 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\benibela [2012.11.01 12:30:03 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Bildverkleinerer [2012.01.16 12:32:54 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\CAD-KAS [2012.04.01 11:52:50 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\calibre [2011.12.10 22:03:25 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.02.05 18:21:43 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\DAEMON Tools Lite [2012.01.16 12:22:25 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Downloaded Installations [2012.11.14 10:08:00 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Dropbox [2012.01.15 14:29:13 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\DVDVideoSoft [2011.12.07 16:37:15 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers [2012.03.13 20:13:04 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\FileZilla [2011.11.10 12:01:21 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Fujitsu [2012.10.26 09:32:24 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\GHISLER [2012.01.24 22:34:26 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\gtk-2.0 [2011.11.24 17:49:34 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\HTC [2012.11.06 11:24:16 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\install [2012.01.02 11:55:03 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\MAGIX [2012.10.26 09:30:43 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\namexif [2012.03.09 18:04:04 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Nitro PDF [2011.12.18 11:51:48 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PDAppFlex [2012.03.04 21:02:38 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PDF Writer [2012.01.24 17:56:00 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Philips-Songbird [2012.10.25 23:01:52 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PhotoScape [2012.03.27 16:38:44 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PlagiarismFinder [2012.03.16 22:37:10 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\QuickScan [2012.01.06 14:20:06 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Rovio [2011.11.27 12:24:44 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\SnapTeam [2011.11.10 15:34:00 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Thunderbird [2012.01.17 10:52:01 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\TrainIt ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.10.14 23:07:19 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.11.06 13:08:54 | 000,000,000 | ---D | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.11.10 11:40:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.11.10 11:48:50 | 000,000,000 | ---D | M] -- C:\Intel [2011.11.14 22:35:44 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.06 21:41:52 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.12 21:54:20 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.11.06 11:11:35 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.11.10 11:40:41 | 000,000,000 | -HSD | M] -- C:\Programme [2011.11.20 16:53:04 | 000,000,000 | ---D | M] -- C:\Python26 [2011.11.20 17:02:16 | 000,000,000 | ---D | M] -- C:\Python27 [2011.11.10 11:40:41 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.11.24 21:40:02 | 000,000,000 | ---D | M] -- C:\sdk [2012.11.14 22:53:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.10.26 09:32:55 | 000,000,000 | ---D | M] -- C:\totalcmd [2012.04.03 02:13:46 | 000,000,000 | R--D | M] -- C:\Users [2012.11.14 10:06:22 | 000,000,000 | ---D | M] -- C:\Windows < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.11.14 22:48:11 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\.purple [2012.03.09 17:32:11 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\adma [2011.12.18 11:56:32 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Adobe [2012.10.19 13:55:19 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Avira [2011.11.19 13:19:38 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\benibela [2012.11.01 12:30:03 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Bildverkleinerer [2012.01.16 12:32:54 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\CAD-KAS [2012.04.01 11:52:50 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\calibre [2011.12.10 22:03:25 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.02.05 18:21:43 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\DAEMON Tools Lite [2012.01.16 12:22:25 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Downloaded Installations [2012.11.14 10:08:00 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Dropbox [2012.11.12 15:11:49 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\dvdcss [2012.01.15 14:29:13 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\DVDVideoSoft [2011.12.07 16:37:15 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers [2012.03.13 20:13:04 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\FileZilla [2011.11.10 12:01:21 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Fujitsu [2012.10.26 09:32:24 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\GHISLER [2012.01.24 22:34:26 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\gtk-2.0 [2011.11.24 17:49:34 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\HTC [2011.11.10 11:40:55 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Identities [2012.11.06 11:24:16 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\install [2011.11.10 14:18:27 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Macromedia [2012.01.02 11:55:03 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\MAGIX [2012.11.06 11:11:47 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Malwarebytes [2011.04.12 08:54:56 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Media Center Programs [2012.03.04 15:58:07 | 000,000,000 | --SD | M] -- C:\Users\Johanna\AppData\Roaming\Microsoft [2012.11.01 10:42:02 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Mozilla [2012.10.26 09:30:43 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\namexif [2012.03.09 18:04:04 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Nitro PDF [2011.12.18 11:51:48 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PDAppFlex [2012.03.04 21:02:38 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PDF Writer [2012.01.24 17:56:00 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Philips-Songbird [2012.10.25 23:01:52 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PhotoScape [2012.03.27 16:38:44 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\PlagiarismFinder [2012.03.16 22:37:10 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\QuickScan [2012.10.22 08:43:09 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Real [2012.01.06 14:20:06 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Rovio [2011.11.27 12:24:44 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\SnapTeam [2011.11.10 15:34:00 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\Thunderbird [2012.01.17 10:52:01 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\TrainIt [2012.11.12 19:31:58 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\vlc [2011.11.13 18:55:28 | 000,000,000 | ---D | M] -- C:\Users\Johanna\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.05.24 19:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Johanna\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.05.24 19:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Uninstall.exe [2011.11.24 17:46:37 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Johanna\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.11.20 15:52:19 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Johanna\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe < %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles > < %SYSTEMROOT%\System32\config\*.sav > < %SYSTEMROOT%\*. /mp /s > < %SYSTEMROOT%\system32\*.dll /lockedfiles > [2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll < > [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.03.16 08:09:24 | 000,001,076 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000Core.job [2012.03.16 08:09:24 | 000,001,128 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000UA.job [2012.03.29 20:37:50 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.10.05 17:35:06 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000Core.job [2012.10.05 17:35:07 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000UA.job < End of report > |
|
14.11.2012, 23:30
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner e621ca05Code:
ATTFilter 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{315BF060-8F0E-4CE1-8E4A-12D68A3418A9}: DhcpNameServer = 83.169.184.161 83.169.184.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39106C85-56AD-4448-A429-DB2D0B2268AB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEAD2434-03C8-487F-A89B-C482A173740A}: DhcpNameServer = 192.168.42.129
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.11.2012, 23:42
| #9 |
| | Verschlüsselungstrojaner e621ca05 Nein das ist mein privater Laptop. Eine is von Zuhause, eins über Android und eins von ner Freundin Geändert von TschaeiBie (15.11.2012 um 00:08 Uhr) |
|
15.11.2012, 16:49
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner e621ca05 Bitte mach ein Log mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.11.2012, 20:26
| #11 |
| | Verschlüsselungstrojaner e621ca05 Hatte beim Ausführen des Programms das Problem das Avira trotz dem das es deaktiviert ist die Meldung "Echtzeit-Scanner: Registry blockiert, Der Administrator hat per Sicherheitsrichtlinie den Zugriff auf die Registry blockiert." gebracht hat. Hab das dann ignoriert und alles in ruhe gelassen. Hier der Log [code] Combofix Logfile: Code:
ATTFilter ComboFix 12-11-15.01 - Johanna 15.11.2012 20:03:17.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3893.2739 [GMT 1:00]
ausgeführt von:: c:\users\Johanna\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Johanna\AppData\Roaming\Johannalog.dat
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-10-15 bis 2012-11-15 ))))))))))))))))))))))))))))))
.
