| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Was kann ich löschen? > Malwarebytes Anti-Malware LogdateiWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.03.2013, 11:25
| #1 |
 |  Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei Liebe PC-Freunde! Ich habe einen Quick-Scan mit Malwarebytes Anti-Malware durchgeführt und folgende Logdatei vorliegen: Malwarebytes Anti-Malware (Test) 1.70.0.1100 Datenbank Version: v2013.03.19.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 HAL9000 :: HAL9000 [Administrator] Schutz: Aktiviert 19.03.2013 11:19:09 MBAM-log-2013-03-19 (11-22-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 204520 Laufzeit: 2 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 9 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\Daniel\LOCALS~1\Temp\mswcpkw.com -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\Daniel\LOCALS~1\Temp\mswcpkw.com -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Client Server Runtime Process (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\csrss.exe -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Host-process Windows (Rundll32.exe) (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\System32\csrss.exe -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Service Host Process for Windows (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\svchost.exe -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Client Server Runtime Process (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\csrss.exe -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Host-process Windows (Rundll32.exe) (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\System32\csrss.exe -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Service Host Process for Windows (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\svchost.exe -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Temp\TrustedInstaller.exe (Trojan.Agent.CV) -> Keine Aktion durchgeführt. C:\Users\Daniel\AppData\Roaming\rundll32.exe (Trojan.Agent.Gen) -> Keine Aktion durchgeführt. C:\Users\Daniel\AppData\Roaming\System32\svchost.exe (Trojan.Agent) -> Keine Aktion durchgeführt. C:\Users\Daniel\AppData\Roaming\System32\rundll32.exe (Trojan.Downloader) -> Keine Aktion durchgeführt. C:\Windows\System32\regedit.exe (Trojan.Agent) -> Keine Aktion durchgeführt. (Ende) Leider kann ich mit den Meldungen nicht viel anfangen. Ich würde mich freuen, wenn mir hier ein Experte weiterhilft. Vielen Dank. HAL6996 ( ° ) |
|
19.03.2013, 15:09
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
19.03.2013, 21:23
| #3 |
| | Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei Erstmal vielen Dank cosinus! Sonst sind keine weiteren Logs vorhanden. Was denkst Du? Aussichtsloser Fall? Hier nochmal der aktuelle Log:
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.19.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 HAL9000 :: HAL9000 [Administrator] Schutz: Aktiviert 19.03.2013 21:20:18 MBAM-log-2013-03-19 (21-22-29).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 201231 Laufzeit: 1 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 9 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\Daniel\LOCALS~1\Temp\mswcpkw.com -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\Daniel\LOCALS~1\Temp\mswcpkw.com -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Client Server Runtime Process (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\csrss.exe -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Host-process Windows (Rundll32.exe) (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\System32\csrss.exe -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Service Host Process for Windows (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\svchost.exe -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Client Server Runtime Process (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\csrss.exe -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Host-process Windows (Rundll32.exe) (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\System32\csrss.exe -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Service Host Process for Windows (Trojan.Agent) -> Daten: C:\Users\Daniel\AppData\Roaming\svchost.exe -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Temp\TrustedInstaller.exe (Trojan.Agent.CV) -> Keine Aktion durchgeführt. C:\Windows\System32\regedit.exe (Trojan.Agent) -> Keine Aktion durchgeführt. (Ende) HAL6996 ( ° ) Moin Supporters!  Ich möchte jetzt nochmal ein Scan von dds+ nachreichen: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: BrowserJavaVersion: 10.17.2
Run by HAL9000 at 10:01:50 on 2013-03-20
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4061.2222 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\SysWOW64\msiexec.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\Secure Banking\SecureBanking.exe
C:\Program Files (x86)\Secure Banking\sbservice.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindows: Load = C:\Users\Daniel\LOCALS~1\Temp\mswcpkw.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mExplorerRun: [64428] c:\progra~3\dxoidaj.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://comport-emea.daimler.com/,DSID=dadca7ce55cbc7782b10ab029b390293,DanaInfo=.astvuhr99HnJn043x3-9tT80E,SSL,ST=1+/dwa7W.cab
TCP: NameServer = 83.169.184.33 192.168.0.1
TCP: Interfaces\{780A8806-5207-42AA-ABAC-6B224290FCFA} : DHCPNameServer = 83.169.184.33 192.168.0.1
TCP: Interfaces\{DACB780E-E525-4441-A3DD-EA7C8FE376B6} : DHCPNameServer = 83.169.184.33 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gaxpaxita.info
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - ExtSQL: 2013-02-14 16:41; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 40872330;40872330;C:\Windows\System32\drivers\40872330.sys [2013-3-19 460888]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-3-10 17720]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2012-2-26 11576]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
R3 winbondcir;Winbond IR Transceiver;C:\Windows\System32\drivers\winbondcir.sys [2007-3-28 46592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-19 24176]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-8 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-8 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Anti-Malware\mbamscheduler.exe [2013-3-19 398184]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Anti-Malware\mbamservice.exe [2013-3-19 682344]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-7 161384]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=C:\Windows\SysWow64\CScript.exe "%1" %*
FileExt: .vbs: VBSFile=C:\Windows\SysWow64\CScript.exe "%1" %*
FileExt: .js: JSFile=C:\Windows\SysWow64\CScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWow64\CScript.exe "%1" %*
FileExt: .wsf: WSFFile=C:\Windows\SysWow64\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2013-03-20 08:35:13 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{13769F17-98A1-4E31-A7DD-2F68DFED6773}\mpengine.dll
2013-03-19 23:48:55 -------- d-----w- C:\Program Files (x86)\Secure Banking
2013-03-19 21:23:54 460888 ----a-w- C:\Windows\System32\drivers\40872330.sys
2013-03-19 09:42:57 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-03-19 08:54:03 -------- d-----w- C:\Users\Daniel\AppData\Roaming\Malwarebytes
2013-03-19 08:53:50 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-19 08:53:49 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-19 08:53:49 -------- d-----w- C:\Program Files (x86)\Anti-Malware
2013-03-19 08:49:42 -------- d-----w- C:\Users\Daniel\AppData\Local\Programs
2013-03-18 19:26:11 -------- d-sh--r- C:\Users\Daniel\AppData\Roaming\System32
2013-03-18 10:39:02 283330 ----a-w- C:\ProgramData\1363603086.bdinstall.bin
2013-03-18 10:39:02 -------- d-----w- C:\Program Files\Bitdefender
2013-03-18 10:37:58 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2013-03-18 10:31:40 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-18 10:31:31 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-18 09:36:20 -------- d-----w- C:\Users\Daniel\AppData\Roaming\QuickScan
2013-03-18 09:34:02 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-03-17 14:15:38 -------- d-----w- C:\Users\Daniel\AppData\Local\http___www.julien-manici
2013-03-17 10:05:05 -------- d-----w- C:\Users\Daniel\AppData\Local\Spotify
2013-03-17 10:04:45 -------- d-----w- C:\Users\Daniel\AppData\Roaming\Spotify
2013-03-12 22:21:21 -------- d-----w- C:\Windows\ehome
2013-03-12 21:57:30 22784 ----a-w- C:\Windows\SysWow64\drivers\afc.sys
2013-03-12 21:49:07 28672 ----a-w- C:\Windows\System32\AF15BDAEX.dll
2013-03-12 21:49:07 126 ----a-w- C:\Windows\System32\AF15IRTBL.bin
2013-03-12 21:49:03 507392 ----a-w- C:\Windows\System32\drivers\AF15BDA.sys
2013-03-10 15:33:46 32600 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2013-03-10 15:33:36 -------- d-----w- C:\ProgramData\IObit
2013-03-10 15:33:20 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2013-03-10 15:33:20 -------- d-----w- C:\Users\Daniel\AppData\Roaming\IObit
2013-03-10 15:33:19 -------- d-----w- C:\Program Files (x86)\IObit
2013-03-09 14:07:28 -------- d-----w- C:\Users\Daniel\AppData\Roaming\OpenOffice.org
2013-03-09 14:05:56 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2013-03-09 11:39:01 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-03-09 11:24:23 -------- d-----w- C:\Users\Daniel\AppData\Roaming\DL
2013-03-09 11:23:58 -------- d-----w- C:\Users\Daniel\.Zettelkasten
2013-03-09 10:32:10 163056 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2013-03-08 17:00:00 -------- d-----w- C:\Users\Daniel\AppData\Local\Thunderbird
2013-03-08 16:49:25 -------- d-----r- C:\Program Files (x86)\Skype
2013-03-08 10:38:52 -------- d-----w- C:\Users\Daniel\AppData\Roaming\WindSolutions
2013-03-08 10:38:52 -------- d-----w- C:\ProgramData\WindSolutions
2013-03-08 02:07:24 -------- d-----w- C:\Program Files\CCleaner
2013-03-08 01:47:22 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-03-08 01:46:38 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-03-08 01:46:38 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-03-08 01:46:38 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-03-08 01:46:37 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-03-08 01:46:37 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-03-08 01:46:37 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-03-08 01:46:37 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-03-08 01:46:37 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-03-08 01:46:37 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-03-08 00:30:09 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-03-08 00:30:09 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-03-08 00:30:09 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-03-08 00:30:09 2560 ----a-w- C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui
2013-03-08 00:27:50 2851840 ----a-w- C:\Windows\System32\themeui.dll.backup
2013-03-08 00:27:49 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup
2013-03-08 00:27:48 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup
2013-03-08 00:24:52 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-08 00:24:52 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-08 00:24:25 -------- d-----w- C:\Windows\System32\appmgmt
