| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: System repair wizard trojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.03.2013, 18:42
| #1 |
| |  System repair wizard trojaner Hallo Forum, Leider habe ich kaum einen seriösen lösungsvorschlag über google gefunden. Deswegen versuche ich hier mein Glück ! Es geht um folgende warnmeldung , die sich in unzähligen fenstern öffnet: "file system on local disk C: contains critical errors . To prevent data loss, it ist highly recommended to run system repair wizard" Daneben gibt es noch einige andere warnmeldungen. Ich habe noch nichts angeklickt und habe stattdessen den rechner neu gestartet und bin nun im abgesicherten modus mit netzwerktreiben. Gerade läuft ein vollscan mit malwarebytes. Vor einigen Monaten plagte mich ein ähnlicher trojaner: der "system check virus". Diese "neue" Variante scheint sehr ähnlich zu sein. Danke für eure Hilfe! |
|
04.03.2013, 19:13
| #2 |
| /// Malware-holic   | System repair wizard trojaner Hi
__________________neustart, f8 drücken abgesicherter Modus mit netzwerk wählen im betroffenen Konto anmelden Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
04.03.2013, 19:47
| #3 |
| | System repair wizard trojaner OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 04.03.2013 19:33:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Philipp\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,99 Gb Total Physical Memory | 7,08 Gb Available Physical Memory | 88,58% Memory free 15,98 Gb Paging File | 15,11 Gb Available in Paging File | 94,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1355,20 Gb Total Space | 591,97 Gb Free Space | 43,68% Space Free | Partition Type: NTFS Drive E: | 657,71 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: PCPS | User Name: Philipp | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.04 19:30:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe PRC - [2013.02.20 18:40:06 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe ========== Modules (No Company Name) ========== MOD - [2013.02.20 18:40:05 | 003,067,288 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.10.22 19:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.02.27 19:35:20 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.23 02:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2013.02.23 02:33:26 | 000,389,928 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2013.02.23 02:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2013.02.22 02:54:48 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService) SRV - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.10.27 08:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.10.22 19:07:00 | 000,178,920 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe -- (McShield) SRV - [2009.10.22 19:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2009.10.22 19:07:00 | 000,019,720 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe -- (McAfeeEngineService) SRV - [2009.08.25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.22 02:43:20 | 000,046,280 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6) DRV:64bit: - [2013.02.12 22:01:36 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 05:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.20 05:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 02:43:58 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.03.30 22:35:04 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133) DRV:64bit: - [2009.10.22 19:07:00 | 000,469,144 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2009.10.22 19:07:00 | 000,119,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2009.10.22 19:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2009.10.22 19:07:00 | 000,083,784 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik) DRV:64bit: - [2009.10.22 19:07:00 | 000,077,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2009.10.06 10:54:18 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt) DRV:64bit: - [2009.10.06 10:53:56 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64) DRV:64bit: - [2009.10.06 10:53:56 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2009.10.06 10:53:54 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64) DRV:64bit: - [2009.08.31 09:09:38 | 000,112,240 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.08.19 08:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.10 04:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.07.09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.08.28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.focus.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 D9 22 40 04 0E CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {C3607856-7453-49A5-B0E6-4950571C3025} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{C3607856-7453-49A5-B0E6-4950571C3025}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.team-ulm.de" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: youtubeunblocker@unblocker.yt:0.2.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 18:40:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.22 14:49:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.23 13:22:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.06.17 11:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions [2013.02.14 19:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\o33cejz5.default\extensions [2012.09.29 20:35:23 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\o33cejz5.default\extensions\ich@maltegoetz.de [2013.01.29 13:14:27 | 000,004,412 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\o33cejz5.default\extensions\youtubeunblocker@unblocker.yt.xpi [2013.02.14 19:36:01 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\o33cejz5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.29 00:37:47 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\o33cejz5.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013.02.25 00:36:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.25 00:36:59 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com [2013.02.20 18:40:06 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.12 09:35:35 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.08.16 21:26:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 17:22:56 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.16 21:26:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.08.16 21:26:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.16 21:26:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.16 21:26:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D0B2843-0BF5-46E3-8BF1-3AF1F5DE45EC}: NameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9b8099b6-0c67-11e0-884a-485b3900055e}\Shell - "" = AutoRun O33 - MountPoints2\{9b8099b6-0c67-11e0-884a-485b3900055e}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: HDAudDeck - hkey= - key= - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - File not found MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: JMB36X IDE Setup - hkey= - key= - C:\Windows\RaidTool\xInsIDE.exe () MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found MsConfig:64bit - StartUpReg: PMBVolumeWatcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: VEtXsBNQjL.exe - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2013.03.04 19:30:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe [2013.02.25 21:28:01 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Neuer Ordner [2013.02.25 00:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield [2013.02.25 00:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield [2013.02.25 00:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield [2013.02.25 00:36:50 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Hotspot Shield [2013.02.22 16:14:12 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\GoPro [2013.02.22 15:57:28 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\GoPro [2013.02.22 15:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.02.22 15:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CineForm [2013.02.22 15:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro [2013.02.22 15:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoPro [2013.02.22 02:43:20 | 000,046,280 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys [2013.02.19 21:41:04 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Chemie Bodennachweise [2013.02.17 22:30:02 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\Programs [2013.02.12 22:01:36 | 000,042,184 | ---- | C] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys [2013.02.02 23:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2013.02.02 23:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games [2009.05.25 02:13:14 | 018,221,327 | ---- | C] (www.softendo.com) -- C:\Program Files (x86)\MarioForever V4.4.exe [2006.10.11 07:45:12 | 000,202,748 | ---- | C] (Shaltif's Simple Original Games) -- C:\Program Files (x86)\SXMS.dll [2006.10.11 07:45:12 | 000,154,624 | ---- | C] (Firelight Technologies Pty, Ltd) -- C:\Program Files (x86)\fmod.dll [2006.10.11 07:45:12 | 000,074,752 | ---- | C] (Zlib) -- C:\Program Files (x86)\zlib1.dll [2006.10.11 07:45:11 | 000,054,552 | ---- | C] (hxxp://hobbl.com) -- C:\Program Files (x86)\GZip.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.04 19:30:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe [2013.03.04 19:24:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.04 19:24:54 | 2140,446,719 | -HS- | M] () -- C:\hiberfil.sys [2013.03.04 19:16:25 | 000,008,212 | ---- | M] () -- C:\Windows\mfebcdata [2013.03.04 19:15:14 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.04 17:34:19 | 000,000,176 | ---- | M] () -- C:\ProgramData\-oKJlROuTVCyAr [2013.03.04 17:34:19 | 000,000,176 | ---- | M] () -- C:\ProgramData\-oKJlROuTVCyA [2013.03.04 17:34:12 | 000,000,088 | ---- | M] () -- C:\ProgramData\oKJlROuTVCyA [2013.03.04 17:34:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.03 13:43:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.03 12:18:06 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.03 12:18:06 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.22 22:57:35 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.22 22:57:35 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.22 22:57:35 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.22 22:57:35 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.22 22:57:35 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.22 15:48:27 | 000,001,216 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2013.02.22 15:48:27 | 000,001,159 | ---- | M] () -- C:\Users\Philipp\Desktop\GoPro CineForm Studio.lnk [2013.02.22 02:43:20 | 000,046,280 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys [2013.02.17 22:30:16 | 000,000,980 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.12 22:01:36 | 000,042,184 | ---- | M] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.04 19:16:25 | 000,008,212 | ---- | C] () -- C:\Windows\mfebcdata [2013.03.03 14:14:16 | 000,000,176 | ---- | C] () -- C:\ProgramData\-oKJlROuTVCyAr [2013.03.03 14:14:16 | 000,000,176 | ---- | C] () -- C:\ProgramData\-oKJlROuTVCyA [2013.03.03 14:14:14 | 000,000,088 | ---- | C] () -- C:\ProgramData\oKJlROuTVCyA [2013.02.22 15:48:27 | 000,001,216 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2013.02.22 15:48:27 | 000,001,159 | ---- | C] () -- C:\Users\Philipp\Desktop\GoPro CineForm Studio.lnk [2012.09.24 22:52:59 | 000,000,132 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\Adobe BMP Format CS5 Prefs [2012.05.27 14:53:21 | 000,000,604 | ---- | C] () -- C:\Windows\Thps3.INI [2012.02.11 21:47:41 | 000,012,800 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.10 19:52:55 | 000,000,132 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010.10.23 17:57:51 | 000,076,686 | ---- | C] () -- C:\Program Files (x86)\Uninstal.exe [2010.09.25 20:15:08 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2010.07.28 18:26:59 | 000,007,597 | ---- | C] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg [2009.05.25 02:13:14 | 000,189,256 | ---- | C] () -- C:\Program Files (x86)\ktkm88.dll [2009.04.23 15:42:37 | 000,000,220 | ---- | C] () -- C:\Program Files (x86)\Level Editor.url [2009.04.14 11:47:57 | 000,000,068 | ---- | C] () -- C:\Program Files (x86)\Mario Forever Galaxy.url [2009.04.14 11:39:56 | 000,000,122 | ---- | C] () -- C:\Program Files (x86)\Softendo.com.url [2009.04.14 11:33:50 | 000,000,122 | ---- | C] () -- C:\Program Files (x86)\More Fantastic Games.url [2009.04.13 08:48:42 | 000,000,062 | ---- | C] () -- C:\Program Files (x86)\Mario Forever.url [2008.10.24 04:05:14 | 000,000,198 | ---- | C] () -- C:\Program Files (x86)\Get coins.url [2006.10.11 07:45:12 | 000,803,601 | ---- | C] () -- C:\Program Files (x86)\ktkm16.dll [2006.10.11 07:45:12 | 000,538,410 | ---- | C] () -- C:\Program Files (x86)\ktkm20.dll [2006.10.11 07:45:12 | 000,524,537 | ---- | C] () -- C:\Program Files (x86)\ktkm18.dll [2006.10.11 07:45:12 | 000,524,164 | ---- | C] () -- C:\Program Files (x86)\ktkm12.dll [2006.10.11 07:45:12 | 000,370,880 | ---- | C] () -- C:\Program Files (x86)\ktkm22.dll [2006.10.11 07:45:12 | 000,307,617 | ---- | C] () -- C:\Program Files (x86)\ktkm15.dll [2006.10.11 07:45:12 | 000,304,128 | ---- | C] () -- C:\Program Files (x86)\in_psf.dll [2006.10.11 07:45:12 | 000,285,696 | ---- | C] () -- C:\Program Files (x86)\cncs232.dll [2006.10.11 07:45:12 | 000,267,389 | ---- | C] () -- C:\Program Files (x86)\ktkm8.dll [2006.10.11 07:45:12 | 000,209,936 | ---- | C] () -- C:\Program Files (x86)\ktkm14.dll [2006.10.11 07:45:12 | 000,197,408 | ---- | C] () -- C:\Program Files (x86)\ktkm29.dll [2006.10.11 07:45:12 | 000,169,789 | ---- | C] () -- C:\Program Files (x86)\ktkm38.dll [2006.10.11 07:45:12 | 000,142,481 | ---- | C] () -- C:\Program Files (x86)\ktkm32.dll [2006.10.11 07:45:12 | 000,126,720 | ---- | C] () -- C:\Program Files (x86)\ktkm23.dll [2006.10.11 07:45:12 | 000,116,841 | ---- | C] () -- C:\Program Files (x86)\ktkm26.dll [2006.10.11 07:45:12 | 000,100,786 | ---- | C] () -- C:\Program Files (x86)\ktkm28.dll [2006.10.11 07:45:12 | 000,099,867 | ---- | C] () -- C:\Program Files (x86)\ktkm13.dll [2006.10.11 07:45:12 | 000,098,442 | ---- | C] () -- C:\Program Files (x86)\ktkm35.dll [2006.10.11 07:45:12 | 000,096,166 | ---- | C] () -- C:\Program Files (x86)\ktkm1.dll [2006.10.11 07:45:12 | 000,092,400 | ---- | C] () -- C:\Program Files (x86)\ktkm7.dll [2006.10.11 07:45:12 | 000,082,542 | ---- | C] () -- C:\Program Files (x86)\ktkm37.dll [2006.10.11 07:45:12 | 000,070,888 | ---- | C] () -- C:\Program Files (x86)\ktkm19.dll [2006.10.11 07:45:12 | 000,066,908 | ---- | C] () -- C:\Program Files (x86)\ktkm17.dll [2006.10.11 07:45:12 | 000,066,862 | ---- | C] () -- C:\Program Files (x86)\ktkm33.dll [2006.10.11 07:45:12 | 000,065,092 | ---- | C] () -- C:\Program Files (x86)\ktkm27.dll [2006.10.11 07:45:12 | 000,064,070 | ---- | C] () -- C:\Program Files (x86)\ktkm21.dll [2006.10.11 07:45:12 | 000,062,722 | ---- | C] () -- C:\Program Files (x86)\ktkm39.dll [2006.10.11 07:45:12 | 000,062,631 | ---- | C] () -- C:\Program Files (x86)\ktkm11.dll [2006.10.11 07:45:12 | 000,058,192 | ---- | C] () -- C:\Program Files (x86)\ktkm6.dll [2006.10.11 07:45:12 | 000,058,015 | ---- | C] () -- C:\Program Files (x86)\ktkm10.dll [2006.10.11 07:45:12 | 000,056,992 | ---- | C] () -- C:\Program Files (x86)\ktkm24.dll [2006.10.11 07:45:12 | 000,056,338 | ---- | C] () -- C:\Program Files (x86)\ktkm666.dll [2006.10.11 07:45:12 | 000,055,186 | ---- | C] () -- C:\Program Files (x86)\ktkm5.dll [2006.10.11 07:45:12 | 000,049,094 | ---- | C] () -- C:\Program Files (x86)\ktkm25.dll [2006.10.11 07:45:12 | 000,047,186 | ---- | C] () -- C:\Program Files (x86)\ktkm31.dll [2006.10.11 07:45:12 | 000,043,133 | ---- | C] () -- C:\Program Files (x86)\ktkm4.dll [2006.10.11 07:45:12 | 000,032,965 | ---- | C] () -- C:\Program Files (x86)\ktkm30.dll [2006.10.11 07:45:12 | 000,030,166 | ---- | C] () -- C:\Program Files (x86)\ktkm9.dll [2006.10.11 07:45:12 | 000,022,657 | ---- | C] () -- C:\Program Files (x86)\ktkm3.dll [2006.10.11 07:45:12 | 000,020,926 | ---- | C] () -- C:\Program Files (x86)\ktkm36.dll [2006.10.11 07:45:12 | 000,015,165 | ---- | C] () -- C:\Program Files (x86)\ktkm2.dll [2006.10.11 07:45:12 | 000,005,463 | ---- | C] () -- C:\Program Files (x86)\ktkm34.dll [2006.10.11 07:45:12 | 000,000,728 | ---- | C] () -- C:\Program Files (x86)\mafosav.INI [2006.10.11 07:45:12 | 000,000,133 | ---- | C] () -- C:\Program Files (x86)\forevermopt.INI ========== ZeroAccess Check ========== [2010.11.20 05:28:38 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\AppData\Local\{af8c0770-f467-4c40-b413-ea2b955341b5}\L [2010.11.20 05:28:38 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\AppData\Local\{af8c0770-f467-4c40-b413-ea2b955341b5}\U [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Users\Philipp\AppData\Local\{af8c0770-f467-4c40-b413-ea2b955341b5}\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010.11.20 05:27:26 | 014,174,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.11.20 04:21:20 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.21 18:56:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.minecraft [2010.07.17 21:00:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ableton [2012.09.13 18:12:17 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Aescripts [2010.08.26 13:09:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\AnvSoft [2010.09.10 22:48:48 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ashampoo [2010.09.20 13:52:10 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\AusLogics [2012.10.19 21:28:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\avidemux [2010.12.27 13:10:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Canon [2013.01.13 18:59:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.05.09 13:00:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2010.10.16 19:08:14 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\com.adobe.ResourceCentral [2013.03.04 17:33:53 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Dropbox [2013.02.22 15:57:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\GoPro [2012.02.22 15:00:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\HDRsoft [2013.02.25 00:36:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Hotspot Shield [2011.02.19 16:28:15 