.
2012-11-15 19:13 . 2012-11-15 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-15 19:13 . 2012-11-15 19:13 -------- d-----w- c:\users\Anna\AppData\Local\temp
2012-11-14 22:36 . 2012-11-14 22:36 -------- d-----w- c:\users\Johanna\AppData\Roaming\e-academy Inc
2012-11-14 22:36 . 2012-11-14 22:36 -------- d-----w- c:\users\Johanna\AppData\Local\e-academy Inc
2012-11-08 17:05 . 2012-11-15 18:13 -------- d-----w- c:\users\Johanna\AppData\Roaming\dvdcss
2012-11-06 20:41 . 2012-11-12 19:57 -------- d-----w- c:\program files\Recuva
2012-11-06 11:14 . 2012-11-06 11:14 -------- d-----w- c:\program files\OO Software
2012-11-06 11:13 . 2012-11-06 11:13 -------- d-----w- c:\windows\Downloaded Installations
2012-11-06 10:11 . 2012-11-06 10:11 -------- d-----w- c:\users\Johanna\AppData\Roaming\Malwarebytes
2012-11-06 10:11 . 2012-11-06 10:11 -------- d-----w- c:\programdata\Malwarebytes
2012-11-06 10:11 . 2012-11-06 10:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-06 10:11 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-06 09:47 . 2012-11-06 09:47 -------- d-----w- c:\programdata\Panda Security
2012-11-06 09:46 . 2012-11-06 09:48 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2012-11-03 09:34 . 2012-11-03 09:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-01 11:30 . 2012-11-01 11:30 -------- d-----w- c:\users\Johanna\AppData\Roaming\Bildverkleinerer
2012-10-26 08:32 . 2012-10-26 08:32 -------- d-----w- C:\totalcmd
2012-10-26 08:32 . 2012-10-26 08:32 -------- d-----w- c:\users\Johanna\AppData\Roaming\GHISLER
2012-10-26 08:29 . 2012-10-26 08:30 -------- d-----w- c:\users\Johanna\AppData\Roaming\namexif
2012-10-26 08:29 . 2012-10-26 08:29 -------- d-----w- c:\program files (x86)\Namexif
2012-10-25 22:01 . 2012-10-25 22:01 -------- d-----w- c:\users\Johanna\AppData\Roaming\PhotoScape
2012-10-25 21:41 . 2012-10-25 21:42 -------- d-----w- c:\program files (x86)\PhotoScape
2012-10-22 07:39 . 2012-10-22 07:39 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-10-22 07:39 . 2012-10-22 07:40 -------- d-----w- c:\program files (x86)\Real
2012-10-19 14:12 . 2012-10-19 14:24 -------- d-----w- c:\program files (x86)\Unlocker
2012-10-19 13:53 . 2002-02-18 16:40 6200 ----a-w- c:\windows\SysWow64\INT13EXT.VXD
2012-10-19 13:53 . 2012-10-19 13:53 -------- d-----w- c:\program files (x86)\PC Inspector File Recovery
2012-10-19 13:52 . 2002-12-05 12:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-10-19 13:52 . 2002-12-05 12:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-10-19 13:52 . 2002-12-02 13:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-10-19 13:52 . 2002-12-02 11:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-10-19 13:52 . 2002-12-02 11:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-10-19 13:52 . 2012-10-19 13:52 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-10-19 13:52 . 2012-10-19 13:52 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-10-19 12:55 . 2012-10-19 12:55 -------- d-----w- c:\users\Johanna\AppData\Roaming\Avira
2012-10-19 12:42 . 2012-11-13 17:34 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-19 12:42 . 2012-11-13 17:34 98888 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-19 12:42 . 2012-09-24 07:58 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-10-19 12:42 . 2012-10-19 12:42 -------- d-----w- c:\programdata\Avira
2012-10-19 12:42 . 2012-10-19 12:42 -------- d-----w- c:\program files (x86)\Avira
2012-10-17 23:25 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CDFDFB0A-D44F-4A43-9DC6-840FA029ADF2}\mpengine.dll
2012-10-17 17:27 . 2012-10-17 17:30 -------- d-----w- c:\windows\rescache
2012-10-17 12:12 . 2012-10-17 12:12 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2012-10-17 12:05 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-10-17 12:05 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-10-17 12:05 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-10-17 12:05 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 07:39 . 2010-10-25 14:13 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-10-22 07:39 . 2010-10-25 14:13 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-10-12 14:35 . 2012-10-12 14:35 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-10-12 14:35 . 2012-10-12 14:35 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-10-12 14:35 . 2012-10-12 14:35 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-10-12 14:35 . 2012-10-12 14:35 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-10-12 14:35 . 2012-10-12 14:35 50856 ----a-w- c:\windows\system32\drivers\point64.sys
2012-10-12 14:35 . 2012-10-12 14:35 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-10-12 14:35 . 2012-10-12 14:35 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-10-09 19:38 . 2012-03-29 19:37 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 19:38 . 2011-11-10 13:18 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 19:38 . 2012-10-09 19:38 10220472 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-09 18:31 . 2012-10-09 18:31 75928 ----a-w- c:\windows\system32\drivers\dc3d.sys
2012-10-09 18:31 . 2012-10-09 18:31 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2012-09-28 20:32 . 2012-09-28 20:32 2177688 ----a-w- c:\windows\system32\coin92.dll
2012-09-24 14:32 . 2012-10-12 13:17 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 14:32 . 2011-11-10 14:10 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-14 19:19 . 2012-10-10 18:21 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 18:21 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 18:22 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 18:21 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 18:21 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 18:21 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 18:22 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 18:22 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-10-03 20:42 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-10-03 20:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-10-03 20:43 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-10-03 20:43 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-10-03 20:43 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-10-03 20:43 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-10-03 20:43 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-10-03 20:43 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-10-03 20:43 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-10-03 20:43 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-10-03 20:43 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-10-03 20:43 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-10-03 20:43 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-10-03 20:43 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-10-03 20:43 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-10-03 20:43 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-10-03 20:43 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-10-03 20:43 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-10-03 20:43 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-10-03 20:43 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-10-03 20:43 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-10-03 20:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-10-03 15:17 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-10-03 15:18 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-10-03 15:17 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-10-03 15:17 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-10-03 15:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 18:48 . 