2013-03-08 00:15:56 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-03-08 00:15:56 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-03-08 00:15:56 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-03-08 00:15:56 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-03-08 00:15:12 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-03-08 00:15:12 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-03-08 00:15:12 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-03-08 00:15:12 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-03-08 00:15:11 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-03-08 00:15:11 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-03-08 00:15:11 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-03-08 00:09:39 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-03-08 00:08:29 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-03-08 00:08:29 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-03-08 00:03:11 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-07 23:29:11 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-07 23:29:09 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-07 23:29:09 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-07 23:29:07 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-03-07 23:29:06 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-03-07 23:29:05 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-03-07 23:27:59 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-03-07 23:27:58 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-03-07 23:27:58 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-03-07 23:27:58 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2013-03-07 23:27:58 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-03-07 23:27:58 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2013-03-18 10:31:24 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-08 00:28:02 2755072 ----a-w- C:\Windows\SysWow64\themeui.dll.tmp
2013-03-08 00:28:01 245760 ----a-w- C:\Windows\SysWow64\uxtheme.dll.tmp
2013-03-08 00:27:50 2851840 ----a-w- C:\Windows\System32\themeui.dll
2013-03-08 00:27:49 44544 ----a-w- C:\Windows\System32\themeservice.dll
2013-03-08 00:27:48 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2013-03-08 00:03:11 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-18 08:22:18 31080 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-02-18 08:22:18 1472360 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2013-02-18 08:22:16 72552 ----a-w- C:\Windows\System32\nvapo64v.dll
2013-02-18 08:22:16 189288 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-01-17 00:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 10:02:13,49 ===============
Vielen Dank! HAL6996 ( ° ) Scan adwcleaner: Code:
ATTFilter # AdwCleaner v2.115 - Datei am 20/03/2013 um 10:14:50 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : HAL9000 - HAL9000
# Bootmodus : Normal
# Ausgeführt unter : D:\Download\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\END
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Wajam
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gefunden : HKLM\Software\Wajam
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v9.0.1 (de)
Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v25.0.1364.172
Datei : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [3019 octets] - [20/03/2013 10:14:50]
########## EOF - C:\AdwCleaner[R1].txt - [3079 octets] ##########
Code:
ATTFilter C:\ProgramData\dxoidaj.exe a variant of Win32/Kryptik.AXAC trojan
C:\Users\All Users\dxoidaj.exe a variant of Win32/Kryptik.AXAC trojan
|
|
20.03.2013, 13:13
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Was kann ich löschen? > Malwarebytes Anti-Malware LogdateiZitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner? Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.03.2013, 22:33
| #5 |
| | Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei Hallo cosinus!  Zuvorderst vielen Dank für deine Unterstützung, ich weiß es wirklich zu schätzen und werde mich hüten irgendwas zu verlangen. Also, jetzt immer der Reihe nach. Ich habe diesen Rechner von meinem Cousin übernommen, der brauchte tatsächlich eine Ultimate Version. Sollte ich zurückstufen? Was hätte ich zu verlieren? Bevor ich jetzt gleich den ersten Log von OTL poste, noch dies hier. Bei der Untersuchung ist mir aufgefallen, dass in der Auswahl zur Standard-Registrierung die Kennzeichnung von Safe-List zu Alles gewechselt wurde. Ich hatte meine Hände aber nicht am Rechner. Du siehst, ich habe keine Ahnung.Es geht los: OTL log Code:
ATTFilter OTL logfile created on: 20.03.2013 21:59:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Download 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 67,77% Memory free 7,93 Gb Paging File | 6,43 Gb Available in Paging File | 81,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 144,04 Gb Total Space | 98,74 Gb Free Space | 68,55% Space Free | Partition Type: NTFS Drive D: | 140,50 Gb Total Space | 112,64 Gb Free Space | 80,17% Space Free | Partition Type: NTFS Computer Name: HAL9000 | User Name: HAL9000 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Download\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - D:\Computer\Tuning\procexp.exe (Sysinternals - www.sysinternals.com) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking) PRC - C:\Program Files (x86)\Secure Banking\sbservice.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll () MOD - C:\Program Files (x86)\Secure Banking\sbservice.exe () MOD - C:\Program Files (x86)\Secure Banking\SecureBanking.dll () MOD - C:\Program Files (x86)\Secure Banking\funcs.dll () ========== Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (AF15BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (ITETech ) DRV:64bit: - (40872330) -- C:\Windows\SysNative\drivers\40872330.sys (Kaspersky Lab ZAO) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys () DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics) DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV:64bit: - (winbondcir) -- C:\Windows\SysNative\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 31 9F C2 0E 0B CD 01 [binary data] IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.gaxpaxita.info" FF - prefs.js..browser.search.suggest.enabled: false FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 00:16:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.18 11:31:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.08 20:46:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.01.03 12:55:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions [2012.04.08 17:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\jjoa6wuc.default\extensions [2013.03.08 12:46:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\jjoa6wuc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.01.31 09:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.31 09:01:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2011.12.21 08:50:58 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: about:blank CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - Extension: Turn Off the Lights = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.30_0\ CHR - Extension: WOT = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.10_0\ CHR - Extension: Adblock Plus = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\ CHR - Extension: Black Pearl = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iglhhfbbgbkoehdmbkcpgccbialcecac\2.1_0\ CHR - Extension: dict-cc = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh\1.6.87_0\ CHR - Extension: Bitdefender QuickScan = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-21-687046182-1720888418-2620476028-1001..\Run: [paquqnuvycem] C:\Users\Daniel\paquqnuvycem.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found F3:64bit: - HKU\S-1-5-21-687046182-1720888418-2620476028-1001 WinNT: Load - (C:\Users\Daniel\LOCALS~1\Temp\mswcpkw.com) - File not found F3 - HKU\S-1-5-21-687046182-1720888418-2620476028-1001 WinNT: Load - (C:\Users\Daniel\LOCALS~1\Temp\mswcpkw.com) - File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 64428 = c:\progra~3\dxoidaj.exe (Unjibafe. Lymen) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://comport-emea.daimler.com/,DSID=dadca7ce55cbc7782b10ab029b390293,DanaInfo=.astvuhr99HnJn043x3-9tT80E,SSL,ST=1+/dwa7W.cab (Domino Web Access 7 Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.33 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{780A8806-5207-42AA-ABAC-6B224290FCFA}: DhcpNameServer = 83.169.184.33 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DACB780E-E525-4441-A3DD-EA7C8FE376B6}: DhcpNameServer = 83.169.184.33 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.20 10:01:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [2013.03.20 09:27:54 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.20 09:27:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.20 09:27:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.20 09:27:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.20 09:27:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.20 09:27:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.20 09:27:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.20 09:27:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.20 09:27:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.20 09:27:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.20 09:27:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.20 09:27:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.20 09:27:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.20 09:27:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.20 09:27:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.20 00:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Banking [2013.03.20 00:48:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Banking [2013.03.19 22:23:54 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\40872330.sys [2013.03.19 10:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.03.19 09:54:03 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes [2013.03.19 09:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.19 09:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Malware [2013.03.19 09:53:49 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.19 09:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anti-Malware [2013.03.19 09:49:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Programs [2013.03.18 20:26:11 | 000,000,000 | RHSD | C] -- C:\Users\Daniel\AppData\Roaming\System32 [2013.03.18 11:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender [2013.03.18 11:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender [2013.03.18 11:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.03.18 11:31:40 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.18 11:31:40 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.18 11:31:31 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.18 10:36:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\QuickScan [2013.03.18 10:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.03.17 15:15:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\http___www.julien-manici [2013.03.17 11:05:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Spotify [2013.03.17 11:04:45 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Spotify [2013.03.12 23:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player [2013.03.12 23:21:21 | 000,000,000 | ---D | C] -- C:\Windows\ehome [2013.03.12 22:57:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\ArcSoft [2013.03.12 22:57:30 | 000,022,784 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\SysWow64\drivers\afc.sys [2013.03.12 22:49:07 | 000,028,672 | ---- | C] (afa) -- C:\Windows\SysNative\AF15BDAEX.dll [2013.03.12 22:49:03 | 000,507,392 | ---- | C] (ITETech ) -- C:\Windows\SysNative\drivers\AF15BDA.sys [2013.03.11 11:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings [2013.03.10 23:53:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Local Settings [2013.03.10 16:33:46 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe [2013.03.10 16:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2013.03.10 16:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2 [2013.03.10 16:33:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\IObit [2013.03.10 16:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2013.03.10 16:14:45 | 000,000,000 | R--D | C] -- C:\Users\Daniel\Documents\Scanned Documents [2013.03.10 16:14:45 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Fax [2013.03.09 15:07:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org [2013.03.09 15:06:25 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.03.09 15:05:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2013.03.09 13:31:55 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\dvdcss [2013.03.09 12:43:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\vlc [2013.03.09 12:39:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013.03.09 