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ICQ [2012.01.12 17:42:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\IrfanView [2012.08.12 23:13:30 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\LRTimelapse [2012.02.20 17:10:09 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Need for Speed World [2010.07.11 22:26:04 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Nokia [2010.06.17 15:13:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PACE Anti-Piracy [2010.07.11 22:26:11 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PC Suite [2012.05.21 17:12:09 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PDAppFlex [2012.02.05 18:18:11 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Red Giant Link [2010.07.24 16:07:48 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1 [2012.12.23 21:01:47 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Simfy [2010.06.17 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.08.06 00:55:01 | 000,000,000 | RHSD | M] -- C:\Users\Philipp\AppData\Roaming\System32 [2010.06.17 11:57:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Thunderbird [2010.08.26 14:26:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Youtube Downloader HD ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.06.17 10:09:58 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.01.12 15:39:21 | 000,000,000 | ---D | M] -- C:\BlueJ [2012.02.04 18:59:20 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.06.17 10:09:48 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2015.07.25 03:24:10 | 000,000,000 | ---D | M] -- C:\Guru3D.com [2010.06.17 10:14:50 | 000,000,000 | ---D | M] -- C:\Intel [2012.04.25 13:10:06 | 000,000,000 | ---D | M] -- C:\MoTemp [2010.06.17 14:15:05 | 000,000,000 | R--D | M] -- C:\MSOCache [2012.05.10 12:16:04 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.23 13:17:29 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.25 00:36:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.03.04 19:05:17 | 000,000,000 | ---D | M] -- C:\ProgramData [2010.06.17 10:09:48 | 000,000,000 | -HSD | M] -- C:\Programme [2012.11.30 21:20:19 | 000,000,000 | ---D | M] -- C:\QUARANTINE [2010.06.17 10:49:04 | 000,000,000 | ---D | M] -- C:\RaidTool [2010.06.17 10:09:48 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.01.12 18:11:20 | 000,000,000 | ---D | M] -- C:\Skripte [2013.02.25 00:38:08 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.05.10 12:16:09 | 000,000,000 | R--D | M] -- C:\Users [2013.03.04 19:16:25 | 000,000,000 | ---D | M] -- C:\Windows [2010.06.17 10:50:01 | 000,000,000 | ---D | M] -- C:\Windows.old < %PROGRAMFILES%\*.exe > [2009.06.04 01:11:35 | 018,221,327 | ---- | M] (www.softendo.com) -- C:\Program Files (x86)\MarioForever V4.4.exe [2010.10.23 17:57:54 | 000,076,686 | ---- | M] () -- C:\Program Files (x86)\Uninstal.exe < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 04:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.06.17 14:04:14 | 000,001,108 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2010.06.17 14:04:14 | 000,001,112 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.08.16 21:58:37 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Philipp\AppData\Local\Temp\RarSFX0\procs\explorer.exe [2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Philipp\AppData\Local\Temp\RarSFX1\procs\explorer.exe [2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Philipp\AppData\Local\Temp\RarSFX2\procs\explorer.exe [2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Philipp\AppData\Local\Temp\RarSFX3\procs\explorer.exe [2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe [2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Philipp\AppData\Local\Temp\RarSFX0\h\explorer.exe [2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Philipp\AppData\Local\Temp\RarSFX1\h\explorer.exe [2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Philipp\AppData\Local\Temp\RarSFX2\h\explorer.exe [2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Philipp\AppData\Local\Temp\RarSFX3\h\explorer.exe [2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe [2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2013.03.04 18:09:22 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) MD5=ED0F04D5DE32FEC14E91D7DD9571580D -- C:\Users\Philipp\Downloads\eXplorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys [2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys [2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Philipp\AppData\Local\Temp\RarSFX0\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Philipp\AppData\Local\Temp\RarSFX1\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Philipp\AppData\Local\Temp\RarSFX2\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Philipp\AppData\Local\Temp\RarSFX3\userinit.exe [2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Scannen\Chameleon\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Philipp\AppData\Local\Temp\RarSFX0\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Philipp\AppData\Local\Temp\RarSFX1\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Philipp\AppData\Local\Temp\RarSFX2\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Philipp\AppData\Local\Temp\RarSFX3\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.03.04 19:35:43 | 006,291,456 | -HS- | M] () -- C:\Users\Philipp\NTUSER.DAT [2013.03.04 19:35:43 | 000,262,144 | -HS- | M] () -- C:\Users\Philipp\ntuser.dat.LOG1 [2010.06.17 10:09:53 | 000,000,000 | -HS- | M] () -- C:\Users\Philipp\ntuser.dat.LOG2 [2010.06.17 10:15:31 | 000,065,536 | -HS- | M] () -- C:\Users\Philipp\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.06.17 10:15:31 | 000,524,288 | -HS- | M] () -- C:\Users\Philipp\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.06.17 10:15:31 | 000,524,288 | -HS- | M] () -- C:\Users\Philipp\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.06.17 10:09:53 | 000,000,020 | -HS- | M] () -- C:\Users\Philipp\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:054203E4 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.03.2013 19:33:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Philipp\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,99 Gb Total Physical Memory | 7,08 Gb Available Physical Memory | 88,58% Memory free
15,98 Gb Paging File | 15,11 Gb Available in Paging File | 94,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1355,20 Gb Total Space | 591,97 Gb Free Space | 43,68% Space Free | Partition Type: NTFS
Drive E: | 657,71 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: PCPS | User Name: Philipp | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{149471C3-B79D-4AC3-AC37-D09B84B0517B}" = rport=137 | protocol=17 | dir=out | app=system |
"{1F3CF3C3-03B3-47E7-B323-D89F8C8E08CD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{2650B36E-0C95-4960-8757-0E634761D82E}" = lport=137 | protocol=17 | dir=in | app=system |
"{28B8E36B-5547-4A13-BB85-E8C444D9D467}" = rport=445 | protocol=6 | dir=out | app=system |
"{429EFFB9-51FF-44B5-B69E-E83B70D80373}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4C603DBC-2B85-49EB-8359-9D6229B51B96}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93A0C871-14CD-4C39-AC14-51C0B2BC7C10}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B22EC11F-57F9-4AAE-A47B-17B61470DF65}" = lport=445 | protocol=6 | dir=in | app=system |
"{B91EA6CD-5C32-4864-BB1E-40C2900F3060}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C3B5410E-CAF0-451F-BF80-074240BBDAAB}" = lport=139 | protocol=6 | dir=in | app=system |
"{C891A252-51C5-4F73-9E1B-186B813BD93C}" = lport=138 | protocol=17 | dir=in | app=system |
"{E7C1D9F1-DF3D-40C0-BB72-AFC2699058EE}" = rport=138 | protocol=17 | dir=out | app=system |
"{FDEEFC90-977A-4F6B-8871-5FAC88D786D5}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07FB560E-292C-4874-BD60-D1C764E0D14C}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{1274AC09-EA54-4E47-9E02-F4843EB4634E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{16C7C858-4C25-4C78-91DE-60670005617B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{17D156F9-C52C-46DA-8DFD-ABBE89B94AAE}" = protocol=6 | dir=in | app=c:\users\philipp\appdata\roaming\dropbox\bin\dropbox.exe |
"{1DD8C2D0-B101-438E-8FD6-C6E4137F1DA6}" = protocol=17 | dir=in | app=c:\users\philipp\appdata\roaming\dropbox\bin\dropbox.exe |
"{2EAD7BF6-9909-4523-8174-6DD4272126D2}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{30519A13-C2FF-4EBF-B2CD-F27875E8DF74}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{38B955A2-55FD-42CC-8892-705EB91C240D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{395C4BBA-2FB2-40B6-AE2D-08485398B105}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{39CC638C-CD60-4B85-B833-DB98DE858905}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{3D2CE362-74BD-4DA1-8A3E-4086F9D05E79}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{41863ECF-3DFD-43FF-A194-EDE1F2423211}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{41E5C0E7-7DA3-4DC4-AA21-649495D9160F}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{52607E0C-93BB-49A2-A5FC-A07157143CF3}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{52FEF578-54F1-4CE6-B6E6-DB80AA0AF20E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{53E14C68-0411-4895-AC69-8E9513164284}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6C186D12-1C28-41B6-9454-BA5BC2CF582D}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{75EEA890-5108-4F1F-AA86-B8F987865BB2}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{7EDD1EA4-A66C-4C48-A110-CB1C8B02779D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8A28D67F-0E67-4695-88A8-33CA41F8C09E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{8BCDDD35-2615-4310-953D-254369F2F1E8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{97035A9E-6D22-475C-A130-04B14B80A922}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{973C0DB8-69C4-4266-BDD4-6AFE94AA0DD8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{97A43845-54AF-43D1-9305-9A85A48AB317}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9E50B0F4-1242-4B30-9A40-EB8B3E4B4DAB}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{A028F544-27CE-4550-B6E3-3A12970D0AAA}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{A15F63D6-9D1A-45E5-BEB7-66D3A5BE2EAB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A4180734-C1B7-4255-B11C-D46C4D69F237}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B778CEE2-0195-40C5-A78A-E7E31883C958}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{BBCD20C8-72FB-456A-948E-881E0E02190B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{C5AA7163-FF3B-464A-B3D9-48371AFD5552}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{C5C881F1-E836-4A2E-A891-DDD669CF6431}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\aolload.exe |
"{CAD26BC4-85DF-48E3-B91A-0151E9A5FADB}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{D4DED30D-2847-48C1-8F8C-F0704DF35D8E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D82C25D2-86D5-43EB-8C06-AE1C4ACAB848}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{D8A60B33-21B3-4749-975E-85F18C87BF7A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E0C20286-A637-4BA6-94FA-1B01E0099825}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"{E90B45C2-3FD9-4C29-8DEF-7F9C8F019D64}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{FEE01F55-A067-4F6B-AE75-C3E8F78A78E0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.0\icq.exe |
"TCP Query User{192A2852-9979-463F-B82B-0293BB64D562}C:\program files (x86)\activision\thps3\skate3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\thps3\skate3.exe |
"TCP Query User{24ACA3CE-E7C3-45B1-BDD2-B54CEB08B534}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"TCP Query User{28162094-9CC8-4964-9A28-DED9477268A1}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{86FD62BB-D096-464E-8BA9-0C068689F8C7}C:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe |
"TCP Query User{CB8C38CE-635F-4240-BDD9-1ED95F0D8663}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E8ACD942-6461-4C07-91F8-66A2CEE45CD0}C:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe |
"TCP Query User{ECBF7FE5-EC43-40F1-8D1E-07BC87B48B0E}C:\program files\adobe\adobe after effects cs5\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe after effects cs5\support files\afterfx.exe |
"UDP Query User{444A881C-2677-4CA3-9473-83D088BCC0CF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5357D59D-BCBD-4EDD-92F9-0EEEAC0FC328}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{6250B93A-2B68-4F1D-A25F-ABB30487B84F}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe |
"UDP Query User{6A1B8965-E755-492B-B5C6-B55851F3915B}C:\program files (x86)\activision\thps3\skate3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\thps3\skate3.exe |
"UDP Query User{BBEAC6A4-5DCA-4C49-B471-F365C7D1D55D}C:\program files\adobe\adobe after effects cs5\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe after effects cs5\support files\afterfx.exe |
"UDP Query User{D9F80D45-7748-45BF-A1E3-57632F095E3F}C:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe media encoder cs5\adobe media encoder.exe |
"UDP Query User{DB142B12-DB56-4769-A5FB-930A4C8B5E57}C:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe premiere pro cs5\adobe premiere pro.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04596C9E-F180-410D-86EA-F61DEE5FB9F4}" = Magic Bullet LUT Buddy 64-bit
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0BC62162-0022-4C0A-97E8-5B7FD50D1B7C}" = Magic Bullet Looks 64-bit
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1BEA98B3-46D6-4DE1-A18F-045AA7FB2AEA}" = Magic Bullet QuickLooks Free
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7F7D7D50-5E9F-46E2-A3BD-BA4AB42D31BA}" = GBDeflicker64
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C8ECF005-4E5F-455B-BACD-5C9BF4C0DE91}" = Magic Bullet Colorista Free 64-bit
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Neat Video for After Effects_is1" = Neat Video v3.1.0 Demo plug-in for After Effects (64-bit)
"Neat Video for Premiere_is1" = Neat Video v3.1.0 Demo plug-in for Premiere (64-bit)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"PhotomatixPro41x64_is1" = Photomatix Pro version 4.1.4
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = oZone3D.Net FurMark v1.8.2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{53BC789D-073D-47B6-AA9F-DE05990AF07A}" = Adobe Creative Suite 5 Production Premium
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7176B973-6011-43C1-AEBC-2D73FE7C6982}" = Adobe Premiere Pro CS6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler
"{866EB045-6A93-4D0B-A9C2-7C0E7D3F26FB}" = LRTimelapse
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}" = LightScribe Applications
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARD_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARD_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_STANDARD_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARD_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{99284958-43A1-E44A-B9CE-BB2E3D460617}" = simfy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A32910E5-4084-4A0E-9FFF-D2E9C1B1C134}" = Adobe Encore CS5 Library
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F1CA85-C713-4B1F-B3B4-B2B7A6824146}" = LightScribe System Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A99968BE-C155-474C-0089-33239DEE1CE2}" = NFS Underground
"{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D5E7D8B9-9B8F-4DA0-9B2C-167DC889B0E1}" = Adobe After Effects CS5 Template Projects & Footage
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E29C08AB-B5FD-48D7-8E96-386E1E902077}" = Luster Grade Presets Sampler for MBL2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F4EC52C6-1223-4EA9-8C48-F4E6AB2EEC19}" = Adobe Premiere Pro CS5 Functional Content
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Afterburner" = MSI Afterburner 2.0.0
"Any Video Converter_is1" = Any Video Converter 3.0.6
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"BlueJ_is1" = BlueJ 3.0.5
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CDex" = CDex - Open Source Digital Audio CD Extractor
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DPP" = Canon Utilities Digital Photo Professional 3.9
"EOS Utility" = Canon Utilities EOS Utility
"GoPro CineForm Studio" = GoPro CineForm Studio 1.3.2
"HotspotShield" = Hotspot Shield 2.88
"InstallShield_{04596C9E-F180-410D-86EA-F61DEE5FB9F4}" = Magic Bullet LUT Buddy 64-bit
"InstallShield_{0BC62162-0022-4C0A-97E8-5B7FD50D1B7C}" = Magic Bullet Looks 64-bit
"InstallShield_{1BEA98B3-46D6-4DE1-A18F-045AA7FB2AEA}" = Magic Bullet QuickLooks Free
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{C8ECF005-4E5F-455B-BACD-5C9BF4C0DE91}" = Magic Bullet Colorista Free 64-bit
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Nokia PC Suite" = Nokia PC Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Simfy" = simfy
"SpeedFan" = SpeedFan (remove only)
"STANDARD" = Microsoft Office Standard 2007
"Super Mario 3 : Mario Forever" = Super Mario 3 : Mario Forever
"VLC media player" = VLC media player 2.0.1
"WFTK" = Canon Utilities WFT Utility
"Winamp" = Winamp
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.9.2
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.05.2012 17:08:05 | Computer Name = PCPS | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.05.2012 17:08:05 | Computer Name = PCPS | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.05.2012 17:08:05 | Computer Name = PCPS | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.05.2012 17:08:06 | Computer Name = PCPS | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.05.2012 17:08:06 | Computer Name = PCPS | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.05.2012 18:04:18 | Computer Name = PCPS | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.05.2012 18:04:18 | Computer Name = PCPS | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.05.2012 18:51:41 | Computer Name = PCPS | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.05.2012 18:51:41 | Computer Name = PCPS | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 05.05.2012 19:22:24 | Computer Name = PCPS | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Adobe\Adobe
Media Encoder CS5\PhotoshopServer.exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\Adobe\Adobe Media Encoder CS5\PhotoshopServer.exe" in Zeile 2.