2012-10-10 18:22 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 18:22 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 18:22 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 18:22 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 18:22 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 18:22 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 18:22 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 18:22 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 18:22 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 18:22 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 18:22 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 18:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 18:22 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 18:22 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 18:22 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 18:22 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 18:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 18:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 18:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 18:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 18:22 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 18:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2012-09-21 10855544]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-03-09 5934712]
"Facebook Update"="c:\users\Johanna\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-05 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IndicatorUtility"="c:\program files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-09 47976]
"LoadFUJ02E3"="c:\program files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-10-08 36712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"DXM6Patch_981116"="c:\windows\p_981116.exe" [1998-11-30 497376]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-05-12 593920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Philips Device Listener"="c:\program files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2011-01-25 380416]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-11-13 384800]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-10-22 296096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Diplomarbeit - Verknüpfung.lnk - e:\dokumente\Diplomarbeit [N/A]
Dropbox.lnk - c:\users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Mozilla Firefox.lnk - c:\program files (x86)\Mozilla Firefox\firefox.exe [2012-10-29 917984]
Pidgin.lnk - c:\program files (x86)\Pidgin\pidgin.exe [2011-8-20 48618]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-19 279616]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-30 84256]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-01-16 343032]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-05-04 81408]
S2 PFNService;PFNService;c:\program files\Fujitsu\Plugfree NETWORK\PFNService.exe [2010-06-23 330240]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2009-07-30 63336]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-01 2314240]
S2 VFPRadioSupportService;Unterstützung für Bluetooth-Funktionen;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-12-24 145840]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-10-09 75928]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 7296]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-11-01 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-27 244736]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-10-12 50856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 19:38]
.
2012-11-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000Core.job
- c:\users\Johanna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-05 16:34]
.
2012-11-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000UA.job
- c:\users\Johanna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-05 16:34]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000Core.job
- c:\users\Johanna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-16 07:09]
.
2012-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000UA.job
- c:\users\Johanna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-16 07:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Johanna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-09-21 17:40 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-09-21 17:40 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-09-21 17:40 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-09-21 17:40 480888 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-12 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-12 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-12 410136]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-15 157544]
"LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-15 35176]
"PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2009-07-30 188264]
"PfNet"="c:\program files\Fujitsu\Plugfree NETWORK\PfNet.exe" [2010-06-23 6310912]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 164712]
"ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-12-24 535440]
"CSRSkype"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe" [2009-12-24 431504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"CSRBIP"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe" [2009-12-24 419752]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-27 8312352]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube to MP3 Converter - c:\users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\1738n59o.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://www.arccosine.com/search.php?q=
FF - prefs.js: network.proxy.ftp - proxy.fh-landshut.de
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - proxy.fh-landshut.de
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.fh-landshut.de
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.fh-landshut.de
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-05 14:17; en-GB@dictionaries.addons.mozilla.org; c:\users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\1738n59o.default\extensions\en-GB@dictionaries.addons.mozilla.org
FF - ExtSQL: 2012-10-05 14:17; next@scribefire.com; c:\users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\1738n59o.default\extensions\next@scribefire.com.xpi
FF - ExtSQL: 2012-10-05 14:17; {F807FACD-E46A-4793-B345-D58CB177673C}; c:\users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\1738n59o.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}.xpi
FF - ExtSQL: 2012-10-06 04:24; foxyproxy@eric.h.jung; c:\users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\1738n59o.default\extensions\foxyproxy@eric.h.jung
FF - ExtSQL: 2012-10-12 15:17; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-22 09:39; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - ExtSQL: 2012-10-30 23:37; {76C80A11-FAD4-406c-8246-F5ED4F9367B5}; c:\users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\1738n59o.default\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}.xpi
FF - ExtSQL: 2012-11-03 10:31; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Catan - c:\windows\IsUn0407.exe
AddRemove-FoxTab PDF Converter - c:\progra~2\FOXTAB~1\Uninstall\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.aac"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.cda"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.flac"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.m4a"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.mp3"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.mp4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.ogg"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.wav"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="MUFIN_PLAYER_2_5_D.wma"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-15 20:20:47
ComboFix-quarantined-files.txt 2012-11-15 19:20
.
Vor Suchlauf: 2.520.444.928 Bytes frei
Nach Suchlauf: 2.829.471.744 Bytes frei
.