12:24:23 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\DL [2013.03.09 12:23:58 | 000,000,000 | ---D | C] -- C:\Users\Daniel\.Zettelkasten [2013.03.08 20:46:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.03.08 18:00:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Thunderbird [2013.03.08 18:00:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Thunderbird [2013.03.08 17:49:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Skype [2013.03.08 17:49:25 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.03.08 17:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.03.08 17:49:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.03.08 17:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.03.08 11:38:52 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\WindSolutions [2013.03.08 11:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions [2013.03.08 03:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.03.08 02:49:32 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2013.03.08 02:49:32 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2013.03.08 02:49:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2013.03.08 02:49:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2013.03.08 02:49:31 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2013.03.08 02:49:30 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013.03.08 02:49:30 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2013.03.08 02:49:30 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.03.08 02:49:30 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.03.08 02:49:30 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2013.03.08 02:49:30 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2013.03.08 02:49:30 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2013.03.08 02:49:30 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2013.03.08 02:49:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2013.03.08 02:49:30 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2013.03.08 02:49:30 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.03.08 02:49:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2013.03.08 02:49:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.03.08 02:49:30 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2013.03.08 02:49:30 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2013.03.08 02:49:29 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.03.08 02:49:29 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013.03.08 02:49:29 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013.03.08 02:49:28 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.03.08 02:47:22 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.03.08 02:47:22 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.03.08 02:47:22 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.03.08 02:47:22 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.03.08 02:47:11 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.03.08 02:47:11 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.03.08 02:47:09 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.03.08 02:47:09 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.08 02:47:09 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.08 02:47:09 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.08 02:47:09 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.08 02:47:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.08 02:47:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.08 02:47:09 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.08 02:47:09 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.08 02:47:08 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.03.08 02:47:08 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.03.08 02:47:08 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.03.08 02:47:08 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.03.08 02:47:08 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.03.08 02:47:08 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.03.08 02:47:08 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.08 02:47:08 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.08 02:47:08 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.08 02:47:08 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.08 02:47:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.08 02:47:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.08 02:47:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.08 02:47:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.08 02:47:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.08 02:47:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.08 02:47:07 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.03.08 02:47:07 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.03.08 02:47:07 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.03.08 02:47:07 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.03.08 02:47:07 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.03.08 02:47:07 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.03.08 02:47:07 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.03.08 02:47:07 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.03.08 02:47:06 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.03.08 02:47:06 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.03.08 02:46:37 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.03.08 02:46:37 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2013.03.08 02:46:37 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013.03.08 01:31:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.03.08 01:30:09 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2013.03.08 01:30:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2013.03.08 01:28:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skin Pack [2013.03.08 01:28:33 | 006,676,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mspaint.exe [2013.03.08 01:28:33 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2013.03.08 01:28:32 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\calc.exe [2013.03.08 01:28:31 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll [2013.03.08 01:28:27 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.03.08 01:28:27 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagesp1.dll [2013.03.08 01:28:12 | 020,268,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imageres.dll [2013.03.08 01:28:11 | 001,866,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll [2013.03.08 01:28:11 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVolSSO.dll [2013.03.08 01:28:09 | 001,808,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnidui.dll [2013.03.08 01:28:09 | 000,749,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\batmeter.dll [2013.03.08 01:28:06 | 000,780,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ActionCenter.dll [2013.03.08 01:28:01 | 002,755,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll.backup [2013.03.08 01:27:50 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll.backup [2013.03.08 01:27:48 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll.backup [2013.03.08 01:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.03.08 01:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013.03.08 01:24:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.03.08 01:15:56 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013.03.08 01:15:56 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013.03.08 01:15:56 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013.03.08 01:15:56 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013.03.08 01:15:12 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2013.03.08 01:15:11 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2013.03.08 01:15:11 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2013.03.08 01:15:11 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2013.03.08 01:09:29 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2013.03.08 01:09:17 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2013.03.08 01:09:17 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013.03.08 01:09:17 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2013.03.08 01:09:17 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2013.03.08 01:09:17 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2013.03.08 01:09:17 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2013.03.08 01:08:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.03.08 01:07:51 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013.03.08 01:07:42 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.03.08 01:07:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.03.08 01:07:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.03.08 01:07:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.03.08 01:07:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.03.08 01:07:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.03.08 01:07:37 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.03.08 01:07:13 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2013.03.08 01:07:13 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.03.08 01:03:11 | 000,691,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.08 00:29:11 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.03.08 00:29:09 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.03.08 00:29:09 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.03.08 00:29:06 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.03.08 00:29:05 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.03.08 00:28:58 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2013.03.08 00:28:58 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2013.03.08 00:28:58 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2013.03.08 00:28:44 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2013.03.08 00:28:44 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2013.03.08 00:28:44 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2013.03.08 00:28:41 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.03.08 00:28:41 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.03.08 00:28:41 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.03.08 00:28:41 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.03.08 00:28:41 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.03.08 00:28:41 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.03.08 00:28:41 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.03.08 00:28:40 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.03.08 00:28:40 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.03.08 00:28:40 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.03.08 00:28:40 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.03.08 00:28:40 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.03.08 00:28:40 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.03.08 00:28:40 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.03.08 00:28:40 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.03.08 00:28:40 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.03.08 00:28:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.03.08 00:28:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.03.08 00:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.03.08 00:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.03.08 00:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.03.08 00:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.03.08 00:28:40 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.03.08 00:28:40 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.03.08 00:28:39 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.03.08 00:28:39 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.03.08 00:28:39 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.03.08 00:28:39 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.03.08 00:28:39 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.03.08 00:28:39 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.03.08 00:28:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.03.08 