Mehrere
requestedPrivileges-Elemente sind nicht im Manifest zulässig.
[ System Events ]
Error - 04.03.2013 14:32:17 | Computer Name = PCPS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.03.2013 14:34:23 | Computer Name = PCPS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.03.2013 14:34:23 | Computer Name = PCPS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.03.2013 14:34:23 | Computer Name = PCPS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.03.2013 14:39:23 | Computer Name = PCPS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.03.2013 14:39:23 | Computer Name = PCPS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.03.2013 14:39:23 | Computer Name = PCPS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.03.2013 14:41:31 | Computer Name = PCPS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.03.2013 14:41:31 | Computer Name = PCPS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 04.03.2013 14:41:31 | Computer Name = PCPS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
Danke schonmal für deine Hilfe. Was muss ich als nächstes machen? ich mah jetzt mal mit Malwarebytes anti Rogueware weiter.Ist das OK? |
|
04.03.2013, 21:19
| #4 |
| | System repair wizard trojaner hier mal die Log-file von Malwarebytes anti Rootkit: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1021 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 System is currently in a safe mode Account is Administrative Internet Explorer version: 8.0.7601.17514 Java version: 1.6.0_20 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.808000 GHz Memory total: 8580554752, free: 7114985472 ------------ Kernel report ------------ 03/04/2013 20:28:51 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\vmbus.sys \SystemRoot\system32\drivers\winhv.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\DRIVERS\jraid.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\SysWOW64\speedfan.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\mfetdik.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\hssdrv6.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\ASACPI.sys \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\taphss6.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\drivers\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\hidusb.sys \SystemRoot\system32\drivers\HIDCLASS.SYS \SystemRoot\system32\drivers\HIDPARSE.SYS \SystemRoot\system32\drivers\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\framebuf.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8007d8f790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa8007b40060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 Downloaded database version: v2013.03.04.09 Initializing... Done! <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8007d8f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007c9b930, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007d8f790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007b3e520, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8007b40060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a008f31660, 0xfffffa8007d8f790, 0xfffffa800a41b790 Lower DeviceData: 0xfffff8a008d9d860, 0xfffffa8007b40060, 0xfffffa800a4af2b0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 9B1E6225 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 2842062848 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2842066944 Numsec = 1064931504 Partition 2 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 3907000320 Numsec = 20480 Partition is not bootable Hidden partition VBR is not infected. Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2000398934016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)... Done! Performing system, memory and registry scan... Infected: HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32| --> [Trojan.Zaccess] Infected: HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 --> [Trojan.Zaccess] Infected: HKLM\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} --> [Trojan.Zaccess] Infected: HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} --> [Trojan.Zaccess] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} --> [Trojan.Zaccess] Infected: HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32| --> [Trojan.Zaccess] Done! Scan finished Creating System Restore point... Could not create restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1021 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 8.0.7601.17514 Java version: 1.6.0_20 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.808000 GHz Memory total: 8580554752, free: 6937956352 Removal queue found; removal started Removal finished ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1021 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 8.0.7601.17514 Java version: 1.6.0_20 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.808000 GHz Memory total: 8580554752, free: 7066234880 ------------ Kernel report ------------ 03/04/2013 20:51:11 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\vmbus.sys \SystemRoot\system32\drivers\winhv.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\DRIVERS\jraid.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\SysWOW64\speedfan.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\mfehidk.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\mfetdik.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\hssdrv6.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\Drivers\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\ASACPI.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\taphss6.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\drivers\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\drivers\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\viahduaa.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\hidusb.sys \SystemRoot\system32\drivers\HIDCLASS.SYS \SystemRoot\system32\drivers\HIDPARSE.SYS \SystemRoot\system32\drivers\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\drivers\cpuz133_x64.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\mfeapfk.sys \SystemRoot\system32\drivers\mfeavfk.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\sechost.dll \Windows\System32\msctf.dll \Windows\System32\ole32.dll \Windows\System32\msvcrt.dll \Windows\System32\kernel32.dll \Windows\System32\oleaut32.dll \Windows\System32\gdi32.dll \Windows\System32\ws2_32.dll \Windows\System32\lpk.dll \Windows\System32\wininet.dll \Windows\System32\setupapi.dll \Windows\System32\imagehlp.dll \Windows\System32\iertutil.dll \Windows\System32\rpcrt4.dll \Windows\System32\normaliz.dll \Windows\System32\shell32.dll \Windows\System32\nsi.dll \Windows\System32\psapi.dll \Windows\System32\difxapi.dll \Windows\System32\usp10.dll \Windows\System32\comdlg32.dll \Windows\System32\advapi32.dll \Windows\System32\clbcatq.dll \Windows\System32\urlmon.dll \Windows\System32\shlwapi.dll \Windows\System32\imm32.dll \Windows\System32\user32.dll \Windows\System32\Wldap32.dll \Windows\System32\KernelBase.dll \Windows\System32\comctl32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\wintrust.dll \Windows\System32\crypt32.dll \Windows\System32\devobj.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8007de0790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa8007ba5060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 Downloaded database version: v2013.03.04.10 Initializing... Done! <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8007de0790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007de02c0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007de0790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007b9f520, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8007ba5060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a003031a40, 0xfffffa8007de0790, 0xfffffa800aced290 Lower DeviceData: 0xfffff8a004030490, 0xfffffa8007ba5060, 0xfffffa8008d0e200 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 1 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 9B1E6225 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 2842062848 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2842066944 Numsec = 1064931504 Partition 2 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 3907000320 Numsec = 20480 Partition is not bootable Hidden partition VBR is not infected. Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2000398934016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)... Done! Performing system, memory and registry scan... Done! Scan finished ======================================= |
|
04.03.2013, 21:19
| #5 |
| /// Malware-holic | System repair wizard trojaner Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
[2013.03.03 14:14:16 | 000,000,176 | ---- | C] () -- C:\ProgramData\-oKJlROuTVCyAr
[2013.03.03 14:14:16 | 000,000,176 | ---- | C] () -- C:\ProgramData\-oKJlROuTVCyA
[2013.03.03 14:14:14 | 000,000,088 | ---- | C] () -- C:\ProgramData\oKJlROuTVCyA
:files
:Commands
[Reboot]
lade unhide: http://www.trojaner-board.de/125889-...en-posten.html Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.03.2013, 21:36
| #6 |
| | System repair wizard trojaner Hier och der log von adwcleaner:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.113 - Datei am 04/03/2013 um 21:22:04 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Philipp - PCPS
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Philipp\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0 (de)
Datei : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\o33cejz5.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1592 octets] - [04/03/2013 21:22:04]
########## EOF - C:\AdwCleaner[S1].txt - [1652 octets] ##########
Ist das Durchführen von TDSS Killer überhaupt noch nötig, wenn ich zuvor schon einen Scan mit Malwarebytes Anti Rootkit durchgeführt habe? OTL-Log file:OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.03.2013 19:33:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Philipp\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,99 Gb Total Physical Memory | 7,08 Gb Available Physical Memory | 88,58% Memory free 15,98 Gb Paging File | 15,11 Gb Available in Paging File | 94,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1355,20 Gb Total Space | 591,97 Gb Free Space | 43,68% Space Free | Partition Type: NTFS Drive E: | 657,71 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: PCPS | User Name: Philipp | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.04 19:30:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe PRC - [2013.02.20 18:40:06 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe ========== Modules (No Company Name) ========== MOD - [2013.02.20 18:40:05 | 003,067,288 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.10.22 19:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.02.27 19:35:20 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.23 02:36:04 | 000,545,576 | ---- | M] (AnchorFree Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2013.02.23 02:33:26 | 000,389,928 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2013.02.23 02:29:46 | 000,453,928 | ---- | M] (AnchorFree Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2013.02.22 02:54:48 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService) SRV - [2012.12.29 11:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.12.29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.10.27 08:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009.10.22 19:07:00 | 000,178,920 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe -- (McShield) SRV - [2009.10.22 19:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2009.10.22 19:07:00 | 000,019,720 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe -- (McAfeeEngineService) SRV - [2009.08.25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.22 02:43:20 | 000,046,280 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6) DRV:64bit: - [2013.02.12 22:01:36 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 05:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.20 05:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 02:43:58 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.03.30 22:35:04 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133) DRV:64bit: - [2009.10.22 19:07:00 | 000,469,144 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2009.10.22 19:07:00 | 000,119,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2009.10.22 19:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2009.10.22 19:07:00 | 000,083,784 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik) DRV:64bit: - [2009.10.22 19:07:00 | 000,077,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2009.10.06 10:54:18 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt) DRV:64bit: - [2009.10.06 10:53:56 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64) DRV:64bit: - [2009.10.06 10:53:56 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2009.10.06 10:53:54 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64) DRV:64bit: - [2009.08.31 09:09:38 | 000,112,240 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.08.19 08:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.10 04:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.07.09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.08.28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.focus.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 D9 22 40 04 0E CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {C3607856-7453-49A5-B0E6-4950571C3025} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{C3607856-7453-49A5-B0E6-4950571C3025}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.team-ulm.de" FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68 FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: youtubeunblocker@unblocker.yt:0.2.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 18:40:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.22 14:49:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.23 13:22:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.06.17 11:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Extensions [2013.02.14 19:36:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\o33cejz5.default\extensions [2012.09.29 20:35:23 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Philipp\AppData\Roaming\mozilla\Firefox\Profiles\o33cejz5.default\extensions\ich@maltegoetz.de [2013.01.29 13:14:27 | 000,004,412 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\o33cejz5.default\extensions\youtubeunblocker@unblocker.yt.xpi [2013.02.14 19:36:01 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\o33cejz5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.29 00:37:47 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Philipp\AppData\Roaming\mozilla\firefox\profiles\o33cejz5.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013.02.25 00:36:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.25 00:36:59 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com [2013.02.20 18:40:06 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.12 09:35:35 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.08.16 21:26:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 17:22:56 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.16 21:26:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.08.16 21:26:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.16 21:26:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.16 21:26:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - Startup: C:\Users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D0B2843-0BF5-46E3-8BF1-3AF1F5DE45EC}: NameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9b8099b6-0c67-11e0-884a-485b3900055e}\Shell - "" = AutoRun O33 - MountPoints2\{9b8099b6-0c67-11e0-884a-485b3900055e}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: HDAudDeck - hkey= - key= - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - File not found MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: JMB36X IDE Setup - hkey= - key= - C:\Windows\RaidTool\xInsIDE.exe () MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found MsConfig:64bit - StartUpReg: PMBVolumeWatcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: VEtXsBNQjL.exe - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2013.03.04 19:30:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe [2013.02.25 21:28:01 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Neuer Ordner [2013.02.25 00:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield [2013.02.25 00:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield [2013.02.25 00:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield [2013.02.25 00:36:50 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\Hotspot Shield [2013.02.22 16:14:12 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\GoPro [2013.02.22 15:57:28 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Roaming\GoPro [2013.02.22 15:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.02.22 15:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CineForm [2013.02.22 15:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro [2013.02.22 15:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoPro [2013.02.22 02:43:20 | 000,046,280 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys [2013.02.19 21:41:04 | 000,000,000 | ---D | C] -- C:\Users\Philipp\Desktop\Chemie Bodennachweise [2013.02.17 22:30:02 | 000,000,000 | ---D | C] -- C:\Users\Philipp\AppData\Local\Programs [2013.02.12 22:01:36 | 000,042,184 | ---- | C] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys [2013.02.02 23:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2013.02.02 23:51:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games [2009.05.25 02:13:14 | 018,221,327 | ---- | C] (www.softendo.com) -- C:\Program Files (x86)\MarioForever V4.4.exe [2006.10.11 07:45:12 | 000,202,748 | ---- | C] (Shaltif's Simple Original Games) -- C:\Program Files (x86)\SXMS.dll [2006.10.11 07:45:12 | 000,154,624 | ---- | C] (Firelight Technologies Pty, Ltd) -- C:\Program Files (x86)\fmod.dll [2006.10.11 07:45:12 | 000,074,752 | ---- | C] (Zlib) -- C:\Program Files (x86)\zlib1.dll [2006.10.11 07:45:11 | 000,054,552 | ---- | C] (hxxp://hobbl.com) -- C:\Program Files (x86)\GZip.