- - End Of File - - A4D13B88C730C9584A1E62D8B04FAA12
|
|
15.11.2012, 22:45
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner e621ca05 adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.11.2012, 12:21
| #13 |
| | Verschlüsselungstrojaner e621ca05Code:
ATTFilter # AdwCleaner v2.007 - Datei am 16/11/2012 um 12:20:12 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Johanna - EMIL
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Johanna\Desktop\adwcleaner(1).exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\1738n59o.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\8ck5kwpk.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [14357 octets] - [12/11/2012 21:53:35]
AdwCleaner[R2].txt - [957 octets] - [16/11/2012 12:20:12]
AdwCleaner[S1].txt - [14359 octets] - [12/11/2012 21:54:15]
########## EOF - C:\AdwCleaner[R2].txt - [1077 octets] ##########
|
|
16.11.2012, 14:09
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Verschlüsselungstrojaner e621ca05 Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.11.2012, 15:54
| #15 |
| | Verschlüsselungstrojaner e621ca05 OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.11.2012 15:31:42 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Johanna\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 22,44% Memory free 7,60 Gb Paging File | 3,21 Gb Available in Paging File | 42,19% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,73 Gb Total Space | 2,75 Gb Free Space | 5,64% Space Free | Partition Type: NTFS Drive E: | 416,93 Gb Total Space | 319,61 Gb Free Space | 76,66% Space Free | Partition Type: NTFS Drive F: | 153,38 Gb Total Space | 26,53 Gb Free Space | 17,29% Space Free | Partition Type: NTFS Drive I: | 465,64 Gb Total Space | 228,71 Gb Free Space | 49,12% Space Free | Partition Type: FAT32 Drive J: | 465,76 Gb Total Space | 448,98 Gb Free Space | 96,40% Space Free | Partition Type: NTFS Drive K: | 14,83 Gb Total Space | 6,49 Gb Free Space | 43,78% Space Free | Partition Type: FAT32 Drive L: | 3,72 Gb Total Space | 2,49 Gb Free Space | 67,04% Space Free | Partition Type: FAT32 Drive M: | 931,51 Gb Total Space | 61,31 Gb Free Space | 6,58% Space Free | Partition Type: NTFS Drive N: | 931,51 Gb Total Space | 399,60 Gb Free Space | 42,90% Space Free | Partition Type: NTFS Computer Name: EMIL | User Name: Johanna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Users\Johanna\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Johanna\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google) PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\Users\Johanna\AppData\Local\e-academy Inc\SecureDownloadManager\SecureDownloadManager.exe (Kivuto Solutions Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.) PRC - C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () PRC - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) PRC - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll () MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll () MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll () MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libgio-2.0-0.dll () MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll () MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll () MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll () MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll () MOD - C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL () MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_de\PDFMaker\PDFMOfficeAddin.DEU () MOD - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu () MOD - C:\Program Files (x86)\Pidgin\libjabber.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\libmsn.dll () MOD - C:\Program Files (x86)\Pidgin\liboscar.dll () MOD - C:\Program Files (x86)\Pidgin\libymsg.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\libgg.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\libsilc.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\libmxit.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\libsametime.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\libnovell.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\libirc.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\spellchk.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\libsimple.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\log_reader.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\themeedit.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\ticker.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\winprefs.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\notify.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\convcolors.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\markerline.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\timestamp.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\history.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\idle.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\joinpart.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\libicq.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\extplacement.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\statenotify.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\libaim.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\relnot.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\psychic.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\newline.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\iconaway.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\buddynote.dll () MOD - C:\Program Files (x86)\Pidgin\plugins\ssl.dll () MOD - C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll () MOD - C:\Program Files (x86)\Pidgin\libsilcclient-1-1-2.dll () MOD - C:\Program Files (x86)\Pidgin\exchndl.dll () MOD - C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll () MOD - C:\Program Files (x86)\Pidgin\sqlite3.dll () MOD - C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll () MOD - C:\Program Files (x86)\Pidgin\libxml2-2.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll () MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll () MOD - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Unlocker\UnlockerHook.dll () MOD - C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe () MOD - C:\Program Files (x86)\Pidgin\libjson-glib-1.0.dll () ========== Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (NitroReaderDriverReadSpool2) -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (PFNService) -- C:\Programme\Fujitsu\Plugfree NETWORK\PFNService.exe (FUJITSU LIMITED) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (VFPRadioSupportService) -- C:\Programme\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe (CSR, plc) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (PowerSavingUtilityService) -- C:\Programme\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (FUJ02E3) -- C:\Windows\SysNative\drivers\fuj02e3.sys (FUJITSU LIMITED) DRV:64bit: - (FUJ02B1) -- C:\Windows\SysNative\drivers\fuj02b1.sys (FUJITSU LIMITED) DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (GEARAspiWDM) -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\..