00:28:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.03.08 00:28:22 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.03.08 00:28:22 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.03.08 00:28:21 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.03.08 00:28:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.03.08 00:28:20 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.03.08 00:28:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.03.08 00:28:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.03.08 00:28:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.03.08 00:28:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.03.08 00:28:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.03.08 00:28:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.03.08 00:28:10 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2013.03.08 00:28:10 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2013.03.08 00:28:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2013.03.08 00:28:06 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2013.03.08 00:28:06 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2013.03.08 00:28:05 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2013.03.08 00:28:05 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.03.08 00:28:04 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2013.03.08 00:28:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2013.03.08 00:27:59 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.03.08 00:27:58 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.01.24 17:36:25 | 000,055,296 | -HS- | C] (Unjibafe. Lymen) -- C:\ProgramData\dxoidaj.exe [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.20 21:52:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.20 21:52:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.20 21:47:41 | 000,042,496 | -HS- | M] () -- C:\Users\Daniel\paquqnuvycem.exe [2013.03.20 21:47:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.20 21:47:06 | 3193,593,856 | -HS- | M] () -- C:\hiberfil.sys [2013.03.20 12:14:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.20 12:10:54 | 000,294,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.18 11:39:02 | 000,283,330 | ---- | M] () -- C:\ProgramData\1363603086.bdinstall.bin [2013.03.18 11:31:24 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.18 11:31:24 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.18 11:31:24 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.18 11:31:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.18 11:31:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.18 11:31:24 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.17 15:02:21 | 000,000,017 | ---- | M] () -- C:\Users\Daniel\AppData\Local\resmon.resmoncfg [2013.03.12 22:49:03 | 000,507,392 | ---- | M] (ITETech ) -- C:\Windows\SysNative\drivers\AF15BDA.sys [2013.03.12 22:49:03 | 000,028,672 | ---- | M] (afa) -- C:\Windows\SysNative\AF15BDAEX.dll [2013.03.12 22:49:03 | 000,000,126 | ---- | M] () -- C:\Windows\SysNative\AF15IRTBL.bin [2013.03.11 00:14:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.08 04:32:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.03.08 02:17:28 | 000,609,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.08 02:17:28 | 000,113,108 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.08 01:32:15 | 001,456,332 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.08 01:32:15 | 000,595,198 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.08 01:32:15 | 000,099,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.08 01:27:50 | 002,851,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll [2013.03.08 01:27:48 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2013.03.08 01:03:11 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.08 01:03:11 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.08 00:54:05 | 000,000,000 | ---- | M] () -- C:\END [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.20 21:47:41 | 000,042,496 | -HS- | C] () -- C:\Users\Daniel\paquqnuvycem.exe [2013.03.20 12:10:43 | 000,294,168 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.18 11:39:02 | 000,283,330 | ---- | C] () -- C:\ProgramData\1363603086.bdinstall.bin [2013.03.17 15:02:21 | 000,000,017 | ---- | C] () -- C:\Users\Daniel\AppData\Local\resmon.resmoncfg [2013.03.17 11:05:04 | 000,001,803 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2013.03.12 23:22:11 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.03.12 23:22:06 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2013.03.12 22:49:07 | 000,000,126 | ---- | C] () -- C:\Windows\SysNative\AF15IRTBL.bin [2013.03.12 12:46:48 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2013.03.10 16:33:20 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys [2013.03.08 04:32:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.03.08 01:30:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.03.08 01:15:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.03.08 00:54:04 | 000,000,000 | ---- | C] () -- C:\END [2012.04.08 18:27:11 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.01.03 10:28:18 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2012.01.03 10:28:18 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2012.01.03 10:28:18 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2012.01.03 10:28:18 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.09 12:24:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DL [2013.03.08 00:11:05 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DVDVideoSoft [2012.02.19 16:43:20 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\elsterformular [2013.03.08 12:46:06 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICAClient [2013.03.10 16:33:20 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\IObit [2012.01.31 07:25:14 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Juniper Networks [2013.03.09 15:07:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org [2013.03.18 11:43:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\QuickScan [2013.03.20 02:57:39 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Spotify [2013.03.19 11:52:12 | 000,000,000 | RHSD | M] -- C:\Users\Daniel\AppData\Roaming\System32 [2013.03.08 12:46:07 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\temp [2013.03.08 18:00:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Thunderbird [2013.03.08 11:54:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\WindSolutions ========== Purity Check ========== < End of report > Und jetzt: OTL Extras log Code:
ATTFilter OTL Extras logfile created on: 20.03.2013 21:59:41 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Download
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 67,77% Memory free
7,93 Gb Paging File | 6,43 Gb Available in Paging File | 81,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 144,04 Gb Total Space | 98,74 Gb Free Space | 68,55% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 112,64 Gb Free Space | 80,17% Space Free | Partition Type: NTFS
Computer Name: HAL9000 | User Name: HAL9000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-687046182-1720888418-2620476028-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\SysWOW64\msiexec.exe" = C:\Windows\SysWOW64\msiexec.exe:*:Generic Host Process -- (Microsoft Corporation)
"C:\Windows\SysWOW64\svchost.exe" = C:\Windows\SysWOW64\svchost.exe:*:Generic Host Process -- (Microsoft Corporation)
"Client Server Runtime Process" = C:\Users\Daniel\AppData\Roaming\csrss.exe
"Host-process Windows (Rundll32.exe)" = C:\Users\Daniel\AppData\Roaming\System32\csrss.exe
"Service Host Process for Windows" = C:\Users\Daniel\AppData\Roaming\svchost.exe
"C:\Windows\SysWOW64\msiexec.exe" = C:\Windows\SysWOW64\msiexec.exe:*:Generic Host Process -- (Microsoft Corporation)
"C:\Windows\SysWOW64\svchost.exe" = C:\Windows\SysWOW64\svchost.exe:*:Generic Host Process -- (Microsoft Corporation)
"Client Server Runtime Process" = C:\Users\Daniel\AppData\Roaming\csrss.exe
"Host-process Windows (Rundll32.exe)" = C:\Users\Daniel\AppData\Roaming\System32\csrss.exe
"Service Host Process for Windows" = C:\Users\Daniel\AppData\Roaming\svchost.exe
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13F1F336-2164-4BF9-8C57-DAB2F11DAC47}" = lport=138 | protocol=17 | dir=in | app=system |
"{1EB91935-125C-46EC-884A-529B2FECE6A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{229CBD36-CE23-42D8-B6D9-14BA33142994}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2B3D3788-BA22-4991-9672-4669335681DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2CE32EE3-E513-42A4-A790-AA2478531AD7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3151EE3C-596E-4AA2-9326-BC73C5D55AA6}" = rport=138 | protocol=17 | dir=out | app=system |
"{4154ED35-7192-4C39-B200-123198CFB6C3}" = lport=137 | protocol=17 | dir=in | app=system |
"{4E3A3B61-6BD5-4280-AB92-309338E401D0}" = lport=445 | protocol=6 | dir=in | app=system |
"{5CEB46D1-019D-4383-8A95-613D288A140D}" = rport=139 | protocol=6 | dir=out | app=system |
"{975E078C-DDE4-467A-B810-9C22866E896C}" = lport=139 | protocol=6 | dir=in | app=system |
"{989BE328-ADD3-4BAF-A49D-EFA9F5C0DA82}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A4FBF019-94D4-46D3-AFC1-AC45488080CF}" = rport=445 | protocol=6 | dir=out | app=system |
"{CE9D86BF-10F2-4BF8-8077-DC2193D8B4D3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E2C1F1C6-A2A8-48C8-98B8-AA22775856C1}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1096DA61-F62E-489A-8557-2BF968E27C0E}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{13ED6BDC-D1F1-49CA-B1AA-3A75D2E1BF6E}" = protocol=17 | dir=in | app=c:\users\daniel\appdata\roaming\spotify\spotify.exe |
"{1E48F5F6-2CB3-4905-BB4E-DDAA12F4A892}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{20BB4051-E609-4726-9069-0C0A8904197C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2A26F4D2-AD2E-44E6-B346-BEB2D67ABF95}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{42322D87-2323-4844-84F6-B9D6B158B3B7}" = protocol=6 | dir=in | app=c:\users\daniel\appdata\roaming\spotify\spotify.exe |
"{6DABCCA8-503F-463E-97F7-E4F6236E55A2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{89AB9E77-09DB-4288-8D28-BA13DE06361A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{95F5A242-1CC9-48C0-9827-E39BC29705AD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B87400B3-A78C-4390-8D2E-21715E1A37A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BA7A2C6B-85C0-4018-809F-8DC317C4BEAC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C2346906-6DB2-4A7D-9A9B-EC4C2C9703DA}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D41DDF41-7404-42F3-A816-36852696CDFF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{52410123-368B-4A96-85DF-F0751C05E0B4}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{AB813D77-B3DF-4557-A510-4FDBD8257F59}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{207E9B74-F4D3-4FD7-8142-16FF41825BC4}_is1" = Secure Banking Version 1.5.1
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"Smart Defrag 2_is1" = Smart Defrag 2
"VLC media player" = VLC media player 2.0.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-687046182-1720888418-2620476028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.03.2013 03:40:54 | Computer Name = HAL9000 | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
ist "????????". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch
formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die
letzten gültigen Indexwerte enthalten.
Error - 14.03.2013 16:19:21 | Computer Name = HAL9000 | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
ist "????????". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch
formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die
letzten gültigen Indexwerte enthalten.
Error - 14.03.2013 16:35:46 | Computer Name = HAL9000 | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 14.03.2013 20:23:54 | Computer Name = HAL9000 | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
ist "????????". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch
formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die
letzten gültigen Indexwerte enthalten.