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.04 19:30:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Philipp\Desktop\OTL.exe [2013.03.04 19:24:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.04 19:24:54 | 2140,446,719 | -HS- | M] () -- C:\hiberfil.sys [2013.03.04 19:16:25 | 000,008,212 | ---- | M] () -- C:\Windows\mfebcdata [2013.03.04 19:15:14 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.04 17:34:19 | 000,000,176 | ---- | M] () -- C:\ProgramData\-oKJlROuTVCyAr [2013.03.04 17:34:19 | 000,000,176 | ---- | M] () -- C:\ProgramData\-oKJlROuTVCyA [2013.03.04 17:34:12 | 000,000,088 | ---- | M] () -- C:\ProgramData\oKJlROuTVCyA [2013.03.04 17:34:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.03 13:43:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.03 12:18:06 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.03 12:18:06 | 000,015,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.22 22:57:35 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.22 22:57:35 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.22 22:57:35 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.22 22:57:35 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.22 22:57:35 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.22 15:48:27 | 000,001,216 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2013.02.22 15:48:27 | 000,001,159 | ---- | M] () -- C:\Users\Philipp\Desktop\GoPro CineForm Studio.lnk [2013.02.22 02:43:20 | 000,046,280 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys [2013.02.17 22:30:16 | 000,000,980 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.12 22:01:36 | 000,042,184 | ---- | M] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.04 19:16:25 | 000,008,212 | ---- | C] () -- C:\Windows\mfebcdata [2013.03.03 14:14:16 | 000,000,176 | ---- | C] () -- C:\ProgramData\-oKJlROuTVCyAr [2013.03.03 14:14:16 | 000,000,176 | ---- | C] () -- C:\ProgramData\-oKJlROuTVCyA [2013.03.03 14:14:14 | 000,000,088 | ---- | C] () -- C:\ProgramData\oKJlROuTVCyA [2013.02.22 15:48:27 | 000,001,216 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2013.02.22 15:48:27 | 000,001,159 | ---- | C] () -- C:\Users\Philipp\Desktop\GoPro CineForm Studio.lnk [2012.09.24 22:52:59 | 000,000,132 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\Adobe BMP Format CS5 Prefs [2012.05.27 14:53:21 | 000,000,604 | ---- | C] () -- C:\Windows\Thps3.INI [2012.02.11 21:47:41 | 000,012,800 | ---- | C] () -- C:\Users\Philipp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.10 19:52:55 | 000,000,132 | ---- | C] () -- C:\Users\Philipp\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010.10.23 17:57:51 | 000,076,686 | ---- | C] () -- C:\Program Files (x86)\Uninstal.exe [2010.09.25 20:15:08 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2010.07.28 18:26:59 | 000,007,597 | ---- | C] () -- C:\Users\Philipp\AppData\Local\Resmon.ResmonCfg [2009.05.25 02:13:14 | 000,189,256 | ---- | C] () -- C:\Program Files (x86)\ktkm88.dll [2009.04.23 15:42:37 | 000,000,220 | ---- | C] () -- C:\Program Files (x86)\Level Editor.url [2009.04.14 11:47:57 | 000,000,068 | ---- | C] () -- C:\Program Files (x86)\Mario Forever Galaxy.url [2009.04.14 11:39:56 | 000,000,122 | ---- | C] () -- C:\Program Files (x86)\Softendo.com.url [2009.04.14 11:33:50 | 000,000,122 | ---- | C] () -- C:\Program Files (x86)\More Fantastic Games.url [2009.04.13 08:48:42 | 000,000,062 | ---- | C] () -- C:\Program Files (x86)\Mario Forever.url [2008.10.24 04:05:14 | 000,000,198 | ---- | C] () -- C:\Program Files (x86)\Get coins.url [2006.10.11 07:45:12 | 000,803,601 | ---- | C] () -- C:\Program Files (x86)\ktkm16.dll [2006.10.11 07:45:12 | 000,538,410 | ---- | C] () -- C:\Program Files (x86)\ktkm20.dll [2006.10.11 07:45:12 | 000,524,537 | ---- | C] () -- C:\Program Files (x86)\ktkm18.dll [2006.10.11 07:45:12 | 000,524,164 | ---- | C] () -- C:\Program Files (x86)\ktkm12.dll [2006.10.11 07:45:12 | 000,370,880 | ---- | C] () -- C:\Program Files (x86)\ktkm22.dll [2006.10.11 07:45:12 | 000,307,617 | ---- | C] () -- C:\Program Files (x86)\ktkm15.dll [2006.10.11 07:45:12 | 000,304,128 | ---- | C] () -- C:\Program Files (x86)\in_psf.dll [2006.10.11 07:45:12 | 000,285,696 | ---- | C] () -- C:\Program Files (x86)\cncs232.dll [2006.10.11 07:45:12 | 000,267,389 | ---- | C] () -- C:\Program Files (x86)\ktkm8.dll [2006.10.11 07:45:12 | 000,209,936 | ---- | C] () -- C:\Program Files (x86)\ktkm14.dll [2006.10.11 07:45:12 | 000,197,408 | ---- | C] () -- C:\Program Files (x86)\ktkm29.dll [2006.10.11 07:45:12 | 000,169,789 | ---- | C] () -- C:\Program Files (x86)\ktkm38.dll [2006.10.11 07:45:12 | 000,142,481 | ---- | C] () -- C:\Program Files (x86)\ktkm32.dll [2006.10.11 07:45:12 | 000,126,720 | ---- | C] () -- C:\Program Files (x86)\ktkm23.dll [2006.10.11 07:45:12 | 000,116,841 | ---- | C] () -- C:\Program Files (x86)\ktkm26.dll [2006.10.11 07:45:12 | 000,100,786 | ---- | C] () -- C:\Program Files (x86)\ktkm28.dll [2006.10.11 07:45:12 | 000,099,867 | ---- | C] () -- C:\Program Files (x86)\ktkm13.dll [2006.10.11 07:45:12 | 000,098,442 | ---- | C] () -- C:\Program Files (x86)\ktkm35.dll [2006.10.11 07:45:12 | 000,096,166 | ---- | C] () -- C:\Program Files (x86)\ktkm1.dll [2006.10.11 07:45:12 | 000,092,400 | ---- | C] () -- C:\Program Files (x86)\ktkm7.dll [2006.10.11 07:45:12 | 000,082,542 | ---- | C] () -- C:\Program Files (x86)\ktkm37.dll [2006.10.11 07:45:12 | 000,070,888 | ---- | C] () -- C:\Program Files (x86)\ktkm19.dll [2006.10.11 07:45:12 | 000,066,908 | ---- | C] () -- C:\Program Files (x86)\ktkm17.dll [2006.10.11 07:45:12 | 000,066,862 | ---- | C] () -- C:\Program Files (x86)\ktkm33.dll [2006.10.11 07:45:12 | 000,065,092 | ---- | C] () -- C:\Program Files (x86)\ktkm27.dll [2006.10.11 07:45:12 | 000,064,070 | ---- | C] () -- C:\Program Files (x86)\ktkm21.dll [2006.10.11 07:45:12 | 000,062,722 | ---- | C] () -- C:\Program Files (x86)\ktkm39.dll [2006.10.11 07:45:12 | 000,062,631 | ---- | C] () -- C:\Program Files (x86)\ktkm11.dll [2006.10.11 07:45:12 | 000,058,192 | ---- | C] () -- C:\Program Files (x86)\ktkm6.dll [2006.10.11 07:45:12 | 000,058,015 | ---- | C] () -- C:\Program Files (x86)\ktkm10.dll [2006.10.11 07:45:12 | 000,056,992 | ---- | C] () -- C:\Program Files (x86)\ktkm24.dll [2006.10.11 07:45:12 | 000,056,338 | ---- | C] () -- C:\Program Files (x86)\ktkm666.dll [2006.10.11 07:45:12 | 000,055,186 | ---- | C] () -- C:\Program Files (x86)\ktkm5.dll [2006.10.11 07:45:12 | 000,049,094 | ---- | C] () -- C:\Program Files (x86)\ktkm25.dll [2006.10.11 07:45:12 | 000,047,186 | ---- | C] () -- C:\Program Files (x86)\ktkm31.dll [2006.10.11 07:45:12 | 000,043,133 | ---- | C] () -- C:\Program Files (x86)\ktkm4.dll [2006.10.11 07:45:12 | 000,032,965 | ---- | C] () -- C:\Program Files (x86)\ktkm30.dll [2006.10.11 07:45:12 | 000,030,166 | ---- | C] () -- C:\Program Files (x86)\ktkm9.dll [2006.10.11 07:45:12 | 000,022,657 | ---- | C] () -- C:\Program Files (x86)\ktkm3.dll [2006.10.11 07:45:12 | 000,020,926 | ---- | C] () -- C:\Program Files (x86)\ktkm36.dll [2006.10.11 07:45:12 | 000,015,165 | ---- | C] () -- C:\Program Files (x86)\ktkm2.dll [2006.10.11 07:45:12 | 000,005,463 | ---- | C] () -- C:\Program Files (x86)\ktkm34.dll [2006.10.11 07:45:12 | 000,000,728 | ---- | C] () -- C:\Program Files (x86)\mafosav.INI [2006.10.11 07:45:12 | 000,000,133 | ---- | C] () -- C:\Program Files (x86)\forevermopt.INI ========== ZeroAccess Check ========== [2010.11.20 05:28:38 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\AppData\Local\{af8c0770-f467-4c40-b413-ea2b955341b5}\L [2010.11.20 05:28:38 | 000,000,000 | -HSD | M] -- C:\Users\Philipp\AppData\Local\{af8c0770-f467-4c40-b413-ea2b955341b5}\U [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Users\Philipp\AppData\Local\{af8c0770-f467-4c40-b413-ea2b955341b5}\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010.11.20 05:27:26 | 014,174,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.11.20 04:21:20 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.21 18:56:03 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\.minecraft [2010.07.17 21:00:41 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ableton [2012.09.13 18:12:17 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Aescripts [2010.08.26 13:09:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\AnvSoft [2010.09.10 22:48:48 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Ashampoo [2010.09.20 13:52:10 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\AusLogics [2012.10.19 21:28:34 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\avidemux [2010.12.27 13:10:31 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Canon [2013.01.13 18:59:39 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.05.09 13:00:46 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2010.10.16 19:08:14 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\com.adobe.ResourceCentral [2013.03.04 17:33:53 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Dropbox [2013.02.22 15:57:28 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\GoPro [2012.02.22 15:00:35 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\HDRsoft [2013.02.25 00:36:50 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Hotspot Shield [2011.02.19 16:28:15 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ICQ [2012.01.12 17:42:51 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\IrfanView [2012.08.12 23:13:30 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\LRTimelapse [2012.02.20 17:10:09 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Need for Speed World [2010.07.11 22:26:04 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Nokia [2010.06.17 15:13:57 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PACE Anti-Piracy [2010.07.11 22:26:11 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PC Suite [2012.05.21 17:12:09 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\PDAppFlex [2012.02.05 18:18:11 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Red Giant Link [2010.07.24 16:07:48 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1 [2012.12.23 21:01:47 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Simfy [2010.06.17 15:15:29 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.08.06 00:55:01 | 000,000,000 | RHSD | M] -- C:\Users\Philipp\AppData\Roaming\System32 [2010.06.17 11:57:02 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Thunderbird [2010.08.26 14:26:13 | 000,000,000 | ---D | M] -- C:\Users\Philipp\AppData\Roaming\Youtube Downloader HD ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.06.17 10:09:58 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.01.12 15:39:21 | 000,000,000 | ---D | M] -- C:\BlueJ [2012.02.04 18:59:20 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.06.17 10:09:48 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2015.07.25 03:24:10 | 000,000,000 | ---D | M] -- C:\Guru3D.com [2010.06.17 10:14:50 | 000,000,000 | ---D | M] -- C:\Intel [2012.04.25 13:10:06 | 000,000,000 | ---D | M] -- C:\MoTemp [2010.06.17 14:15:05 | 000,000,000 | R--D | M] -- C:\MSOCache [2012.05.10 12:16:04 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.11.23 13:17:29 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.25 00:36:59 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.03.04 19:05:17 | 000,000,000 | ---D | M] -- C:\ProgramData [2010.06.17 10:09:48 | 000,000,000 | -HSD | M] -- C:\Programme [2012.11.30 21:20:19 | 000,000,000 | ---D | M] -- C:\QUARANTINE [2010.06.17 10:49:04 | 000,000,000 | ---D | M] -- C:\RaidTool [2010.06.17 10:09:48 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.01.12 18:11:20 | 000,000,000 | ---D | M] -- C:\Skripte [2013.02.25 00:38:08 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.05.10 12:16:09 | 000,000,000 | R--D | M] -- C:\Users [2013.03.04 19:16:25 | 000,000,000 | ---D | M] -- C:\Windows [2010.06.17 10:50:01 | 000,000,000 | ---D | M] -- C:\Windows.old < %PROGRAMFILES%\*.exe > [2009.06.04 01:11:35 | 018,221,327 | ---- | M] (www.softendo.com) -- C:\Program Files (x86)\MarioForever V4.4.exe [2010.10.23 17:57:54 | 000,076,686 | ---- | M] () -- C:\Program Files (x86)\Uninstal.exe < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 04:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.06.17 14:04:14 | 000,001,108 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2010.06.17 14:04:14 | 000,001,112 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.08.16 21:58:37 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Philipp\AppData\Local\Temp\RarSFX0\procs\explorer.exe [2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Philipp\AppData\Local\Temp\RarSFX1\procs\explorer.exe [2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Philipp\AppData\Local\Temp\RarSFX2\procs\explorer.exe [2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Philipp\AppData\Local\Temp\RarSFX3\procs\explorer.exe [2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe [2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Philipp\AppData\Local\Temp\RarSFX0\h\explorer.exe [2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Philipp\AppData\Local\Temp\RarSFX1\h\explorer.exe [2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Philipp\AppData\Local\Temp\RarSFX2\h\explorer.exe [2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Philipp\AppData\Local\Temp\RarSFX3\h\explorer.exe [2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe [2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2013.03.04 18:09:22 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) MD5=ED0F04D5DE32FEC14E91D7DD9571580D -- C:\Users\Philipp\Downloads\eXplorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys [2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys [2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Philipp\AppData\Local\Temp\RarSFX0\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Philipp\AppData\Local\Temp\RarSFX1\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Philipp\AppData\Local\Temp\RarSFX2\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Philipp\AppData\Local\Temp\RarSFX3\userinit.exe [2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Scannen\Chameleon\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Philipp\AppData\Local\Temp\RarSFX0\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Philipp\AppData\Local\Temp\RarSFX1\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Philipp\AppData\Local\Temp\RarSFX2\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Philipp\AppData\Local\Temp\RarSFX3\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.03.04 19:35:43 | 006,291,456 | -HS- | M] () -- C:\Users\Philipp\NTUSER.DAT [2013.03.04 19:35:43 | 000,262,144 | -HS- | M] () -- C:\Users\Philipp\ntuser.dat.LOG1 [2010.06.17 10:09:53 | 000,000,000 | -HS- | M] () -- C:\Users\Philipp\ntuser.dat.LOG2 [2010.06.17 10:15:31 | 000,065,536 | -HS- | M] () -- C:\Users\Philipp\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.06.17 10:15:31 | 000,524,288 | -HS- | M] () -- C:\Users\Philipp\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.06.17 10:15:31 | 000,524,288 | -HS- | M] () -- C:\Users\Philipp\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.06.17 10:09:53 | 000,000,020 | -HS- | M] () -- C:\Users\Philipp\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:054203E4 < End of report > |
|
04.03.2013, 22:10
| #7 |