\SearchScopes\{0F67909D-4634-4BFB-A465-9CA9BEE6B796}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/" FF - prefs.js..extensions.enabledAddons: amznUWL2@amazon.com:1.10 FF - prefs.js..extensions.enabledAddons: de_DE@dicts.j3e.de:20120628 FF - prefs.js..extensions.enabledAddons: en-GB@dictionaries.addons.mozilla.org:1.19.1 FF - prefs.js..extensions.enabledAddons: foxyproxy@eric.h.jung:4.0.2 FF - prefs.js..extensions.enabledAddons: next@scribefire.com:4.0 FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3 FF - prefs.js..extensions.enabledAddons: {15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}:1.0.5 FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1 FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8 FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3 FF - prefs.js..extensions.enabledAddons: {F807FACD-E46A-4793-B345-D58CB177673C}:4.0.0.1 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4 FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: {76C80A11-FAD4-406c-8246-F5ED4F9367B5}:0.1.7 FF - prefs.js..keyword.URL: "hxxp://www.arccosine.com/search.php?q=" FF - prefs.js..network.proxy.backup.ftp: "proxy.fh-landshut.de" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.socks: "proxy.fh-landshut.de" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "proxy.fh-landshut.de" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "proxy.fh-landshut.de" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.http: "proxy.fh-landshut.de" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "proxy.fh-landshut.de" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "proxy.fh-landshut.de" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Johanna\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Johanna\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Johanna\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Johanna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Johanna\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.12.24 09:25:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.22 08:39:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 17:34:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.10.12 00:55:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 17:34:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.24 17:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Extensions [2012.01.24 17:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [2012.11.12 21:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions [2012.10.05 13:17:32 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2012.10.19 13:38:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.12.07 16:37:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.10.05 13:17:07 | 000,000,000 | ---D | M] (Wörterbuch Deutsch (de-DE), Hunspell-unterstützt) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\de_DE@dicts.j3e.de [2012.10.05 13:17:07 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\en-GB@dictionaries.addons.mozilla.org [2012.10.14 23:01:39 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Johanna\AppData\Roaming\mozilla\Firefox\Profiles\1738n59o.default\extensions\foxyproxy@eric.h.jung [2012.10.05 13:17:06 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\amznUWL2@amazon.com.xpi [2012.10.03 15:20:56 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\extension@ciuvo.com.xpi [2012.10.18 11:02:41 | 000,215,605 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\fbdislike@doweb.fr.xpi [2012.10.05 13:17:29 | 000,580,931 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\next@scribefire.com.xpi [2011.11.10 14:52:57 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\personas@christopher.beard.xpi [2012.10.25 21:44:20 | 000,431,213 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\shoppingassist@ookong.com.xpi [2012.10.17 11:02:40 | 000,071,037 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\SkipScreen@SkipScreen.xpi [2012.03.16 19:03:45 | 000,023,334 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\trustmyweb.addons.firefox@hotmail.com.xpi [2011.12.07 16:32:53 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\youtube2mp3@mondayx.de.xpi [2012.03.16 18:58:25 | 000,035,923 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi [2011.11.10 14:50:54 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2011.11.12 12:14:35 | 000,162,610 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{45e16761-660c-41a4-984f-56986fba2137}.xpi [2012.10.30 23:37:05 | 000,009,664 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}.xpi [2012.10.03 15:21:04 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.05 13:17:34 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012.10.19 13:38:54 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.10.05 13:17:41 | 000,529,750 | ---- | M] () (No name found) -- C:\Users\Johanna\AppData\Roaming\mozilla\firefox\profiles\1738n59o.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}.xpi [2012.11.12 21:54:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.29 17:34:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.11.03 10:31:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.10.22 08:39:47 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2012.10.29 17:34:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.18 09:05:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.09 18:01:50 | 000,005,142 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\arccosine.xml [2012.10.18 09:05:59 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.18 09:05:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.18 09:05:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.18 09:05:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.18 09:05:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.11.15 20:15:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc) O4:64bit: - HKLM..\Run: [CSRBIP] C:\Programme\CSR\Bluetooth Feature Pack 5.0\CSRBipPushResponder.exe (CSR, plc) O4:64bit: - HKLM..\Run: [CSRSkype] C:\Programme\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc) O4:64bit: - HKLM..\Run: [FDM7] C:\Programme\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PfNet] C:\Program Files\Fujitsu\Plugfree NETWORK\PfNet.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [PSUTility] C:\Programme\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DXM6Patch_981116] C:\Windows\p_981116.exe (Microsoft Corporation) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe () O4 - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000..\Run: [Facebook Update] C:\Users\Johanna\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.) O4 - Startup: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Diplomarbeit - Verknüpfung.lnk = File not found O4 - Startup: C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Johanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Johanna\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{315BF060-8F0E-4CE1-8E4A-12D68A3418A9}: DhcpNameServer = 83.169.184.161 83.169.184.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39106C85-56AD-4448-A429-DB2D0B2268AB}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEAD2434-03C8-487F-A89B-C482A173740A}: DhcpNameServer = 192.168.42.129 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.16 11:02:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.11.15 20:20:50 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.11.15 20:00:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.11.15 20:00:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.11.15 20:00:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.11.15 20:00:01 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.11.15 19:59:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.11.15 19:58:45 | 005,001,745 | R--- | C] (Swearware) -- C:\Users\Johanna\Desktop\ComboFix.exe [2012.11.14 23:37:08 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Downloads [2012.11.14 23:36:31 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\e-academy Inc [2012.11.14 23:36:31 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Local\e-academy Inc [2012.11.14 21:59:04 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Johanna\Desktop\tdsskiller.exe [2012.11.14 21:50:30 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Johanna\Desktop\aswMBR.exe [2012.11.14 19:47:51 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\logs [2012.11.12 22:34:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe [2012.11.09 12:20:02 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\Kontoauszüge [2012.11.08 18:05:38 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\dvdcss [2012.11.06 21:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva [2012.11.06 21:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2012.11.06 13:08:54 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.11.06 12:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O&O Software [2012.11.06 12:14:15 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software [2012.11.06 12:13:10 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations [2012.11.06 11:11:47 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Malwarebytes [2012.11.06 11:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.06 11:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.06 11:11:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.06 11:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.06 10:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2012.11.06 