Error - 15.03.2013 04:24:59 | Computer Name = HAL9000 | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
ist "????????". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch
formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die
letzten gültigen Indexwerte enthalten.
Error - 15.03.2013 17:13:33 | Computer Name = HAL9000 | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
ist "????????". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch
formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die
letzten gültigen Indexwerte enthalten.
Error - 15.03.2013 17:56:28 | Computer Name = HAL9000 | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 16.03.2013 04:31:51 | Computer Name = HAL9000 | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
ist "????????". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch
formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die
letzten gültigen Indexwerte enthalten.
Error - 16.03.2013 05:12:26 | Computer Name = HAL9000 | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 16.03.2013 11:43:58 | Computer Name = HAL9000 | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
ist "????????". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch
formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die
letzten gültigen Indexwerte enthalten.
[ Media Center Events ]
Error - 12.03.2013 18:45:28 | Computer Name = HAL9000 | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0x80070001) AF9015 BDA
Filter
Error - 12.03.2013 20:14:02 | Computer Name = HAL9000 | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0x80070001) AF9015 BDA
Filter
[ System Events ]
Error - 17.03.2013 00:30:49 | Computer Name = HAL9000 | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error - 17.03.2013 00:30:50 | Computer Name = HAL9000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 17.03.2013 05:48:28 | Computer Name = HAL9000 | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error - 17.03.2013 05:48:29 | Computer Name = HAL9000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 18.03.2013 05:20:26 | Computer Name = HAL9000 | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error - 18.03.2013 05:20:29 | Computer Name = HAL9000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 19.03.2013 04:40:57 | Computer Name = HAL9000 | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error - 19.03.2013 04:40:58 | Computer Name = HAL9000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error - 19.03.2013 06:05:37 | Computer Name = HAL9000 | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Beim Start des Aufgabenplanungsdiensts konnten Aufgaben nicht geladen
werden. Zusätzliche Daten: Fehlerwert: 2147549183.
Error - 19.03.2013 06:05:40 | Computer Name = HAL9000 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
< End of report >
HAL6996 ( ° ) |
|
20.03.2013, 23:17
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei Nein ich wollte nur wissen warum du eine Ultimate Edition hast, die sind nämlich teurer und idr werden die nur sehr selten benötigt Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei |
|
21.03.2013, 00:38
| #7 |
| | Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei Vielen Dank cosinus! Hier die nächsten Logs: GMER Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-20 23:35:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: xovmr9vs.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\fwtdipoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\svchost.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 0000000077befc30 5 bytes JMP 000000007efa1f1f
.text C:\Windows\SysWOW64\svchost.exe[2760] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 0000000077befc60 5 bytes JMP 000000007efa1fc4
.text C:\Windows\SysWOW64\svchost.exe[2760] C:\Windows\syswow64\ws2_32.dll!GetAddrInfoW 0000000076584889 5 bytes JMP 000000007efa1870
---- Threads - GMER 2.1 ----
Thread C:\Windows\SysWOW64\msiexec.exe [2428:2448] 000000007efa3104
Thread C:\Windows\SysWOW64\msiexec.exe [2428:2452] 000000007efa32ca
Thread C:\Windows\SysWOW64\svchost.exe [2760:2768] 000000007efa33df
Thread C:\Windows\SysWOW64\svchost.exe [2760:2772] 000000007efa36d8
---- EOF - GMER 2.1 ----
MBAR ist nach 1. Scan bei Wiederherstellungspunkt - ich hatte das Häkchen drin gelassen - eingefroren Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.20.12
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HAL9000 :: HAL9000 [administrator]
20.03.2013 23:51:40
mbar-log-2013-03-20 (23-51-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28790
Time elapsed: 8 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|paquqnuvycem (Trojan.Ransom.Gen) -> Data: C:\Users\Daniel\paquqnuvycem.exe -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Regedit32 (Trojan.Agent) -> Data: C:\Windows\system32\regedit.exe -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
c:\Users\Daniel\paquqnuvycem.exe (Trojan.Ransom.Gen) -> Delete on reboot.
c:\Users\Daniel\AppData\Local\Temp\1347354608.exe (Trojan.Ransom.Gen) -> Delete on reboot.
(end)
2. Scan beim runterfahren aufgehangen Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.20.12
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HAL9000 :: HAL9000 [administrator]
21.03.2013 00:05:25
mbar-log-2013-03-21 (00-05-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28791
Time elapsed: 8 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|paquqnuvycem (Trojan.Ransom.Gen) -> Data: C:\Users\Daniel\paquqnuvycem.exe -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Regedit32 (Trojan.Agent) -> Data: C:\Windows\system32\regedit.exe -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
c:\Users\Daniel\paquqnuvycem.exe (Trojan.Ransom.Gen) -> Delete on reboot.
c:\Users\Daniel\AppData\Local\Temp\1347354608.exe (Trojan.Ransom.Gen) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.20.12
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
HAL9000 :: HAL9000 [administrator]
21.03.2013 00:26:22
mbar-log-2013-03-21 (00-26-22).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28698
Time elapsed: 10 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
HAL6996 ( ° ) |
|
21.03.2013, 10:28
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.03.2013, 11:02
| #9 |
| | Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei Hallo cosinus! Logfile aswMBR Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-21 10:35:35
-----------------------------
10:35:35.978 OS Version: Windows x64 6.1.7601 Service Pack 1
10:35:35.979 Number of processors: 2 586 0x170A
10:35:35.979 ComputerName: HAL9000 UserName: HAL9000
10:35:36.473 Initialize success
10:38:05.075 AVAST engine defs: 13032001
10:38:22.317 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:38:22.321 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
10:38:22.481 Disk 0 MBR read successfully
10:38:22.485 Disk 0 MBR scan
10:38:22.491 Disk 0 Windows 7 default MBR code
10:38:22.506 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
10:38:22.528 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147501 MB offset 20973568
10:38:22.555 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 143872 MB offset 323055616
10:38:22.587 Disk 0 Partition 4 00 12 Compaq diag NTFS 3630 MB offset 617705472
10:38:22.641 Disk 0 scanning C:\Windows\system32\drivers
10:38:33.266 Service scanning
10:38:55.444 Modules scanning
10:38:55.458 Disk 0 trace - called modules:
10:38:55.523 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
10:38:55.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057d8790]
10:38:55.561 3 CLASSPNP.SYS[fffff88001c1743f] -> nt!IofCallDriver -> [0xfffffa8003cf3e40]
10:38:55.578 5 ACPI.sys[fffff88000eea7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004704050]
10:38:56.592 AVAST engine scan C:\Windows
10:38:58.467 AVAST engine scan C:\Windows\system32
10:41:34.451 AVAST engine scan C:\Windows\system32\drivers
10:41:46.413 AVAST engine scan C:\Users\Daniel
10:44:12.221 AVAST engine scan C:\ProgramData
10:44:29.665 Scan finished successfully
10:52:06.715 Disk 0 MBR has been saved successfully to "C:\Users\Daniel\Desktop\MBR.dat"
10:52:06.721 The log file has been saved successfully to "C:\Users\Daniel\Desktop\aswMBR.txt"
TDSKILLER > 1 Threat found > medium risk Unsigned File Service: Theme File: C:\Windows\system32\themeservice.dll HAL6996 ( ° ) |
|
21.03.2013, 11:23
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei Die Logs bitte immer vollständig posten, solche eigenen Zusammenfassungen sind unnütz
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.03.2013, 21:15
| #11 |
| | Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei Hallo cosinus! Habe den Log an der falschen Stelle gesucht. Totaler Anfängerfehler, ich entschuldige mich. Jetzt aber! TDSSKiller Log Code:
ATTFilter 21:09:22.0813 2828 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:09:22.0908 2828 ============================================================
21:09:22.0908 2828 Current date / time: 2013/03/21 21:09:22.0908
21:09:22.0908 2828 SystemInfo:
21:09:22.0908 2828
21:09:22.0908 2828 OS Version: 6.1.7601 ServicePack: 1.0
21:09:22.0908 2828 Product type: Workstation
21:09:22.0908 2828 ComputerName: HAL9000
21:09:22.0909 2828 UserName: HAL9000
21:09:22.0909 2828 Windows directory: C:\Windows
21:09:22.0909 2828 System windows directory: C:\Windows
21:09:22.0909 2828 Running under WOW64
21:09:22.0909 2828 Processor architecture: Intel x64
21:09:22.0909 2828 Number of processors: 2
21:09:22.0909 2828 Page size: 0x1000
21:09:22.0909 2828 Boot type: Normal boot
21:09:22.0909 2828 ============================================================
21:09:23.0479 2828 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:09:23.0489 2828 ============================================================
21:09:23.0489 2828 \Device\Harddisk0\DR0:
21:09:23.0489 2828 MBR partitions:
21:09:23.0489 2828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x12016800
21:09:23.0489 2828 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13417000, BlocksNum 0x11900000