| | System repair wizard trojaner TDSS Killer Log-file: 21:59:54.0828 2452 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 21:59:55.0234 2452 ============================================================ 21:59:55.0234 2452 Current date / time: 2013/03/04 21:59:55.0234 21:59:55.0234 2452 SystemInfo: 21:59:55.0234 2452 21:59:55.0234 2452 OS Version: 6.1.7601 ServicePack: 1.0 21:59:55.0234 2452 Product type: Workstation 21:59:55.0234 2452 ComputerName: PCPS 21:59:55.0234 2452 UserName: Philipp 21:59:55.0234 2452 Windows directory: C:\Windows 21:59:55.0234 2452 System windows directory: C:\Windows 21:59:55.0234 2452 Running under WOW64 21:59:55.0234 2452 Processor architecture: Intel x64 21:59:55.0234 2452 Number of processors: 8 21:59:55.0234 2452 Page size: 0x1000 21:59:55.0234 2452 Boot type: Normal boot 21:59:55.0234 2452 ============================================================ 21:59:56.0872 2452 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:59:56.0872 2452 ============================================================ 21:59:56.0872 2452 \Device\Harddisk0\DR0: 21:59:56.0872 2452 MBR partitions: 21:59:56.0872 2452 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA9667000 21:59:56.0872 2452 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA9668000, BlocksNum 0x3F7990B0 21:59:56.0872 2452 ============================================================ 21:59:56.0918 2452 C: <-> \Device\Harddisk0\DR0\Partition1 21:59:56.0918 2452 ============================================================ 21:59:56.0918 2452 Initialize success 21:59:56.0918 2452 ============================================================ 22:00:54.0648 3660 ============================================================ 22:00:54.0648 3660 Scan started 22:00:54.0648 3660 Mode: Manual; SigCheck; TDLFS; 22:00:54.0648 3660 ============================================================ 22:00:55.0006 3660 ================ Scan system memory ======================== 22:00:55.0006 3660 System memory - ok 22:00:55.0006 3660 ================ Scan services ============================= 22:00:55.0131 3660 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 22:00:55.0287 3660 1394ohci - ok 22:00:55.0318 3660 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 22:00:55.0334 3660 ACPI - ok 22:00:55.0365 3660 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 22:00:55.0490 3660 AcpiPmi - ok 22:00:55.0615 3660 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 22:00:55.0740 3660 AdobeARMservice - ok 22:00:55.0880 3660 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 22:00:55.0989 3660 AdobeFlashPlayerUpdateSvc - ok 22:00:56.0036 3660 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 22:00:56.0083 3660 adp94xx - ok 22:00:56.0098 3660 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 22:00:56.0130 3660 adpahci - ok 22:00:56.0145 3660 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 22:00:56.0176 3660 adpu320 - ok 22:00:56.0192 3660 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 22:00:56.0270 3660 AeLookupSvc - ok 22:00:56.0332 3660 [ D31DC7A16DEA4A9BAF179F3D6FBDB38C ] AFD C:\Windows\system32\drivers\afd.sys 22:00:56.0473 3660 AFD - ok 22:00:56.0504 3660 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 22:00:56.0520 3660 agp440 - ok 22:00:56.0535 3660 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 22:00:56.0551 3660 ALG - ok 22:00:56.0582 3660 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 22:00:56.0598 3660 aliide - ok 22:00:56.0613 3660 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 22:00:56.0644 3660 amdide - ok 22:00:56.0644 3660 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 22:00:56.0691 3660 AmdK8 - ok 22:00:56.0707 3660 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 22:00:56.0754 3660 AmdPPM - ok 22:00:56.0785 3660 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys 22:00:56.0863 3660 amdsata - ok 22:00:56.0878 3660 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 22:00:56.0894 3660 amdsbs - ok 22:00:56.0894 3660 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys 22:00:57.0003 3660 amdxata - ok 22:00:57.0019 3660 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 22:00:57.0159 3660 AppID - ok 22:00:57.0175 3660 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 22:00:57.0222 3660 AppIDSvc - ok 22:00:57.0253 3660 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 22:00:57.0346 3660 Appinfo - ok 22:00:57.0424 3660 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 22:00:57.0518 3660 Apple Mobile Device - ok 22:00:57.0534 3660 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 22:00:57.0565 3660 AppMgmt - ok 22:00:57.0580 3660 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 22:00:57.0580 3660 arc - ok 22:00:57.0580 3660 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 22:00:57.0596 3660 arcsas - ok 22:00:57.0612 3660 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 22:00:57.0674 3660 AsyncMac - ok 22:00:57.0705 3660 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 22:00:57.0721 3660 atapi - ok 22:00:57.0752 3660 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 22:00:57.0877 3660 AudioEndpointBuilder - ok 22:00:57.0908 3660 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 22:00:57.0939 3660 AudioSrv - ok 22:00:57.0986 3660 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 22:00:58.0064 3660 AxInstSV - ok 22:00:58.0080 3660 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 22:00:58.0111 3660 b06bdrv - ok 22:00:58.0158 3660 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 22:00:58.0204 3660 b57nd60a - ok 22:00:58.0236 3660 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 22:00:58.0298 3660 BDESVC - ok 22:00:58.0298 3660 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 22:00:58.0345 3660 Beep - ok 22:00:58.0392 3660 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 22:00:58.0532 3660 BFE - ok 22:00:58.0563 3660 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 22:00:58.0626 3660 BITS - ok 22:00:58.0641 3660 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 22:00:58.0672 3660 blbdrive - ok 22:00:58.0719 3660 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 22:00:58.0828 3660 Bonjour Service - ok 22:00:58.0844 3660 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 22:00:58.0906 3660 bowser - ok 22:00:58.0922 3660 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 22:00:58.0969 3660 BrFiltLo - ok 22:00:58.0969 3660 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 22:00:59.0000 3660 BrFiltUp - ok 22:00:59.0031 3660 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll 22:00:59.0125 3660 Browser - ok 22:00:59.0156 3660 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 22:00:59.0187 3660 Brserid - ok 22:00:59.0203 3660 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 22:00:59.0265 3660 BrSerWdm - ok 22:00:59.0265 3660 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 22:00:59.0296 3660 BrUsbMdm - ok 22:00:59.0312 3660 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 22:00:59.0328 3660 BrUsbSer - ok 22:00:59.0343 3660 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 22:00:59.0359 3660 BTHMODEM - ok 22:00:59.0359 3660 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 22:00:59.0390 3660 bthserv - ok 22:00:59.0406 3660 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 22:00:59.0437 3660 cdfs - ok 22:00:59.0484 3660 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 22:00:59.0577 3660 cdrom - ok 22:00:59.0640 3660 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 22:00:59.0718 3660 CertPropSvc - ok 22:00:59.0749 3660 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 22:00:59.0764 3660 circlass - ok 22:00:59.0796 3660 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 22:00:59.0842 3660 CLFS - ok 22:00:59.0889 3660 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:00:59.0920 3660 clr_optimization_v2.0.50727_32 - ok 22:00:59.0967 3660 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 22:00:59.0998 3660 clr_optimization_v2.0.50727_64 - ok 22:00:59.0998 3660 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 22:01:00.0045 3660 CmBatt - ok 22:01:00.0045 3660 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 22:01:00.0061 3660 cmdide - ok 22:01:00.0092 3660 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys 22:01:00.0154 3660 CNG - ok 22:01:00.0154 3660 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 22:01:00.0170 3660 Compbatt - ok 22:01:00.0232 3660 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 22:01:00.0326 3660 CompositeBus - ok 22:01:00.0326 3660 COMSysApp - ok 22:01:00.0373 3660 [ 641243746597FBD650E5000D95811EA3 ] cpuz133 C:\Windows\system32\drivers\cpuz133_x64.sys 22:01:00.0560 3660 cpuz133 - ok 22:01:00.0576 3660 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 22:01:00.0591 3660 crcdisk - ok 22:01:00.0622 3660 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll 22:01:00.0732 3660 CryptSvc - ok 22:01:00.0763 3660 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 22:01:00.0856 3660 CSC - ok 22:01:00.0888 3660 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 22:01:00.0981 3660 CscService - ok 22:01:00.0997 3660 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 22:01:01.0028 3660 DcomLaunch - ok 22:01:01.0075 3660 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 22:01:01.0137 3660 defragsvc - ok 22:01:01.0168 3660 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 22:01:01.0262 3660 DfsC - ok 22:01:01.0293 3660 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 22:01:01.0356 3660 Dhcp - ok 22:01:01.0371 3660 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 22:01:01.0418 3660 discache - ok 22:01:01.0434 3660 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 22:01:01.0434 3660 Disk - ok 22:01:01.0465 3660 [ CD55F5355D8F55D44C9F4ED875705BD6 ] Dnscache C:\Windows\System32\dnsrslvr.dll 22:01:01.0605 3660 Dnscache - ok 22:01:01.0636 3660 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 22:01:01.0746 3660 dot3svc - ok 22:01:01.0761 3660 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 22:01:01.0839 3660 DPS - ok 22:01:01.0870 3660 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 22:01:01.0917 3660 drmkaud - ok 22:01:01.0980 3660 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 22:01:02.0073 3660 DXGKrnl - ok 22:01:02.0089 3660 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 22:01:02.0167 3660 EapHost - ok 22:01:02.0229 3660 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 22:01:02.0370 3660 ebdrv - ok 22:01:02.0401 3660 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe 22:01:02.0432 3660 EFS - ok 22:01:02.0494 3660 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 22:01:02.0588 3660 ehRecvr - ok 22:01:02.0604 3660 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 22:01:02.0619 3660 ehSched - ok 22:01:02.0650 3660 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 22:01:02.0666 3660 elxstor - ok 22:01:02.0697 3660 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 22:01:02.0744 3660 ErrDev - ok 22:01:02.0760 3660 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 22:01:02.0838 3660 EventSystem - ok 22:01:02.0869 3660 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 22:01:02.0916 3660 exfat - ok 22:01:02.0931 3660 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 22:01:02.0962 3660 fastfat - ok 22:01:02.0994 3660 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 22:01:03.0072 3660 Fax - ok 22:01:03.0087 3660 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 22:01:03.0118 3660 fdc - ok 22:01:03.0134 3660 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 22:01:03.0196 3660 fdPHost - ok 22:01:03.0196 3660 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 22:01:03.0243 3660 FDResPub - ok 22:01:03.0259 3660 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 22:01:03.0259 3660 FileInfo - ok 22:01:03.0259 3660 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 22:01:03.0306 3660 Filetrace - ok 22:01:03.0321 3660 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 22:01:03.0352 3660 flpydisk - ok 22:01:03.0384 3660 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 22:01:03.0477 3660 FltMgr - ok 22:01:03.0524 3660 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll 22:01:03.0633 3660 FontCache - ok 22:01:03.0664 3660 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:01:03.0758 3660 FontCache3.0.0.0 - ok 22:01:03.0774 3660 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 22:01:03.0789 3660 FsDepends - ok 22:01:03.0789 3660 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 22:01:03.0805 3660 Fs_Rec - ok 22:01:03.0820 3660 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 22:01:03.0883 3660 fvevol - ok 22:01:03.0898 3660 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 22:01:03.0914 3660 gagp30kx - ok 22:01:03.0961 3660 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 22:01:04.0054 3660 GEARAspiWDM - ok 22:01:04.0101 3660 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 22:01:04.0226 3660 gpsvc - ok 22:01:04.0351 3660 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 22:01:04.0444 3660 gupdate - ok 22:01:04.0507 3660 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 22:01:04.0522 3660 gupdatem - ok 22:01:04.0554 3660 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys 22:01:04.0647 3660 hamachi - ok 22:01:04.0663 3660 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 22:01:04.0710 3660 hcw85cir - ok 22:01:04.0756 3660 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 22:01:04.0866 3660 HdAudAddService - ok 22:01:04.0866 3660 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 22:01:04.0912 3660 HDAudBus - ok 22:01:04.0912 3660 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 22:01:04.0944 3660 HidBatt - ok 22:01:04.0959 3660 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 22:01:05.0006 3660 HidBth - ok 22:01:05.0022 3660 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 22:01:05.0068 3660 HidIr - ok 22:01:05.0100 3660 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 22:01:05.0162 3660 hidserv - ok 22:01:05.0178 3660 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 22:01:05.0256 3660 HidUsb - ok 22:01:05.0287 3660 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 22:01:05.0396 3660 hkmsvc - ok 22:01:05.0443 3660 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 22:01:05.0568 3660 HomeGroupListener - ok 22:01:05.0599 3660 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 22:01:05.0708 3660 HomeGroupProvider - ok 22:01:05.0724 3660 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 22:01:05.0755 3660 HpSAMD - ok 22:01:06.0051 3660 [ CCFA6A6925E4544A8167B753C7DDE345 ] hshld C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe 22:01:06.0145 3660 hshld - ok 22:01:06.0207 3660 [ CA53DA4C3EAD4C86918E7F80CD281ABB ] HssDRV6 C:\Windows\system32\DRIVERS\hssdrv6.sys 22:01:06.0285 3660 HssDRV6 - ok 22:01:06.0316 3660 [ 7321BCA90DD53CC46EFDF1D4D44964E1 ] HssSrv C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe 22:01:06.0441 3660 HssSrv - ok 22:01:06.0488 3660 [ 01BEF3BF1C5262B76981D430E430E89B ] HssTrayService C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE 22:01:06.0582 3660 HssTrayService - ok 22:01:06.0613 3660 [ 2E1DF960A48BDE321881823ABBB2E1C7 ] HssWd C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe 22:01:06.0691 3660 HssWd - ok 22:01:06.0722 3660 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 22:01:06.0862 3660 HTTP - ok 22:01:06.0894 3660 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 22:01:06.0987 3660 hwpolicy - ok 22:01:07.0018 3660 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 22:01:07.0050 3660 i8042prt - ok 22:01:07.0065 3660 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 22:01:07.0159 3660 iaStorV - ok 22:01:07.0221 3660 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 22:01:07.0346 3660 idsvc - ok 22:01:07.0377 3660 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 22:01:07.0377 3660 iirsp - ok 22:01:07.0424 3660 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 22:01:07.0564 3660 IKEEXT - ok 22:01:07.0596 3660 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 22:01:07.0611 3660 intelide - ok 22:01:07.0627 3660 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 22:01:07.0642 3660 intelppm - ok 22:01:07.0674 3660 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 22:01:07.0736 3660 IPBusEnum - ok 22:01:07.0736 3660 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:01:07.0845 3660 IpFilterDriver - ok 22:01:07.0892 3660 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 22:01:07.0970 3660 iphlpsvc - ok 22:01:08.0032 3660 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 22:01:08.0095 3660 IPMIDRV - ok 22:01:08.0110 3660 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 22:01:08.0173 3660 IPNAT - ok 22:01:08.0235 3660 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 22:01:08.0329 3660 iPod Service - ok 22:01:08.0344 3660 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 22:01:08.0391 3660 IRENUM - ok 22:01:08.0422 3660 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 22:01:08.0438 3660 isapnp - ok 22:01:08.0485 3660 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 22:01:08.0610 3660 iScsiPrt - ok 22:01:08.0656 3660 [ 86CFEF6DC6DE51AAB0C10384FE98F48F ] JRAID C:\Windows\system32\DRIVERS\jraid.sys 22:01:08.0750 3660 JRAID - ok 22:01:08.0750 3660 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 22:01:08.0766 3660 kbdclass - ok 22:01:08.0812 3660 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 22:01:08.0937 3660 kbdhid - ok 22:01:08.0953 3660 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe 22:01:08.0984 3660 KeyIso - ok 22:01:09.0000 3660 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 22:01:09.0046 3660 KSecDD - ok 22:01:09.0046 3660 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 22:01:09.0109 3660 KSecPkg - ok 22:01:09.0140 3660 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 22:01:09.0171 3660 ksthunk - ok 22:01:09.0202 3660 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 