10:46:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine [2012.11.06 10:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security [2012.11.03 10:34:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.11.03 10:31:33 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2012.11.03 10:31:33 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2012.11.03 10:31:33 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2012.11.01 12:30:03 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Bildverkleinerer [2012.10.30 18:57:50 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\Job hunt [2012.10.29 17:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.26 09:32:24 | 000,000,000 | ---D | C] -- C:\totalcmd [2012.10.26 09:32:24 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander [2012.10.26 09:32:24 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\GHISLER [2012.10.26 09:29:11 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\namexif [2012.10.26 09:29:09 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Namexif [2012.10.26 09:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Namexif [2012.10.26 09:29:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Namexif [2012.10.25 23:01:20 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\PhotoScape [2012.10.25 22:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape [2012.10.25 22:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape [2012.10.25 22:40:38 | 018,376,624 | ---- | C] (Mooii) -- C:\Users\Johanna\Desktop\PhotoScape_V3.6.2.exe [2012.10.25 21:54:11 | 000,000,000 | ---D | C] -- C:\Users\Johanna\Desktop\rtw präsi [2012.10.22 08:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2012.10.22 08:39:38 | 000,198,864 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2012.10.22 08:39:26 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2012.10.22 08:39:26 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2012.10.22 08:39:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2012.10.22 08:39:24 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012.10.22 08:39:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real [2012.10.22 08:39:06 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Real [2012.10.22 08:36:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2012.10.19 15:12:15 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker [2012.10.19 15:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker [2012.10.19 14:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Inspector File Recovery [2012.10.19 14:53:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Inspector File Recovery [2012.10.19 13:55:19 | 000,000,000 | ---D | C] -- C:\Users\Johanna\AppData\Roaming\Avira [2012.10.19 13:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.19 13:42:44 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.10.19 13:42:44 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.10.19 13:42:44 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.10.19 13:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.19 13:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.10.17 18:27:29 | 000,000,000 | ---D | C] -- C:\Windows\rescache ========== Files - Modified Within 30 Days ========== [2012.11.16 15:40:04 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000UA.job [2012.11.16 15:38:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.16 15:33:16 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.16 15:33:16 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.16 15:33:16 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.16 15:33:16 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.16 15:33:16 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.16 14:41:01 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000UA.job [2012.11.16 12:17:34 | 000,541,569 | ---- | M] () -- C:\Users\Johanna\Desktop\adwcleaner(1).exe [2012.11.16 11:02:55 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib [2012.11.16 11:02:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.16 09:01:05 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.16 09:01:05 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.16 08:53:31 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys [2012.11.15 20:15:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.11.15 19:53:42 | 005,001,745 | R--- | M] (Swearware) -- C:\Users\Johanna\Desktop\ComboFix.exe [2012.11.15 19:41:01 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000Core.job [2012.11.15 18:40:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2854343380-3227922997-4001857733-1000Core.job [2012.11.15 00:02:11 | 000,026,335 | ---- | M] () -- C:\Users\Johanna\Desktop\Unbenannt.PNG [2012.11.14 23:36:31 | 000,003,153 | ---- | M] () -- C:\Users\Johanna\Desktop\Secure Download Manager.lnk [2012.11.14 21:56:52 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Johanna\Desktop\tdsskiller.exe [2012.11.14 21:50:54 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Johanna\Desktop\aswMBR.exe [2012.11.13 18:34:40 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.13 18:34:39 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.12 22:33:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johanna\Desktop\OTL.exe [2012.11.12 22:32:49 | 000,000,168 | ---- | M] () -- C:\Users\Johanna\defogger_reenable [2012.11.12 22:31:37 | 000,050,477 | ---- | M] () -- C:\Users\Johanna\Desktop\Defogger.exe [2012.11.06 21:41:53 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk [2012.11.06 21:40:42 | 010,797,876 | ---- | M] () -- C:\Users\Johanna\Desktop\m,..drd [2012.11.06 11:13:43 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.26 09:29:10 | 000,000,995 | ---- | M] () -- C:\Users\Johanna\Desktop\Namexif.lnk [2012.10.25 22:42:05 | 000,001,035 | ---- | M] () -- C:\Users\Johanna\Desktop\PhotoScape.lnk [2012.10.25 22:41:29 | 018,376,624 | ---- | M] (Mooii) -- C:\Users\Johanna\Desktop\PhotoScape_V3.6.2.exe [2012.10.22 08:40:15 | 000,001,268 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012.10.22 08:39:38 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2012.10.22 08:39:26 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2012.10.22 08:39:26 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2012.10.22 08:39:24 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012.10.19 15:01:37 | 000,000,162 | -H-- | M] () -- C:\Users\Johanna\Desktop\~$ psychische Obsoleszenz.odt [2012.10.19 14:53:58 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk [2012.10.19 13:42:50 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk ========== Files Created - No Company Name ========== [2012.11.16 12:17:59 | 000,541,569 | ---- | C] () -- C:\Users\Johanna\Desktop\adwcleaner(1).exe [2012.11.15 20:00:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.11.15 20:00:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.11.15 20:00:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.11.15 20:00:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.11.15 20:00:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.11.15 00:01:18 | 000,026,335 | ---- | C] () -- C:\Users\Johanna\Desktop\Unbenannt.PNG [2012.11.14 23:36:31 | 000,003,153 | ---- | C] () -- C:\Users\Johanna\Desktop\Secure Download Manager.lnk [2012.11.12 22:34:20 | 000,050,477 | ---- | C] () -- C:\Users\Johanna\Desktop\Defogger.exe [2012.11.12 22:32:49 | 000,000,168 | ---- | C] () -- C:\Users\Johanna\defogger_reenable [2012.11.06 21:41:53 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk [2012.11.06 21:40:39 | 010,797,876 | ---- | C] () -- C:\Users\Johanna\Desktop\m,..drd [2012.11.06 11:11:35 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.26 09:29:10 | 000,000,995 | ---- | C] () -- C:\Users\Johanna\Desktop\Namexif.lnk [2012.10.25 22:42:05 | 000,001,035 | ---- | C] () -- C:\Users\Johanna\Desktop\PhotoScape.lnk [2012.10.22 08:40:15 | 000,001,268 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012.10.19 15:01:37 | 000,000,162 | -H-- | C] () -- C:\Users\Johanna\Desktop\~$ psychische Obsoleszenz.odt [2012.10.19 15:01:34 | 000,014,122 | ---- | C] () -- C:\Users\Johanna\Desktop\DA psychische Obsoleszenz.odt [2012.10.19 15:01:34 | 000,000,000 | ---- | C] () -- C:\Users\Johanna\Desktop\DA psychische Obsoleszenz2.odt [2012.10.19 14:53:59 | 000,006,200 | ---- | C] () -- C:\Windows\SysWow64\INT13EXT.VXD [2012.10.19 14:53:58 