21:09:23.0489 2828 ============================================================
21:09:23.0520 2828 C: <-> \Device\Harddisk0\DR0\Partition1
21:09:23.0556 2828 D: <-> \Device\Harddisk0\DR0\Partition2
21:09:23.0556 2828 ============================================================
21:09:23.0557 2828 Initialize success
21:09:23.0557 2828 ============================================================
21:09:32.0376 2720 ============================================================
21:09:32.0376 2720 Scan started
21:09:32.0376 2720 Mode: Manual; SigCheck; TDLFS;
21:09:32.0376 2720 ============================================================
21:09:32.0654 2720 ================ Scan system memory ========================
21:09:32.0654 2720 System memory - ok
21:09:32.0654 2720 ================ Scan services =============================
21:09:32.0853 2720 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:09:33.0015 2720 1394ohci - ok
21:09:33.0092 2720 [ E656FE10D6D27794AFA08136685A69E8 ] 40872330 C:\Windows\system32\DRIVERS\40872330.sys
21:09:33.0155 2720 40872330 - ok
21:09:33.0211 2720 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:09:33.0241 2720 ACPI - ok
21:09:33.0284 2720 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:09:33.0357 2720 AcpiPmi - ok
21:09:33.0491 2720 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:09:33.0513 2720 AdobeARMservice - ok
21:09:33.0571 2720 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:09:33.0617 2720 adp94xx - ok
21:09:33.0665 2720 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:09:33.0686 2720 adpahci - ok
21:09:33.0694 2720 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:09:33.0711 2720 adpu320 - ok
21:09:33.0746 2720 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:09:33.0912 2720 AeLookupSvc - ok
21:09:33.0958 2720 [ 0517E1670A58213E3F206066CD209273 ] AF15BDA C:\Windows\system32\DRIVERS\AF15BDA.sys
21:09:34.0041 2720 AF15BDA - ok
21:09:34.0162 2720 [ 0D0E5281784C2C526BA43C2ECD374288 ] Afc C:\Windows\syswow64\drivers\Afc.sys
21:09:34.0179 2720 Afc - ok
21:09:34.0259 2720 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:09:34.0348 2720 AFD - ok
21:09:34.0406 2720 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:09:34.0429 2720 agp440 - ok
21:09:34.0461 2720 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:09:34.0494 2720 ALG - ok
21:09:34.0557 2720 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:09:34.0578 2720 aliide - ok
21:09:34.0615 2720 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:09:34.0636 2720 amdide - ok
21:09:34.0690 2720 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:09:34.0729 2720 AmdK8 - ok
21:09:34.0771 2720 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:09:34.0806 2720 AmdPPM - ok
21:09:34.0868 2720 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:09:34.0886 2720 amdsata - ok
21:09:34.0923 2720 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:09:34.0941 2720 amdsbs - ok
21:09:34.0957 2720 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:09:34.0970 2720 amdxata - ok
21:09:35.0027 2720 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:09:35.0256 2720 AppID - ok
21:09:35.0281 2720 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:09:35.0351 2720 AppIDSvc - ok
21:09:35.0386 2720 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:09:35.0444 2720 Appinfo - ok
21:09:35.0539 2720 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:09:35.0559 2720 Apple Mobile Device - ok
21:09:35.0596 2720 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:09:35.0634 2720 AppMgmt - ok
21:09:35.0682 2720 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:09:35.0698 2720 arc - ok
21:09:35.0708 2720 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:09:35.0723 2720 arcsas - ok
21:09:35.0756 2720 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:09:35.0837 2720 AsyncMac - ok
21:09:35.0871 2720 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:09:35.0884 2720 atapi - ok
21:09:35.0945 2720 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:09:36.0046 2720 AudioEndpointBuilder - ok
21:09:36.0061 2720 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:09:36.0106 2720 AudioSrv - ok
21:09:36.0164 2720 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:09:36.0216 2720 AxInstSV - ok
21:09:36.0270 2720 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:09:36.0301 2720 b06bdrv - ok
21:09:36.0350 2720 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:09:36.0395 2720 b57nd60a - ok
21:09:36.0429 2720 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:09:36.0463 2720 BDESVC - ok
21:09:36.0477 2720 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:09:36.0527 2720 Beep - ok
21:09:36.0593 2720 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:09:36.0652 2720 BFE - ok
21:09:36.0701 2720 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:09:36.0815 2720 BITS - ok
21:09:36.0843 2720 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:09:36.0876 2720 blbdrive - ok
21:09:36.0954 2720 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:09:36.0991 2720 Bonjour Service - ok
21:09:37.0037 2720 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:09:37.0061 2720 bowser - ok
21:09:37.0095 2720 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:09:37.0172 2720 BrFiltLo - ok
21:09:37.0177 2720 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:09:37.0216 2720 BrFiltUp - ok
21:09:37.0248 2720 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:09:37.0283 2720 Browser - ok
21:09:37.0303 2720 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:09:37.0330 2720 Brserid - ok
21:09:37.0343 2720 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:09:37.0369 2720 BrSerWdm - ok
21:09:37.0387 2720 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:09:37.0418 2720 BrUsbMdm - ok
21:09:37.0423 2720 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:09:37.0440 2720 BrUsbSer - ok
21:09:37.0479 2720 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:09:37.0506 2720 BTHMODEM - ok
21:09:37.0543 2720 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:09:37.0594 2720 bthserv - ok
21:09:37.0611 2720 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:09:37.0653 2720 cdfs - ok
21:09:37.0706 2720 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:09:37.0742 2720 cdrom - ok
21:09:37.0782 2720 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:09:37.0835 2720 CertPropSvc - ok
21:09:37.0869 2720 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:09:37.0906 2720 circlass - ok
21:09:37.0944 2720 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:09:37.0965 2720 CLFS - ok
21:09:38.0029 2720 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:09:38.0046 2720 clr_optimization_v2.0.50727_32 - ok
21:09:38.0096 2720 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:09:38.0108 2720 clr_optimization_v2.0.50727_64 - ok
21:09:38.0206 2720 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:09:38.0268 2720 clr_optimization_v4.0.30319_32 - ok
21:09:38.0290 2720 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:09:38.0305 2720 clr_optimization_v4.0.30319_64 - ok
21:09:38.0331 2720 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:09:38.0360 2720 CmBatt - ok
21:09:38.0386 2720 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:09:38.0402 2720 cmdide - ok
21:09:38.0442 2720 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
21:09:38.0487 2720 CNG - ok
21:09:38.0522 2720 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:09:38.0535 2720 Compbatt - ok
21:09:38.0566 2720 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:09:38.0595 2720 CompositeBus - ok
21:09:38.0613 2720 COMSysApp - ok
21:09:38.0632 2720 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:09:38.0647 2720 crcdisk - ok
21:09:38.0691 2720 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:09:38.0733 2720 CryptSvc - ok
21:09:38.0770 2720 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
21:09:38.0830 2720 CSC - ok
21:09:38.0867 2720 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
21:09:38.0912 2720 CscService - ok
21:09:38.0946 2720 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:09:39.0020 2720 DcomLaunch - ok
21:09:39.0102 2720 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:09:39.0164 2720 defragsvc - ok
21:09:39.0215 2720 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:09:39.0280 2720 DfsC - ok
21:09:39.0311 2720 [ 2D589A2C024B2FB238535DB9F7B3597D ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
21:09:39.0321 2720 DgiVecp - ok
21:09:39.0364 2720 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:09:39.0438 2720 Dhcp - ok
21:09:39.0472 2720 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:09:39.0528 2720 discache - ok
21:09:39.0560 2720 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:09:39.0574 2720 Disk - ok
21:09:39.0626 2720 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:09:39.0672 2720 Dnscache - ok
21:09:39.0708 2720 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:09:39.0750 2720 dot3svc - ok
21:09:39.0793 2720 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:09:39.0884 2720 DPS - ok
21:09:39.0935 2720 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:09:39.0961 2720 drmkaud - ok
21:09:40.0016 2720 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:09:40.0044 2720 DXGKrnl - ok
21:09:40.0119 2720 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
21:09:40.0164 2720 E1G60 - ok
21:09:40.0198 2720 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:09:40.0306 2720 EapHost - ok
21:09:40.0709 2720 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:09:40.0864 2720 ebdrv - ok
21:09:40.0905 2720 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:09:40.0986 2720 EFS - ok
21:09:41.0036 2720 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:09:41.0107 2720 ehRecvr - ok
21:09:41.0163 2720 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:09:41.0195 2720 ehSched - ok