22:01:09.0280 3660 KtmRm - ok 22:01:09.0327 3660 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 22:01:09.0374 3660 LanmanServer - ok 22:01:09.0405 3660 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 22:01:09.0514 3660 LanmanWorkstation - ok 22:01:09.0577 3660 [ 17203D81A68D9162DB9022A1FC601778 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 22:01:09.0670 3660 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 22:01:09.0670 3660 LightScribeService - detected UnsignedFile.Multi.Generic (1) 22:01:09.0702 3660 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 22:01:09.0764 3660 lltdio - ok 22:01:09.0780 3660 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 22:01:09.0811 3660 lltdsvc - ok 22:01:09.0826 3660 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 22:01:09.0858 3660 lmhosts - ok 22:01:09.0858 3660 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 22:01:09.0873 3660 LSI_FC - ok 22:01:09.0889 3660 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 22:01:09.0904 3660 LSI_SAS - ok 22:01:09.0904 3660 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 22:01:09.0920 3660 LSI_SAS2 - ok 22:01:09.0936 3660 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 22:01:09.0951 3660 LSI_SCSI - ok 22:01:09.0951 3660 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 22:01:09.0982 3660 luafv - ok 22:01:10.0014 3660 [ 639DA8F468552785E15F0F2FD8DB44B3 ] McAfeeEngineService C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe 22:01:10.0060 3660 McAfeeEngineService - ok 22:01:10.0138 3660 [ 1B963D79740B187795407CD03E2F7B4D ] McAfeeFramework C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe 22:01:10.0248 3660 McAfeeFramework - ok 22:01:10.0263 3660 [ 4E09D8C4C861348A7F1C12A5AA9C4DE7 ] McShield C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe 22:01:10.0357 3660 McShield - ok 22:01:10.0388 3660 [ 3774AAD155F31D58D932861D0A4FD641 ] McTaskManager C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe 22:01:10.0450 3660 McTaskManager - ok 22:01:10.0497 3660 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 22:01:10.0591 3660 Mcx2Svc - ok 22:01:10.0622 3660 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 22:01:10.0638 3660 megasas - ok 22:01:10.0638 3660 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 22:01:10.0653 3660 MegaSR - ok 22:01:10.0684 3660 [ E2D642A38A8DC4722F859092F731B6A3 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys 22:01:10.0731 3660 mfeapfk - ok 22:01:10.0762 3660 [ AE23ED41216E160F54E5EF1A5EE325F7 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys 22:01:10.0825 3660 mfeavfk - ok 22:01:10.0856 3660 [ BC76BC7129B2206098AC220B656F15B7 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys 22:01:10.0918 3660 mfehidk - ok 22:01:10.0934 3660 [ C7C15D125AA697BE97087D197C9FAD08 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys 22:01:10.0996 3660 mferkdet - ok 22:01:11.0012 3660 [ 41CA4C4292004486D004D357B9C19718 ] mfetdik C:\Windows\system32\drivers\mfetdik.sys 22:01:11.0074 3660 mfetdik - ok 22:01:11.0090 3660 [ C39855495E82EC6B02E6190C34A1B752 ] mfevtp C:\Windows\system32\mfevtps.exe 22:01:11.0152 3660 mfevtp - ok 22:01:11.0184 3660 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 22:01:11.0246 3660 MMCSS - ok 22:01:11.0262 3660 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 22:01:11.0324 3660 Modem - ok 22:01:11.0371 3660 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 22:01:11.0418 3660 monitor - ok 22:01:11.0433 3660 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 22:01:11.0449 3660 mouclass - ok 22:01:11.0449 3660 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 22:01:11.0496 3660 mouhid - ok 22:01:11.0542 3660 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 22:01:11.0620 3660 mountmgr - ok 22:01:11.0636 3660 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 22:01:11.0698 3660 mpio - ok 22:01:11.0714 3660 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 22:01:11.0745 3660 mpsdrv - ok 22:01:11.0792 3660 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 22:01:11.0917 3660 MpsSvc - ok 22:01:11.0948 3660 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 22:01:12.0073 3660 MRxDAV - ok 22:01:12.0104 3660 [ FAF015B07E3A2874A790A39B7D2C579F ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 22:01:12.0182 3660 mrxsmb - ok 22:01:12.0213 3660 [ 08E2345DF129082BCDFFDC1440F9C00D ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:01:12.0322 3660 mrxsmb10 - ok 22:01:12.0354 3660 [ 108D87409C5812EF47D81E22843E8C9D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:01:12.0432 3660 mrxsmb20 - ok 22:01:12.0478 3660 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 22:01:12.0525 3660 msahci - ok 22:01:12.0572 3660 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 22:01:12.0634 3660 msdsm - ok 22:01:12.0650 3660 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 22:01:12.0666 3660 MSDTC - ok 22:01:12.0681 3660 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 22:01:12.0697 3660 Msfs - ok 22:01:12.0712 3660 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 22:01:12.0744 3660 mshidkmdf - ok 22:01:12.0759 3660 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 22:01:12.0775 3660 msisadrv - ok 22:01:12.0806 3660 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 22:01:12.0868 3660 MSiSCSI - ok 22:01:12.0868 3660 msiserver - ok 22:01:12.0884 3660 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 22:01:12.0931 3660 MSKSSRV - ok 22:01:12.0946 3660 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 22:01:13.0024 3660 MSPCLOCK - ok 22:01:13.0040 3660 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 22:01:13.0102 3660 MSPQM - ok 22:01:13.0134 3660 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 22:01:13.0196 3660 MsRPC - ok 22:01:13.0227 3660 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 22:01:13.0227 3660 mssmbios - ok 22:01:13.0227 3660 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 22:01:13.0258 3660 MSTEE - ok 22:01:13.0274 3660 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 22:01:13.0321 3660 MTConfig - ok 22:01:13.0352 3660 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys 22:01:13.0430 3660 MTsensor - ok 22:01:13.0446 3660 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 22:01:13.0461 3660 Mup - ok 22:01:13.0508 3660 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 22:01:13.0633 3660 napagent - ok 22:01:13.0680 3660 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 22:01:13.0711 3660 NativeWifiP - ok 22:01:13.0773 3660 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys 22:01:13.0820 3660 NDIS - ok 22:01:13.0836 3660 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 22:01:13.0867 3660 NdisCap - ok 22:01:13.0898 3660 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 22:01:13.0945 3660 NdisTapi - ok 22:01:13.0960 3660 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 22:01:14.0054 3660 Ndisuio - ok 22:01:14.0070 3660 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 22:01:14.0148 3660 NdisWan - ok 22:01:14.0179 3660 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 22:01:14.0304 3660 NDProxy - ok 22:01:14.0304 3660 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 22:01:14.0350 3660 NetBIOS - ok 22:01:14.0382 3660 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 22:01:14.0491 3660 NetBT - ok 22:01:14.0506 3660 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe 22:01:14.0506 3660 Netlogon - ok 22:01:14.0553 3660 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 22:01:14.0584 3660 Netman - ok 22:01:14.0584 3660 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 22:01:14.0647 3660 netprofm - ok 22:01:14.0694 3660 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:01:14.0709 3660 NetTcpPortSharing - ok 22:01:14.0709 3660 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 22:01:14.0725 3660 nfrd960 - ok 22:01:14.0772 3660 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 22:01:14.0865 3660 NlaSvc - ok 22:01:14.0928 3660 [ 4B300DC9B143C99674B6ECD917384155 ] nmwcdcx64 C:\Windows\system32\drivers\ccdcmbox64.sys 22:01:15.0115 3660 nmwcdcx64 - ok 22:01:15.0162 3660 [ DD1D06C2A7E048766482256AB8C755CF ] nmwcdx64 C:\Windows\system32\drivers\ccdcmbx64.sys 22:01:15.0271 3660 nmwcdx64 - ok 22:01:15.0302 3660 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 22:01:15.0333 3660 Npfs - ok 22:01:15.0333 3660 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 22:01:15.0380 3660 nsi - ok 22:01:15.0380 3660 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 22:01:15.0427 3660 nsiproxy - ok 22:01:15.0474 3660 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 22:01:15.0567 3660 Ntfs - ok 22:01:15.0583 3660 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 22:01:15.0614 3660 Null - ok 22:01:15.0708 3660 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 22:01:15.0770 3660 NVHDA - ok 22:01:15.0988 3660 [ 26AA3C7E6E1DB7107BF93503F6F57E88 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 22:01:16.0113 3660 nvlddmkm - ok 22:01:16.0160 3660 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys 22:01:16.0285 3660 nvraid - ok 22:01:16.0300 3660 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys 22:01:16.0363 3660 nvstor - ok 22:01:16.0425 3660 [ A83AC04D672567CAF8BE7A4D73C0B850 ] NVSvc C:\Windows\system32\nvvsvc.exe 22:01:16.0456 3660 NVSvc - ok 22:01:16.0534 3660 [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 22:01:16.0675 3660 nvUpdatusService - ok 22:01:16.0690 3660 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 22:01:16.0706 3660 nv_agp - ok 22:01:16.0784 3660 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 22:01:16.0862 3660 odserv - ok 22:01:16.0909 3660 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 22:01:16.0940 3660 ohci1394 - ok 22:01:16.0987 3660 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:01:17.0080 3660 ose - ok 22:01:17.0096 3660 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 22:01:17.0143 3660 p2pimsvc - ok 22:01:17.0174 3660 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 22:01:17.0236 3660 p2psvc - ok 22:01:17.0252 3660 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 22:01:17.0283 3660 Parport - ok 22:01:17.0314 3660 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys 22:01:17.0424 3660 partmgr - ok 22:01:17.0439 3660 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 22:01:17.0502 3660 PcaSvc - ok 22:01:17.0548 3660 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 22:01:17.0658 3660 pccsmcfd - ok 22:01:17.0689 3660 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 22:01:17.0751 3660 pci - ok 22:01:17.0782 3660 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 22:01:17.0798 3660 pciide - ok 22:01:17.0814 3660 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 22:01:17.0829 3660 pcmcia - ok 22:01:17.0845 3660 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 22:01:17.0860 3660 pcw - ok 22:01:17.0876 3660 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 22:01:17.0907 3660 PEAUTH - ok 22:01:17.0938 3660 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 22:01:18.0001 3660 PeerDistSvc - ok 22:01:18.0063 3660 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 22:01:18.0094 3660 PerfHost - ok 22:01:18.0157 3660 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 22:01:18.0266 3660 pla - ok 22:01:18.0328 3660 [ B806E50427511BCF4AD8E8239C3E25FA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 22:01:18.0453 3660 PlugPlay - ok 22:01:18.0469 3660 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 22:01:18.0500 3660 PNRPAutoReg - ok 22:01:18.0516 3660 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 22:01:18.0531 3660 PNRPsvc - ok 22:01:18.0562 3660 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 22:01:18.0703 3660 PolicyAgent - ok 22:01:18.0734 3660 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 22:01:18.0796 3660 Power - ok 22:01:18.0843 3660 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 22:01:18.0937 3660 PptpMiniport - ok 22:01:18.0952 3660 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 22:01:18.0968 3660 Processor - ok 22:01:19.0015 3660 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll 22:01:19.0077 3660 ProfSvc - ok 22:01:19.0093 3660 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe 22:01:19.0108 3660 ProtectedStorage - ok 22:01:19.0140 3660 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 22:01:19.0264 3660 Psched - ok 22:01:19.0311 3660 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 22:01:19.0405 3660 PxHlpa64 - ok 22:01:19.0436 3660 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 22:01:19.0483 3660 ql2300 - ok 22:01:19.0498 3660 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 22:01:19.0514 3660 ql40xx - ok 22:01:19.0530 3660 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 22:01:19.0561 3660 QWAVE - ok 22:01:19.0576 3660 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 22:01:19.0608 3660 QWAVEdrv - ok 22:01:19.0623 3660 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 22:01:19.0670 3660 RasAcd - ok 22:01:19.0701 3660 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 22:01:19.0748 3660 RasAgileVpn - ok 22:01:19.0764 3660 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 22:01:19.0795 3660 RasAuto - ok 22:01:19.0842 3660 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 22:01:19.0935 3660 Rasl2tp - ok 22:01:19.0982 3660 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 22:01:20.0091 3660 RasMan - ok 22:01:20.0107 3660 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 22:01:20.0138 3660 RasPppoe - ok 22:01:20.0154 3660 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 22:01:20.0185 3660 RasSstp - ok 22:01:20.0200 3660 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 22:01:20.0310 3660 rdbss - ok 22:01:20.0310 3660 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 22:01:20.0341 3660 rdpbus - ok 22:01:20.0372 3660 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 22:01:20.0388 3660 RDPCDD - ok 22:01:20.0434 3660 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 22:01:20.0544 3660 RDPDR - ok 22:01:20.0559 3660 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 22:01:20.0590 3660 RDPENCDD - ok 22:01:20.0590 3660 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 22:01:20.0637 3660 RDPREFMP - ok 22:01:20.0668 3660 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 22:01:20.0762 3660 RDPWD - ok 22:01:20.0793 3660 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 22:01:20.0902 3660 rdyboost - ok 22:01:20.0934 3660 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 22:01:21.0012 3660 RemoteAccess - ok 22:01:21.0027 3660 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 22:01:21.0074 3660 RemoteRegistry - ok 22:01:21.0090 3660 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 22:01:21.0136 3660 RpcEptMapper - ok 22:01:21.0168 3660 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 22:01:21.0183 3660 RpcLocator - ok 22:01:21.0199 3660 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 22:01:21.0214 3660 RpcSs - ok 22:01:21.0230 3660 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 22:01:21.0261 3660 rspndr - ok 22:01:21.0277 3660 [ 3B01789EE4EAEE97F5EB46B711387D5E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 22:01:21.0370 3660 RTL8167 - ok 22:01:21.0386 3660 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 22:01:21.0480 3660 s3cap - ok 22:01:21.0495 3660 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe 22:01:21.0495 3660 SamSs - ok 22:01:21.0542 3660 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 22:01:21.0636 3660 sbp2port - ok 22:01:21.0667 3660 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 22:01:21.0729 3660 SCardSvr - ok 22:01:21.0776 3660 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 22:01:21.0870 3660 scfilter - ok 22:01:21.0932 3660 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 22:01:22.0026 3660 Schedule - ok 22:01:22.0057 3660 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 22:01:22.0088 3660 SCPolicySvc - ok 22:01:22.0135 3660 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 22:01:22.0322 3660 SDRSVC - ok 22:01:22.0400 3660 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 22:01:22.0447 3660 secdrv - ok 22:01:22.0462 3660 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 22:01:22.0556 3660 seclogon - ok 22:01:22.0572 3660 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 22:01:22.0618 3660 SENS - ok 22:01:22.0634 3660 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 22:01:22.0650 3660 SensrSvc - ok 22:01:22.0650 3660 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 22:01:22.0665 3660 Serenum - ok 22:01:22.0696 3660 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 22:01:22.0696 3660 Serial - ok 22:01:22.0743 3660 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 22:01:22.0759 3660 sermouse - ok 22:01:22.0852 3660 [ 8988D1F32F56B3CD3F0F6C39F8A91A98 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe 22:01:22.0993 3660 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning 22:01:22.0993 3660 ServiceLayer - detected UnsignedFile.Multi.Generic (1) 22:01:23.0024 3660 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 22:01:23.0086 