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk [2012.10.19 13:42:50 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.03.27 16:38:39 | 000,870,683 | ---- | C] () -- C:\Windows\PlagiarismFinder 2.0 Uninstaller.exe [2012.03.10 11:31:46 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.01.24 22:34:26 | 000,001,514 | ---- | C] () -- C:\Users\Johanna\.recently-used.xbel [2012.01.18 15:33:29 | 000,011,442 | ---- | C] () -- C:\Users\Johanna\gsview64.ini [2012.01.16 12:32:03 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2011.12.10 21:35:47 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011.11.22 23:50:05 | 000,003,584 | ---- | C] () -- C:\Users\Johanna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.20 18:29:59 | 000,000,000 | ---- | C] () -- C:\Users\Johanna\AppData\Roaming\chrtmp [2011.11.19 13:27:52 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2011.11.19 13:19:38 | 000,000,008 | ---- | C] () -- C:\Users\Johanna\AppData\Roaming\benibelawordCount.usage [2011.06.24 12:38:34 | 000,353,280 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll [2011.06.24 12:38:34 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.11.2012 15:31:43 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Johanna\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 22,44% Memory free
7,60 Gb Paging File | 3,21 Gb Available in Paging File | 42,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,73 Gb Total Space | 2,75 Gb Free Space | 5,64% Space Free | Partition Type: NTFS
Drive E: | 416,93 Gb Total Space | 319,61 Gb Free Space | 76,66% Space Free | Partition Type: NTFS
Drive F: | 153,38 Gb Total Space | 26,53 Gb Free Space | 17,29% Space Free | Partition Type: NTFS
Drive I: | 465,64 Gb Total Space | 228,71 Gb Free Space | 49,12% Space Free | Partition Type: FAT32
Drive J: | 465,76 Gb Total Space | 448,98 Gb Free Space | 96,40% Space Free | Partition Type: NTFS
Drive K: | 14,83 Gb Total Space | 6,49 Gb Free Space | 43,78% Space Free | Partition Type: FAT32
Drive L: | 3,72 Gb Total Space | 2,49 Gb Free Space | 67,04% Space Free | Partition Type: FAT32
Drive M: | 931,51 Gb Total Space | 61,31 Gb Free Space | 6,58% Space Free | Partition Type: NTFS
Drive N: | 931,51 Gb Total Space | 399,60 Gb Free Space | 42,90% Space Free | Partition Type: NTFS
Computer Name: EMIL | User Name: Johanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09548B5D-2BF3-40A4-ADEE-A2BD9E68E532}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{31FEF6BC-B65F-45EA-9A1F-D25AE073A270}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3BC16D89-E76F-4B23-9919-5F33E016FEFC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{42961938-16C3-4A2B-9DCB-BAE4F0C42FFC}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4343256B-3FB4-462F-81E1-11F365B1101E}" = rport=138 | protocol=17 | dir=out | app=system |
"{4B55CCD7-E8FB-47DA-AF91-2DDAE267DA92}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4CADDE23-7A26-4261-AA2B-D531A3406555}" = lport=137 | protocol=17 | dir=in | app=system |
"{4F3A4DC4-5446-4C1A-9146-F0DD21BC3526}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{52F33100-40B8-445C-9A45-F3EFBD47F36D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{58D99A46-8D80-4F64-BF50-50BD7A5C00DE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{62C3FB3F-B337-49BB-8DC6-0F8DC014DAD7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{64888FE0-AB3D-42D8-A91E-8309BE01BDC1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6AEF10E0-9053-40E6-8588-62BD59F6C392}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6E1D9754-C575-4330-959A-F2AA7FF44874}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F9B2AEB-ACE6-4267-950B-A57A16808B4C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81E2D665-2B99-4BC3-84FE-0B17FC74D435}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{85671521-7786-40EA-833C-7D90EB0A2000}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8D4D00D0-B2CE-4001-B12F-2BB605F88BFA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8E08C784-D382-4620-9521-331B0BA44E94}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{92099217-A451-4C16-9FCB-5EB7B737FD32}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3F8B2C9-DF9C-4153-AD85-81E2EF5AAD32}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A4C4B925-C7F2-4781-9007-269711F56783}" = lport=138 | protocol=17 | dir=in | app=system |
"{A4F30C21-7B57-42B3-821D-66119D30CFCA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A5187E1E-4DAE-4E50-AF1F-194227DD9300}" = lport=139 | protocol=6 | dir=in | app=system |
"{AFA7C6D3-6DE2-4EDD-AC7B-96C059874956}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B1C7A11F-6BD8-4F84-AC30-C3E8122CD889}" = lport=445 | protocol=6 | dir=in | app=system |
"{BC0C3649-EFF9-4D32-A54A-3355262F97F3}" = rport=445 | protocol=6 | dir=out | app=system |
"{C49CDD86-C6D7-4272-A648-967D1C059084}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1E14867-AB59-44BE-ACA9-7170645B9FFA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DCBD6D70-3D52-4CC6-969A-1C0F6EA128C7}" = rport=139 | protocol=6 | dir=out | app=system |
"{E17611D4-2AFF-429A-9E8E-CB426A752906}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{062D8D8D-11C1-44A2-A5CB-D7B7FB363C4C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{09A1F54F-35DA-46C4-913B-0D8BD63DDFEB}" = protocol=17 | dir=in | app=c:\users\johanna\appdata\roaming\dropbox\bin\dropbox.exe |
"{169110C2-D944-47FD-AFD8-536C4D289FDC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1AE3A9B9-C835-405A-A758-8EBC05384E59}" = protocol=6 | dir=out | app=system |
"{1C447D06-FA38-400E-9BAC-18BB2C7B7692}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{22A9C294-E5ED-483A-8F1B-E97E0430BCF3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{281D8AB3-00E9-454A-9413-8D5F38D182D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3B29DFA8-D460-49DA-9FF3-4E5F23D5ACBF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4A66869B-AEF4-4CA0-963D-AF633FAC4A01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{534D89DC-669B-4039-B022-3951F14FEBC3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{54D69F8E-DF2E-4A86-B3E2-03E0E21E2EA9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{72909D1E-7187-4CCC-94B2-94D15BB7D8B4}" = protocol=6 | dir=in | app=c:\users\anna\appdata\roaming\dropbox\bin\dropbox.exe |
"{7BCA72CF-DD25-45D2-A300-257F5741A173}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{839BD70B-E8A9-4F30-8FD4-4C0666A13E04}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{904FAFFC-C7AD-48C7-9266-E5FD45CE8F2C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A115562A-1E53-4C6D-AA04-504D5A25534F}" = protocol=6 | dir=in | app=c:\users\johanna\appdata\roaming\dropbox\bin\dropbox.exe |
"{A580D5AC-734E-450D-91D2-2B4D64E698E2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{ABED54FF-EBDD-4159-8A5C-EF6BA1AE17E2}" = dir=in | app=c:\users\johanna\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{AC4B04D3-7D79-4BA6-9CFE-71498AF0A84F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AD9007C0-F123-40C3-826A-8DDDA7F5B336}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AEF174DB-3A85-4BE8-9072-FF78976F2572}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CF004807-07A2-4D07-B2A6-D6322A7811BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D802C877-5E2D-4FC7-92BE-35BA8AA8C1EF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E177F216-58C1-4AF9-9BCB-F3415DA17B97}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F022E531-A159-4867-AC07-00C18CDC68D7}" = protocol=17 | dir=in | app=c:\users\anna\appdata\roaming\dropbox\bin\dropbox.exe |