21:09:41.0237 2720 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:09:41.0264 2720 elxstor - ok
21:09:41.0299 2720 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:09:41.0330 2720 ErrDev - ok
21:09:41.0374 2720 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:09:41.0436 2720 EventSystem - ok
21:09:41.0474 2720 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:09:41.0516 2720 exfat - ok
21:09:41.0537 2720 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:09:41.0599 2720 fastfat - ok
21:09:41.0675 2720 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:09:41.0760 2720 Fax - ok
21:09:41.0804 2720 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:09:41.0839 2720 fdc - ok
21:09:41.0876 2720 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:09:41.0937 2720 fdPHost - ok
21:09:41.0954 2720 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:09:42.0005 2720 FDResPub - ok
21:09:42.0043 2720 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:09:42.0056 2720 FileInfo - ok
21:09:42.0071 2720 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:09:42.0135 2720 Filetrace - ok
21:09:42.0154 2720 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:09:42.0187 2720 flpydisk - ok
21:09:42.0231 2720 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:09:42.0250 2720 FltMgr - ok
21:09:42.0290 2720 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
21:09:42.0361 2720 FontCache - ok
21:09:42.0404 2720 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:09:42.0414 2720 FontCache3.0.0.0 - ok
21:09:42.0438 2720 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:09:42.0452 2720 FsDepends - ok
21:09:42.0492 2720 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:09:42.0505 2720 Fs_Rec - ok
21:09:42.0552 2720 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:09:42.0573 2720 fvevol - ok
21:09:42.0589 2720 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:09:42.0619 2720 gagp30kx - ok
21:09:42.0656 2720 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:09:42.0665 2720 GEARAspiWDM - ok
21:09:42.0758 2720 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:09:42.0849 2720 gpsvc - ok
21:09:42.0923 2720 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:09:42.0943 2720 gupdate - ok
21:09:42.0952 2720 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:09:42.0964 2720 gupdatem - ok
21:09:42.0995 2720 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:09:43.0023 2720 hcw85cir - ok
21:09:43.0093 2720 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:09:43.0135 2720 HdAudAddService - ok
21:09:43.0187 2720 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:09:43.0223 2720 HDAudBus - ok
21:09:43.0244 2720 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:09:43.0275 2720 HidBatt - ok
21:09:43.0299 2720 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:09:43.0327 2720 HidBth - ok
21:09:43.0365 2720 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:09:43.0392 2720 HidIr - ok
21:09:43.0452 2720 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:09:43.0518 2720 hidserv - ok
21:09:43.0576 2720 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:09:43.0636 2720 HidUsb - ok
21:09:43.0675 2720 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:09:43.0734 2720 hkmsvc - ok
21:09:43.0779 2720 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:09:43.0822 2720 HomeGroupListener - ok
21:09:43.0862 2720 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:09:43.0889 2720 HomeGroupProvider - ok
21:09:43.0930 2720 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:09:43.0945 2720 HpSAMD - ok
21:09:44.0006 2720 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:09:44.0111 2720 HTTP - ok
21:09:44.0146 2720 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:09:44.0158 2720 hwpolicy - ok
21:09:44.0190 2720 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:09:44.0222 2720 i8042prt - ok
21:09:44.0343 2720 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:09:44.0381 2720 IAANTMON - ok
21:09:44.0426 2720 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:09:44.0450 2720 iaStor - ok
21:09:44.0504 2720 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:09:44.0526 2720 iaStorV - ok
21:09:44.0600 2720 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:09:44.0670 2720 idsvc - ok
21:09:44.0694 2720 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:09:44.0708 2720 iirsp - ok
21:09:44.0768 2720 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:09:44.0883 2720 IKEEXT - ok
21:09:44.0992 2720 [ 1A6241B70453A6629A83DB942AA6B08C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:09:45.0035 2720 IntcAzAudAddService - ok
21:09:45.0070 2720 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:09:45.0084 2720 intelide - ok
21:09:45.0143 2720 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:09:45.0182 2720 intelppm - ok
21:09:45.0296 2720 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:09:45.0399 2720 IPBusEnum - ok
21:09:45.0432 2720 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:09:45.0481 2720 IpFilterDriver - ok
21:09:45.0535 2720 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:09:45.0739 2720 iphlpsvc - ok
21:09:45.0771 2720 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:09:45.0794 2720 IPMIDRV - ok
21:09:45.0833 2720 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:09:45.0887 2720 IPNAT - ok
21:09:45.0956 2720 [ EE4C2A137C7088911A8919EFFC9812E7 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:09:46.0004 2720 iPod Service - ok
21:09:46.0031 2720 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:09:46.0056 2720 IRENUM - ok
21:09:46.0094 2720 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:09:46.0107 2720 isapnp - ok
21:09:46.0148 2720 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:09:46.0167 2720 iScsiPrt - ok
21:09:46.0223 2720 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:09:46.0236 2720 kbdclass - ok
21:09:46.0288 2720 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:09:46.0346 2720 kbdhid - ok
21:09:46.0363 2720 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:09:46.0377 2720 KeyIso - ok
21:09:46.0417 2720 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:09:46.0432 2720 KSecDD - ok
21:09:46.0478 2720 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:09:46.0501 2720 KSecPkg - ok
21:09:46.0537 2720 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:09:46.0593 2720 ksthunk - ok
21:09:46.0644 2720 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:09:46.0718 2720 KtmRm - ok
21:09:46.0757 2720 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
21:09:46.0787 2720 L1E - ok
21:09:46.0830 2720 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:09:46.0884 2720 LanmanServer - ok
21:09:46.0921 2720 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:09:46.0964 2720 LanmanWorkstation - ok
21:09:46.0998 2720 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:09:47.0052 2720 lltdio - ok
21:09:47.0093 2720 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:09:47.0155 2720 lltdsvc - ok
21:09:47.0592 2720 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:09:47.0875 2720 lmhosts - ok
21:09:47.0903 2720 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:09:47.0919 2720 LSI_FC - ok
21:09:47.0947 2720 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:09:47.0962 2720 LSI_SAS - ok
21:09:47.0976 2720 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:09:47.0991 2720 LSI_SAS2 - ok
21:09:47.0999 2720 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:09:48.0014 2720 LSI_SCSI - ok
21:09:48.0036 2720 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:09:48.0109 2720 luafv - ok
21:09:48.0186 2720 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:09:48.0197 2720 MBAMProtector - ok
21:09:48.0303 2720 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Anti-Malware\mbamscheduler.exe
21:09:48.0327 2720 MBAMScheduler - ok
21:09:48.0378 2720 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Anti-Malware\mbamservice.exe
21:09:48.0407 2720 MBAMService - ok
21:09:48.0463 2720 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:09:48.0494 2720 Mcx2Svc - ok
21:09:48.0526 2720 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:09:48.0539 2720 megasas - ok
21:09:48.0556 2720 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:09:48.0575 2720 MegaSR - ok
21:09:48.0611 2720 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:09:48.0652 2720 MMCSS - ok
21:09:49.0263 2720 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:09:49.0344 2720 Modem - ok
21:09:49.0370 2720 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:09:49.0402 2720 monitor - ok
21:09:49.0446 2720 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:09:49.0459 2720 mouclass - ok
21:09:49.0465 2720 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:09:49.0493 2720 mouhid - ok
21:09:49.0542 2720 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:09:49.0565 2720 mountmgr - ok
21:09:49.0603 2720 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:09:49.0629 2720 mpio - ok
21:09:49.0662 2720 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:09:49.0755 2720 mpsdrv - ok
21:09:49.0922 2720 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:09:50.0021 2720 MpsSvc - ok
21:09:50.0043 2720 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:09:50.0065 2720 MRxDAV - ok
21:09:50.0102 2720 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:09:50.0135 2720 mrxsmb - ok
21:09:50.0155 2720 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:09:50.0205 2720 mrxsmb10 - ok
21:09:50.0234 2720 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:09:50.0281 2720 mrxsmb20 - ok
21:09:50.0313 2720 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:09:50.0325 2720 msahci - ok
21:09:50.0365 2720 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:09:50.0382 2720 msdsm - ok
21:09:50.0404 2720 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:09:50.0450 2720 MSDTC - ok