3660 SessionEnv - ok 22:01:23.0133 3660 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 22:01:23.0180 3660 sffdisk - ok 22:01:23.0196 3660 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 22:01:23.0227 3660 sffp_mmc - ok 22:01:23.0242 3660 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 22:01:23.0352 3660 sffp_sd - ok 22:01:23.0367 3660 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 22:01:23.0383 3660 sfloppy - ok 22:01:23.0414 3660 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 22:01:23.0445 3660 SharedAccess - ok 22:01:23.0492 3660 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 22:01:23.0570 3660 ShellHWDetection - ok 22:01:23.0586 3660 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 22:01:23.0601 3660 SiSRaid2 - ok 22:01:23.0632 3660 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 22:01:23.0632 3660 SiSRaid4 - ok 22:01:23.0664 3660 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 22:01:23.0679 3660 Smb - ok 22:01:23.0710 3660 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 22:01:23.0726 3660 SNMPTRAP - ok 22:01:23.0773 3660 [ 5F9785E7535F8F602CB294A54962C9E7 ] speedfan C:\Windows\syswow64\speedfan.sys 22:01:23.0882 3660 speedfan - ok 22:01:23.0898 3660 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 22:01:23.0913 3660 spldr - ok 22:01:23.0944 3660 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe 22:01:24.0038 3660 Spooler - ok 22:01:24.0132 3660 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 22:01:24.0178 3660 sppsvc - ok 22:01:24.0194 3660 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 22:01:24.0225 3660 sppuinotify - ok 22:01:24.0272 3660 [ 2098B8556D1CEC2ACA9A29CD479E3692 ] srv C:\Windows\system32\DRIVERS\srv.sys 22:01:24.0366 3660 srv - ok 22:01:24.0412 3660 [ D0F73A42040F21F92FD314B42AC5C9E7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 22:01:24.0522 3660 srv2 - ok 22:01:24.0553 3660 [ 2BA8F3250828CCDB4204ECF2C6F40B6A ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 22:01:24.0646 3660 srvnet - ok 22:01:24.0693 3660 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 22:01:24.0756 3660 SSDPSRV - ok 22:01:24.0771 3660 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 22:01:24.0818 3660 SstpSvc - ok 22:01:24.0927 3660 [ 00FCEC4DA4198F5F2B9BBD9225842568 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 22:01:25.0036 3660 Stereo Service - ok 22:01:25.0052 3660 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 22:01:25.0068 3660 stexstor - ok 22:01:25.0130 3660 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 22:01:25.0224 3660 stisvc - ok 22:01:25.0255 3660 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 22:01:25.0348 3660 storflt - ok 22:01:25.0364 3660 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 22:01:25.0380 3660 StorSvc - ok 22:01:25.0395 3660 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 22:01:25.0442 3660 storvsc - ok 22:01:25.0473 3660 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 22:01:25.0489 3660 swenum - ok 22:01:25.0598 3660 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 22:01:25.0723 3660 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 22:01:25.0723 3660 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 22:01:25.0738 3660 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 22:01:25.0785 3660 swprv - ok 22:01:25.0894 3660 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 22:01:25.0988 3660 SysMain - ok 22:01:26.0019 3660 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 22:01:26.0144 3660 TabletInputService - ok 22:01:26.0175 3660 [ 796FFF20E497A65EF8C0DE94E5B0F70F ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys 22:01:26.0269 3660 taphss6 - ok 22:01:26.0300 3660 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 22:01:26.0394 3660 TapiSrv - ok 22:01:26.0425 3660 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 22:01:26.0487 3660 TBS - ok 22:01:26.0550 3660 [ 509383E505C973ED7534A06B3D19688D ] Tcpip C:\Windows\system32\drivers\tcpip.sys 22:01:26.0659 3660 Tcpip - ok 22:01:26.0690 3660 [ 509383E505C973ED7534A06B3D19688D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 22:01:26.0721 3660 TCPIP6 - ok 22:01:26.0752 3660 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 22:01:26.0908 3660 tcpipreg - ok 22:01:26.0940 3660 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 22:01:26.0986 3660 TDPIPE - ok 22:01:27.0002 3660 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 22:01:27.0018 3660 TDTCP - ok 22:01:27.0033 3660 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 22:01:27.0127 3660 tdx - ok 22:01:27.0142 3660 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 22:01:27.0205 3660 TermDD - ok 22:01:27.0236 3660 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 22:01:27.0314 3660 TermService - ok 22:01:27.0345 3660 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 22:01:27.0361 3660 Themes - ok 22:01:27.0376 3660 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 22:01:27.0408 3660 THREADORDER - ok 22:01:27.0454 3660 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 22:01:27.0501 3660 TrkWks - ok 22:01:27.0532 3660 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 22:01:27.0626 3660 TrustedInstaller - ok 22:01:27.0642 3660 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 22:01:27.0735 3660 tssecsrv - ok 22:01:27.0782 3660 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 22:01:27.0876 3660 TsUsbFlt - ok 22:01:27.0922 3660 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 22:01:28.0063 3660 tunnel - ok 22:01:28.0078 3660 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 22:01:28.0094 3660 uagp35 - ok 22:01:28.0141 3660 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 22:01:28.0281 3660 udfs - ok 22:01:28.0297 3660 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 22:01:28.0344 3660 UI0Detect - ok 22:01:28.0359 3660 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 22:01:28.0375 3660 uliagpkx - ok 22:01:28.0406 3660 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 22:01:28.0484 3660 umbus - ok 22:01:28.0515 3660 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 22:01:28.0531 3660 UmPass - ok 22:01:28.0562 3660 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 22:01:28.0624 3660 UmRdpService - ok 22:01:28.0640 3660 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 22:01:28.0718 3660 upnphost - ok 22:01:28.0765 3660 [ 69405C5429EF448B319F08042B897FC6 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys 22:01:28.0890 3660 upperdev - ok 22:01:28.0936 3660 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 22:01:29.0046 3660 USBAAPL64 - ok 22:01:29.0092 3660 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 22:01:29.0233 3660 usbccgp - ok 22:01:29.0280 3660 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 22:01:29.0326 3660 usbcir - ok 22:01:29.0342 3660 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 22:01:29.0436 3660 usbehci - ok 22:01:29.0467 3660 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys 22:01:29.0545 3660 usbhub - ok 22:01:29.0560 3660 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 22:01:29.0576 3660 usbohci - ok 22:01:29.0576 3660 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 22:01:29.0592 3660 usbprint - ok 22:01:29.0638 3660 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys 22:01:29.0701 3660 usbser - ok 22:01:29.0748 3660 [ 0305D5F7D5751D0AE763250EB78DC5D7 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys 22:01:29.0857 3660 UsbserFilt - ok 22:01:29.0873 3660 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:01:29.0935 3660 USBSTOR - ok 22:01:29.0951 3660 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 22:01:29.0966 3660 usbuhci - ok 22:01:29.0982 3660 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 22:01:30.0013 3660 UxSms - ok 22:01:30.0013 3660 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe 22:01:30.0029 3660 VaultSvc - ok 22:01:30.0029 3660 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 22:01:30.0044 3660 vdrvroot - ok 22:01:30.0075 3660 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 22:01:30.0138 3660 vds - ok 22:01:30.0153 3660 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 22:01:30.0169 3660 vga - ok 22:01:30.0169 3660 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 22:01:30.0200 3660 VgaSave - ok 22:01:30.0216 3660 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 22:01:30.0278 3660 vhdmp - ok 22:01:30.0325 3660 [ 627270F2103D41086BAB9675A3315DAB ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys 22:01:30.0481 3660 VIAHdAudAddService - ok 22:01:30.0497 3660 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 22:01:30.0512 3660 viaide - ok 22:01:30.0528 3660 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 22:01:30.0606 3660 vmbus - ok 22:01:30.0637 3660 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 22:01:30.0731 3660 VMBusHID - ok 22:01:30.0731 3660 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 22:01:30.0809 3660 volmgr - ok 22:01:30.0824 3660 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 22:01:30.0887 3660 volmgrx - ok 22:01:30.0918 3660 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 22:01:30.0996 3660 volsnap - ok 22:01:31.0027 3660 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 22:01:31.0043 3660 vsmraid - ok 22:01:31.0105 3660 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 22:01:31.0261 3660 VSS - ok 22:01:31.0261 3660 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 22:01:31.0292 3660 vwifibus - ok 22:01:31.0339 3660 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 22:01:31.0386 3660 W32Time - ok 22:01:31.0401 3660 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 22:01:31.0433 3660 WacomPen - ok 22:01:31.0495 3660 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 22:01:31.0620 3660 WANARP - ok 22:01:31.0620 3660 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 22:01:31.0651 3660 Wanarpv6 - ok 22:01:31.0698 3660 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 22:01:31.0823 3660 wbengine - ok 22:01:31.0838 3660 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 22:01:31.0885 3660 WbioSrvc - ok 22:01:31.0932 3660 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 22:01:32.0041 3660 wcncsvc - ok 22:01:32.0072 3660 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 22:01:32.0088 3660 WcsPlugInService - ok 22:01:32.0103 3660 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 22:01:32.0119 3660 Wd - ok 22:01:32.0135 3660 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 22:01:32.0166 3660 Wdf01000 - ok 22:01:32.0166 3660 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 22:01:32.0213 3660 WdiServiceHost - ok 22:01:32.0213 3660 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 22:01:32.0228 3660 WdiSystemHost - ok 22:01:32.0244 3660 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 22:01:32.0337 3660 WebClient - ok 22:01:32.0337 3660 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 22:01:32.0384 3660 Wecsvc - ok 22:01:32.0400 3660 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 22:01:32.0431 3660 wercplsupport - ok 22:01:32.0447 3660 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 22:01:32.0478 3660 WerSvc - ok 22:01:32.0478 3660 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 22:01:32.0525 3660 WfpLwf - ok 22:01:32.0525 3660 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 22:01:32.0540 3660 WIMMount - ok 22:01:32.0556 3660 WinDefend - ok 22:01:32.0556 3660 WinHttpAutoProxySvc - ok 22:01:32.0603 3660 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 22:01:32.0634 3660 Winmgmt - ok 22:01:32.0696 3660 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 22:01:32.0805 3660 WinRM - ok 22:01:32.0868 3660 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 22:01:32.0961 3660 WinUsb - ok 22:01:32.0993 3660 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 22:01:33.0039 3660 Wlansvc - ok 22:01:33.0071 3660 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 22:01:33.0102 3660 WmiAcpi - ok 22:01:33.0117 3660 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 22:01:33.0149 3660 wmiApSrv - ok 22:01:33.0164 3660 WMPNetworkSvc - ok 22:01:33.0180 3660 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 22:01:33.0211 3660 WPCSvc - ok 22:01:33.0258 3660 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 22:01:33.0351 3660 WPDBusEnum - ok 22:01:33.0367 3660 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 22:01:33.0398 3660 ws2ifsl - ok 22:01:33.0414 3660 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 22:01:33.0445 3660 wscsvc - ok 22:01:33.0445 3660 WSearch - ok 22:01:33.0523 3660 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\Windows\system32\wuaueng.dll 22:01:33.0617 3660 wuauserv - ok 22:01:33.0648 3660 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 22:01:33.0726 3660 WudfPf - ok 22:01:33.0741 3660 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 22:01:33.0835 3660 WUDFRd - ok 22:01:33.0851 3660 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 22:01:33.0929 3660 wudfsvc - ok 22:01:33.0944 3660 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 22:01:33.0960 3660 WwanSvc - ok 22:01:33.0975 3660 ================ Scan global =============================== 22:01:33.0991 3660 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 22:01:34.0038 3660 [ E0406AEF04B088D1C49FC78D0546F689 ] C:\Windows\system32\winsrv.dll 22:01:34.0131 3660 [ E0406AEF04B088D1C49FC78D0546F689 ] C:\Windows\system32\winsrv.dll 22:01:34.0163 3660 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 22:01:34.0178 3660 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 22:01:34.0194 3660 [Global] - ok 22:01:34.0194 3660 ================ Scan MBR ================================== 22:01:34.0194 3660 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 22:01:34.0475 3660 \Device\Harddisk0\DR0 - ok 22:01:34.0490 3660 ================ Scan VBR ================================== 22:01:34.0490 3660 [ 388B7653927B37F77511C9B9050C10D5 ] \Device\Harddisk0\DR0\Partition1 22:01:34.0490 3660 \Device\Harddisk0\DR0\Partition1 - ok 22:01:34.0506 3660 [ 0B6515BB1E677C88B4E7E0A5B6616B9C ] \Device\Harddisk0\DR0\Partition2 22:01:34.0506 3660 \Device\Harddisk0\DR0\Partition2 - ok 22:01:34.0506 3660 ============================================================ 22:01:34.0506 3660 Scan finished 22:01:34.0506 3660 ============================================================ 22:01:34.0521 3848 Detected object count: 3 22:01:34.0521 3848 Actual detected object count: 3 22:03:16.0343 3848 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 22:03:16.0343 3848 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:03:16.0343 3848 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user 22:03:16.0343 3848 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:03:16.0343 3848 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 22:03:16.0343 3848 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
04.03.2013, 22:15
| #8 |
| /// Malware-holic | System repair wizard trojaner wo ist das Malwarebytes log, wo ist das log vom fix mit otl?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.03.2013, 22:34
| #9 |
| | System repair wizard trojaner Hier ist der OTL fix log ========== OTL ========== C:\ProgramData\-oKJlROuTVCyAr moved successfully. C:\ProgramData\-oKJlROuTVCyA moved successfully. C:\ProgramData\oKJlROuTVCyA moved successfully. ========== FILES ========== ========== COMMANDS ========== OTL by OldTimer - Version 3.2.69.0 log created on 03042013_214010 Den Malwarebytes Log habe ich nicht mehr, da ich den Scan schon vor einigen Stunden durchgeführt habe... war allerdings nur ein Quick Scan, soll ich och einen Vollscan machen und den Log dann posten? |
|
05.03.2013, 19:44
| #10 |
| /// Malware-holic | System repair wizard trojaner das log wird automatisch gespeichert, bitte in malwarebytes, logdateien bzw berichte schauen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.03.2013, 19:18
| #11 |
| | System repair wizard trojaner Hier das Malwarrebytes Log nach dem ersten Scandurchgang direkt nachdem ich den Verdacht auf einen Virus hatte als sich die vielen Warnfenster in den Vordergrund gedrängt haben: Malwarebytes Anti-Malware 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.02.17.08 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 8.0.7601.17514 Philipp :: PCPS [Administrator] 03.03.2013 14:46:14 MBAM-log-2013-03-03 (14-50-19).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 232475 Laufzeit: 3 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 9 HKCU\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
08.03.2013, 21:11
| #12 |
| /// Malware-holic | System repair wizard trojaner Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.03.2013, 17:15
| #13 |
| | System repair wizard trojaner Hier die Log datei von Combofix: Combofix Logfile: Code:
ATTFilter ComboFix 13-03-07.03 - Philipp 09.03.2013 16:57:40.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8183.7014 [GMT 1:00]
ausgeführt von:: c:\users\Philipp\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Philipp\AppData\Roaming\system32
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-09 bis 2013-03-09 ))))))))))))))))))))))))))))))
.