"{F0FDB36A-BD47-4367-9D7E-1D3CD35A4899}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FFE1E75B-9E1D-4F4E-AD25-38A5B719B02D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{595C33F5-6CFF-4E9A-9580-8CCD56034A6E}C:\users\anna\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\anna\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{5DA6AC45-F5D3-4BF4-9D94-9AB4C4F15A27}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{6410F2D9-7E6C-4410-89A1-06A5A7A1B9BF}C:\users\johanna\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\johanna\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{8423E0F6-2C7E-45B1-9E22-66490534F988}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{CE6EF444-6CA7-44E2-889B-E09342089D33}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{F8B1F721-D59C-4C34-A2CB-103837629201}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{1CB02451-E280-4600-A95C-FFA1812C3279}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{2F6FF1D3-E533-4357-B700-CF45A5FF7ED5}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{80D6E467-3579-4748-A417-127A987FD8C3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{96C70F17-234F-4117-9C4B-481CD6717B4A}C:\users\anna\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\anna\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{C33622A3-E920-4A3E-BBE1-CD1F782E9F6F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{D7259864-4F67-4A1D-9C26-01AA71D27264}C:\users\johanna\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\johanna\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{18E12084-AD08-4E7E-9C01-165CE2C8121B}" = Nitro PDF Reader 2
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{64A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1 (64-bit)
"{663A0073-D1FD-42B8-899F-AA5FA8359704}" = O&O DiskRecovery
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{7BA64D21-EE46-4a9a-8145-52B0175C3F86}" = Plugfree NETWORK
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2F4C332-2359-4ADE-AF0C-C631768BBB89}" = Bluetooth Feature Pack 5.0
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7C6A943-83E0-4E7F-A79A-C5CBAA60B0F5}" = Plugfree NETWORK
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1338
"CCleaner" = CCleaner
"GPL Ghostscript 9.04" = GPL Ghostscript
"GSview 4.9" = GSview 4.9
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"Unlocker" = Unlocker 1.9.1-x64
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{169917C4-4A77-45F4-B20E-860703FD5E6F}" = pdfforge Toolbar v6.5
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{216729B6-014A-F413-814F-F17F74FBA113}_is1" = Google Books Downloader version 1.8
"{23767F5D-A80C-4264-B8EA-ED4085FC332A}" = Adobe Illustrator CS5.1
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2F7D5734-056F-4A0A-A1C7-CA1AAE5BB1EB}" = Angry Birds
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{422EB670-90F6-4332-AEAE-5128AFF84FDD}" = Python 2.7 pycrypto-2.3
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{43ED5430-0652-4216-8B5D-4F82E3AB416F}" = calibre
"{469D0E8F-2B20-47FD-8FB3-8769F348A67F}" = mufin player 2.5
"{49351FE8-DB8F-4C56-9DA6-B2D6CE3F7BF8}" = ActiveState ActivePython 2.7.2.5 (32-bit)
"{4982D16F-7D12-4038-B38D-662623AC3C83}" = HTC Sync
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6BFDC0CD-ADF5-49F6-8A47-3177EF2AE6D2}" = Google Book Downloader
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F365D768-9054-46D3-9AC4-56C163008DFD}" = StudyProf Lernkartei 3.0
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"Catan" = Catan
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneDVD2" = CloneDVD2
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"Digital Editions" = Adobe Digital Editions
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"FileZilla Client" = FileZilla Client 3.5.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{4108974B-DE87-4AD4-9167-930C62C45691}" = Fujitsu Display Manager
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"MAGIX_MSI_mufin_player_2_5" = mufin player 2.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.1 (x86 de)" = Mozilla Thunderbird 16.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF Blender" = PDF Blender
"PDF Editor 3" = PDF Editor 3
"Philips Songbird" = Philips Songbird
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"PlagiarismFinder 2.0" = PlagiarismFinder 2.0
"RealPlayer 15.0" = RealPlayer
"Snap" = Snap (remove only)
"SugarSync" = SugarSync Manager
"TeXstudio_is1" = TeXstudio 2.2
"TrainIt 2.x" = TrainIt 2.x
"Unlocker" = Unlocker 1.9.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2854343380-3227922997-4001857733-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"pdfsam" = pdfsam
"pycrypto-py2.6" = Python 2.6 pycrypto-2.0.1
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.11.2012 16:58:09 | Computer Name = Emil | Source = WinMgmt | ID = 10
Description =
Error - 13.11.2012 07:28:55 | Computer Name = Emil | Source = WinMgmt | ID = 10
Description =
Error - 13.11.2012 09:45:26 | Computer Name = Emil | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Python26\Lib\distutils\command\wininst-8_d.exe".
Die
abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 14.11.2012 05:08:19 | Computer Name = Emil | Source = WinMgmt | ID = 10
Description =
Error - 14.11.2012 08:08:06 | Computer Name = Emil | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Python26\Lib\distutils\command\wininst-8_d.exe".
Die
abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 14.11.2012 14:56:09 | Computer Name = Emil | Source = Application Hang | ID = 1002
Description = Programm USBVaccine.exe, Version 1.0.1.4 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f84 Startzeit:
01cdc24784c8c0a9 Endzeit: 6 Anwendungspfad: C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
Berichts-ID:
f019476c-2e8c-11e2-ad00-e0ca9458b830
Error - 15.11.2012 04:38:45 | Computer Name = Emil | Source = WinMgmt | ID = 10
Description =
Error - 15.11.2012 14:55:59 | Computer Name = Emil | Source = Application Hang | ID = 1002
Description = Programm USBVaccine.exe, Version 1.0.1.4 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ff8 Startzeit:
01cdc30c7f309904 Endzeit: 31 Anwendungspfad: C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
Berichts-ID:
14eadfba-2f56-11e2-9fd4-e0ca9458b830
Error - 16.11.2012 03:55:25 | Computer Name = Emil | Source = WinMgmt | ID = 10
Description =
Error - 16.11.2012 06:22:47 | Computer Name = Emil | Source = Application Hang | ID = 1002
Description = Programm USBVaccine.exe, Version 1.0.1.4 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 12c0 Startzeit:
01cdc3e196b70da1 Endzeit: 5 Anwendungspfad: C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
Berichts-ID:
8e274404-2fd7-11e2-a177-e0ca9458b830
[ OSession Events ]
Error - 28.01.2012 09:42:11 | Computer Name = Emil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4389
seconds with 2160 seconds of active time. This session ended with a crash.
Error - 25.02.2012 09:45:00 | Computer Name = Emil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4125
seconds with 540 seconds of active time. This session ended with a crash.
Error - 16.03.2012 06:22:10 | Computer Name = Emil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9848
seconds with 2340 seconds of active time. This session ended with a crash.
Error - 17.03.2012 04:04:41 | Computer Name = Emil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 966
seconds with 360 seconds of active time. This session ended with a crash.
Error - 17.03.2012 19:09:40 | Computer Name = Emil | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 54290
seconds with 12780 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 08.11.2012 05:57:19 | Computer Name = Emil | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 08.11.2012 05:57:20 | Computer Name = Emil | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 08.11.2012 06:22:00 | Computer Name = Emil | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 08.11.2012 06:22:01 | Computer Name = Emil | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 08.11.2012 06:22:01 | Computer Name = Emil | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 08.11.2012 06:22:02 | Computer Name = Emil | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 09.11.2012 04:58:26 | Computer Name = Emil | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 09.11.2012 04:58:27 | Computer Name = Emil | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 09.11.2012 04:58:27 | Computer Name = Emil | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 09.11.2012 08:13:48 | Computer Name = Emil | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
< End of report >
[/code] |
|
| Themen zu Verschlüsselungstrojaner e621ca05 |
| alten, application/pdf:, externe, externen, festplatte, festplatten, gelöscht, gemeldet, gen, hallo zusammen, inspector, kurzem, limited.com/facebook, malwarebytes, nicht mehr, ordner, panda usb vaccine, platte, platten, plug-in, recuva, recycler, sichtbar, spector, tracker, trojaner, verknüpfungen, win32/dorkbot.d, zusammen, öffnen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