.
2013-03-09 16:01 . 2013-03-09 16:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-09 16:01 . 2013-03-09 16:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-04 21:12 . 2013-03-04 21:12 -------- d-----w- c:\windows\SysWow64\Hotspot Shield
2013-03-04 20:40 . 2013-03-04 20:40 -------- d-----w- C:\_OTL
2013-02-22 15:14 . 2013-02-22 15:14 -------- d-----w- c:\users\Philipp\AppData\Local\GoPro
2013-02-22 14:57 . 2013-02-22 14:57 -------- d-----w- c:\users\Philipp\AppData\Roaming\GoPro
2013-02-22 14:48 . 2013-02-22 14:48 -------- d-----w- c:\program files (x86)\CineForm
2013-02-22 14:48 . 2013-02-22 14:57 -------- d-----w- c:\users\Public\CineForm
2013-02-22 14:47 . 2013-02-22 14:48 -------- d-----w- c:\program files (x86)\GoPro
2013-02-22 01:43 . 2013-02-22 01:43 46280 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-02-17 21:30 . 2013-02-17 21:30 -------- d-----w- c:\users\Philipp\AppData\Local\Programs
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-12 21:01 . 2013-02-12 21:01 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 18:35 . 2012-08-16 20:58 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 18:35 . 2012-08-16 20:32 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-29 10:34 . 2013-02-01 23:02 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-29 10:34 . 2013-02-01 23:02 10997176 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-12-29 10:34 . 2013-02-01 23:02 7565240 ----a-w- c:\windows\system32\nvopencl.dll
2012-12-29 10:34 . 2013-02-01 23:02 26931128 ----a-w- c:\windows\system32\nvoglv64.dll
2012-12-29 10:34 . 2013-02-01 23:02 12641120 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-12-29 10:34 . 2013-02-01 23:02 6263784 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-12-29 10:34 . 2013-02-01 23:02 20450232 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-12-29 10:34 . 2013-02-01 23:02 2720696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-12-29 10:34 . 2013-02-01 23:02 18054312 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-12-29 10:34 . 2013-02-01 23:02 958272 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-12-29 10:34 . 2013-02-01 23:02 2904504 ----a-w- c:\windows\system32\nvcuvid.dll
2012-12-29 10:34 . 2013-02-01 23:02 246024 ----a-w- c:\windows\system32\nvinitx.dll
2012-12-29 10:34 . 2013-02-01 23:02 201728 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-12-29 10:34 . 2013-02-01 23:02 1985976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-12-29 10:34 . 2013-02-01 23:02 9389888 ----a-w- c:\windows\system32\nvcuda.dll
2012-12-29 10:34 . 2013-02-01 23:02 7931896 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-12-29 10:34 . 2013-02-01 23:02 25256376 ----a-w- c:\windows\system32\nvcompiler.dll
2012-12-29 10:34 . 2013-02-01 23:02 2344888 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-12-29 10:34 . 2013-02-01 23:02 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-29 10:34 . 2013-02-01 23:02 17560504 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-12-29 10:34 . 2012-05-10 11:14 15052368 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-29 10:34 . 2012-05-10 11:14 1107592 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-12-29 10:34 . 2012-05-10 11:14 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2010-09-27 16:53 2824656 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-29 10:34 . 2010-07-10 03:38 15129064 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-29 08:40 . 2010-07-09 14:27 6382008 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:40 . 2010-07-09 14:27 3455416 ----a-w- c:\windows\system32\nvsvc64.dll
2012-12-29 08:40 . 2012-05-10 11:15 2923201 ----a-w- c:\windows\system32\nvcoproc.bin
2012-12-29 08:40 . 2010-09-10 22:55 63928 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 08:40 . 2010-09-10 22:55 2558392 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-29 08:40 . 2010-07-09 14:27 884152 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:40 . 2010-07-09 14:27 118712 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-29 01:54 . 2012-12-29 01:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-12-14 15:49 . 2012-03-10 10:18 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-23 16:57 . 2010-10-23 16:57 76686 ----a-w- c:\program files (x86)\Uninstal.exe
2009-06-04 00:11 . 2009-05-25 01:13 18221327 ----a-w- c:\program files (x86)\MarioForever V4.4.exe
2006-10-11 06:45 . 2006-10-11 06:45 99867 ----a-w- c:\program files (x86)\ktkm13.dll
2006-10-11 06:45 . 2006-10-11 06:45 98442 ----a-w- c:\program files (x86)\ktkm35.dll
2006-10-11 06:45 . 2006-10-11 06:45 96166 ----a-w- c:\program files (x86)\ktkm1.dll
2006-10-11 06:45 . 2006-10-11 06:45 92400 ----a-w- c:\program files (x86)\ktkm7.dll
2006-10-11 06:45 . 2006-10-11 06:45 82542 ----a-w- c:\program files (x86)\ktkm37.dll
2006-10-11 06:45 . 2006-10-11 06:45 803601 ----a-w- c:\program files (x86)\ktkm16.dll
2006-10-11 06:45 . 2006-10-11 06:45 74752 ----a-w- c:\program files (x86)\zlib1.dll
2006-10-11 06:45 . 2006-10-11 06:45 70888 ----a-w- c:\program files (x86)\ktkm19.dll
2006-10-11 06:45 . 2006-10-11 06:45 66908 ----a-w- c:\program files (x86)\ktkm17.dll
2006-10-11 06:45 . 2006-10-11 06:45 66862 ----a-w- c:\program files (x86)\ktkm33.dll
2006-10-11 06:45 . 2006-10-11 06:45 65092 ----a-w- c:\program files (x86)\ktkm27.dll
2006-10-11 06:45 . 2006-10-11 06:45 64070 ----a-w- c:\program files (x86)\ktkm21.dll
2006-10-11 06:45 . 2006-10-11 06:45 62722 ----a-w- c:\program files (x86)\ktkm39.dll
2006-10-11 06:45 . 2006-10-11 06:45 62631 ----a-w- c:\program files (x86)\ktkm11.dll
2006-10-11 06:45 . 2006-10-11 06:45 58192 ----a-w- c:\program files (x86)\ktkm6.dll
2006-10-11 06:45 . 2006-10-11 06:45 58015 ----a-w- c:\program files (x86)\ktkm10.dll
2006-10-11 06:45 . 2006-10-11 06:45 56992 ----a-w- c:\program files (x86)\ktkm24.dll
2006-10-11 06:45 . 2006-10-11 06:45 56338 ----a-w- c:\program files (x86)\ktkm666.dll
2006-10-11 06:45 . 2006-10-11 06:45 55186 ----a-w- c:\program files (x86)\ktkm5.dll
2006-10-11 06:45 . 2006-10-11 06:45 5463 ----a-w- c:\program files (x86)\ktkm34.dll
2006-10-11 06:45 . 2006-10-11 06:45 538410 ----a-w- c:\program files (x86)\ktkm20.dll
2006-10-11 06:45 . 2006-10-11 06:45 524537 ----a-w- c:\program files (x86)\ktkm18.dll
2006-10-11 06:45 . 2006-10-11 06:45 524164 ----a-w- c:\program files (x86)\ktkm12.dll
2006-10-11 06:45 . 2006-10-11 06:45 49094 ----a-w- c:\program files (x86)\ktkm25.dll
2006-10-11 06:45 . 2006-10-11 06:45 47186 ----a-w- c:\program files (x86)\ktkm31.dll
2006-10-11 06:45 . 2006-10-11 06:45 43133 ----a-w- c:\program files (x86)\ktkm4.dll
2006-10-11 06:45 . 2006-10-11 06:45 370880 ----a-w- c:\program files (x86)\ktkm22.dll
2006-10-11 06:45 . 2006-10-11 06:45 32965 ----a-w- c:\program files (x86)\ktkm30.dll
2006-10-11 06:45 . 2006-10-11 06:45 307617 ----a-w- c:\program files (x86)\ktkm15.dll
2006-10-11 06:45 . 2006-10-11 06:45 304128 ----a-w- c:\program files (x86)\in_psf.dll
2006-10-11 06:45 . 2006-10-11 06:45 30166 ----a-w- c:\program files (x86)\ktkm9.dll
2006-10-11 06:45 . 2006-10-11 06:45 285696 ----a-w- c:\program files (x86)\cncs232.dll
2006-10-11 06:45 . 2006-10-11 06:45 22657 ----a-w- c:\program files (x86)\ktkm3.dll
2006-10-11 06:45 . 2006-10-11 06:45 209936 ----a-w- c:\program files (x86)\ktkm14.dll
2006-10-11 06:45 . 2006-10-11 06:45 20926 ----a-w- c:\program files (x86)\ktkm36.dll
2006-10-11 06:45 . 2006-10-11 06:45 202748 ----a-w- c:\program files (x86)\SXMS.dll
2006-10-11 06:45 . 2006-10-11 06:45 197408 ----a-w- c:\program files (x86)\ktkm29.dll
2006-10-11 06:45 . 2006-10-11 06:45 169789 ----a-w- c:\program files (x86)\ktkm38.dll
2006-10-11 06:45 . 2006-10-11 06:45 154624 ----a-w- c:\program files (x86)\fmod.dll
2006-10-11 06:45 . 2006-10-11 06:45 15165 ----a-w- c:\program files (x86)\ktkm2.dll
2006-10-11 06:45 . 2006-10-11 06:45 142481 ----a-w- c:\program files (x86)\ktkm32.dll
2006-10-11 06:45 . 2006-10-11 06:45 126720 ----a-w- c:\program files (x86)\ktkm23.dll
2006-10-11 06:45 . 2006-10-11 06:45 116841 ----a-w- c:\program files (x86)\ktkm26.dll
2006-10-11 06:45 . 2006-10-11 06:45 100786 ----a-w- c:\program files (x86)\ktkm28.dll
2006-10-11 06:45 . 2006-10-11 06:45 54552 ----a-w- c:\program files (x86)\GZip.dll
2005-10-18 11:04 . 2009-05-25 01:13 189256 ----a-w- c:\program files (x86)\ktkm88.dll
1997-03-13 13:07 . 2006-10-11 06:45 267389 ----a-w- c:\program files (x86)\ktkm8.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-22 124240]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-24 2245120]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\Philipp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Philipp\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CineForm Status.lnk - c:\program files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe [2012-10-28 152064]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-10-22 77104]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2009-10-06 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2009-10-06 18944]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-02-12 42184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [2010-03-30 20968]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-10-22 19720]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-10-22 79504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-19 239616]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-10 1222144]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-04-22 11:09 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 18:35]
.
2013-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-17 13:04]
.
2013-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-17 13:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Philipp\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: fritz.box
TCP: Interfaces\{3D0B2843-0BF5-46E3-8BF1-3AF1F5DE45EC}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\o33cejz5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.team-ulm.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-09 17:03:21
ComboFix-quarantined-files.txt 2013-03-09 16:03
.
Vor Suchlauf: 18 Verzeichnis(se), 688.803.090.432 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 690.587.631.616 Bytes frei
.
- - End Of File - - A2B2DC3E7D42B93C5E5548F8A9C96E56
|
|
11.03.2013, 18:09
| #14 |
| /// Malware-holic | System repair wizard trojaner hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu System repair wizard trojaner |
| abgesicherten, check, data, fenster, file, folge, folgende, forum, gestartet, google, hilfe!, meldung, modus, netzwerk, neu, neue, nichts, rechner, recovery, repair wizard, restore, system, trojaner, variante, virus, warnmeldung, öffnet |
WARNUNG an die MITLESER: 
Linear-Darstellung