21:09:50.0489 2720 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:09:50.0528 2720 Msfs - ok
21:09:50.0567 2720 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:09:50.0628 2720 mshidkmdf - ok
21:09:50.0661 2720 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:09:50.0673 2720 msisadrv - ok
21:09:50.0700 2720 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:09:50.0757 2720 MSiSCSI - ok
21:09:50.0762 2720 msiserver - ok
21:09:50.0804 2720 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:09:50.0861 2720 MSKSSRV - ok
21:09:50.0867 2720 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:09:50.0913 2720 MSPCLOCK - ok
21:09:50.0919 2720 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:09:50.0964 2720 MSPQM - ok
21:09:51.0023 2720 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:09:51.0056 2720 MsRPC - ok
21:09:51.0097 2720 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:09:51.0112 2720 mssmbios - ok
21:09:51.0140 2720 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:09:51.0193 2720 MSTEE - ok
21:09:51.0199 2720 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:09:51.0223 2720 MTConfig - ok
21:09:51.0246 2720 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:09:51.0259 2720 Mup - ok
21:09:51.0448 2720 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:09:51.0530 2720 napagent - ok
21:09:51.0557 2720 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:09:51.0600 2720 NativeWifiP - ok
21:09:51.0674 2720 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:09:51.0733 2720 NDIS - ok
21:09:51.0772 2720 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:09:51.0823 2720 NdisCap - ok
21:09:51.0851 2720 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:09:51.0899 2720 NdisTapi - ok
21:09:51.0952 2720 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:09:52.0003 2720 Ndisuio - ok
21:09:52.0034 2720 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:09:52.0076 2720 NdisWan - ok
21:09:52.0111 2720 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:09:52.0150 2720 NDProxy - ok
21:09:52.0166 2720 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:09:52.0219 2720 NetBIOS - ok
21:09:52.0255 2720 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:09:52.0342 2720 NetBT - ok
21:09:52.0367 2720 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:09:52.0381 2720 Netlogon - ok
21:09:52.0425 2720 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:09:52.0485 2720 Netman - ok
21:09:52.0497 2720 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:09:52.0566 2720 netprofm - ok
21:09:52.0596 2720 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:09:52.0608 2720 NetTcpPortSharing - ok
21:09:52.0777 2720 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
21:09:52.0956 2720 netw5v64 - ok
21:09:53.0053 2720 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:09:53.0074 2720 nfrd960 - ok
21:09:53.0140 2720 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:09:53.0191 2720 NlaSvc - ok
21:09:53.0213 2720 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:09:53.0254 2720 Npfs - ok
21:09:53.0282 2720 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:09:53.0335 2720 nsi - ok
21:09:53.0380 2720 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:09:53.0495 2720 nsiproxy - ok
21:09:53.0574 2720 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:09:53.0674 2720 Ntfs - ok
21:09:53.0700 2720 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:09:53.0757 2720 Null - ok
21:09:53.0820 2720 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
21:09:53.0833 2720 NVHDA - ok
21:09:54.0148 2720 [ 24F526274353FF7BB93D99D238E582DA ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:09:54.0353 2720 nvlddmkm - ok
21:09:54.0401 2720 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:09:54.0419 2720 nvraid - ok
21:09:54.0448 2720 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:09:54.0464 2720 nvstor - ok
21:09:54.0519 2720 [ AAD3B6F3E5B9FE1D29BF627904F6120F ] nvsvc C:\Windows\system32\nvvsvc.exe
21:09:54.0559 2720 nvsvc - ok
21:09:54.0602 2720 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:09:54.0617 2720 nv_agp - ok
21:09:54.0669 2720 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:09:54.0698 2720 ohci1394 - ok
21:09:54.0731 2720 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:09:54.0769 2720 p2pimsvc - ok
21:09:54.0818 2720 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:09:54.0860 2720 p2psvc - ok
21:09:54.0904 2720 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:09:54.0943 2720 Parport - ok
21:09:54.0984 2720 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:09:54.0997 2720 partmgr - ok
21:09:55.0011 2720 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:09:55.0044 2720 PcaSvc - ok
21:09:55.0071 2720 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:09:55.0087 2720 pci - ok
21:09:55.0165 2720 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:09:55.0187 2720 pciide - ok
21:09:55.0230 2720 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:09:55.0248 2720 pcmcia - ok
21:09:55.0267 2720 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:09:55.0280 2720 pcw - ok
21:09:55.0310 2720 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:09:55.0398 2720 PEAUTH - ok
21:09:55.0650 2720 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:09:55.0758 2720 PeerDistSvc - ok
21:09:55.0899 2720 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:09:55.0955 2720 PerfHost - ok
21:09:56.0030 2720 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:09:56.0167 2720 pla - ok
21:09:56.0244 2720 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:09:56.0278 2720 PlugPlay - ok
21:09:56.0302 2720 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:09:56.0328 2720 PNRPAutoReg - ok
21:09:56.0354 2720 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:09:56.0372 2720 PNRPsvc - ok
21:09:56.0583 2720 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:09:56.0679 2720 PolicyAgent - ok
21:09:56.0743 2720 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:09:56.0811 2720 Power - ok
21:09:56.0862 2720 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:09:56.0934 2720 PptpMiniport - ok
21:09:56.0981 2720 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:09:56.0996 2720 Processor - ok
21:09:57.0043 2720 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:09:57.0062 2720 ProfSvc - ok
21:09:57.0082 2720 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:09:57.0096 2720 ProtectedStorage - ok
21:09:57.0138 2720 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:09:57.0191 2720 Psched - ok
21:09:57.0272 2720 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:09:57.0359 2720 ql2300 - ok
21:09:57.0467 2720 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:09:57.0492 2720 ql40xx - ok
21:09:57.0552 2720 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:09:57.0586 2720 QWAVE - ok
21:09:57.0615 2720 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:09:57.0649 2720 QWAVEdrv - ok
21:09:57.0713 2720 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:09:57.0774 2720 RasAcd - ok
21:09:57.0810 2720 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:09:57.0865 2720 RasAgileVpn - ok
21:09:57.0904 2720 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:09:57.0953 2720 RasAuto - ok
21:09:57.0986 2720 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:09:58.0038 2720 Rasl2tp - ok
21:09:58.0074 2720 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:09:58.0132 2720 RasMan - ok
21:09:58.0309 2720 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:09:58.0366 2720 RasPppoe - ok
21:09:58.0382 2720 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:09:58.0438 2720 RasSstp - ok
21:09:58.0478 2720 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:09:58.0543 2720 rdbss - ok
21:09:58.0596 2720 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:09:58.0641 2720 rdpbus - ok
21:09:58.0662 2720 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:09:58.0735 2720 RDPCDD - ok
21:09:58.0779 2720 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:09:58.0796 2720 RDPDR - ok
21:09:58.0814 2720 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:09:58.0870 2720 RDPENCDD - ok
21:09:58.0892 2720 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:09:58.0970 2720 RDPREFMP - ok
21:09:59.0035 2720 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:09:59.0069 2720 RdpVideoMiniport - ok
21:09:59.0108 2720 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:09:59.0136 2720 RDPWD - ok
21:09:59.0182 2720 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:09:59.0199 2720 rdyboost - ok
21:09:59.0223 2720 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:09:59.0280 2720 RemoteAccess - ok
21:09:59.0332 2720 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:09:59.0390 2720 RemoteRegistry - ok
21:09:59.0427 2720 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:09:59.0482 2720 RpcEptMapper - ok
21:09:59.0525 2720 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:09:59.0566 2720 RpcLocator - ok
21:09:59.0604 2720 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:09:59.0648 2720 RpcSs - ok
21:09:59.0734 2720 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:09:59.0832 2720 rspndr - ok
21:09:59.0855 2720 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:09:59.0875 2720 s3cap - ok
21:09:59.0895 2720 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:09:59.0908 2720 SamSs - ok
21:09:59.0935 2720 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:09:59.0951 2720 sbp2port - ok
21:09:59.0980 2720 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:10:00.0057 2720 SCardSvr - ok
21:10:00.0090 2720 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:10:00.0143 2720 scfilter - ok
21:10:00.0220 2720 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:10:00.0316 2720 Schedule - ok
21:10:00.0586 2720 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:10:00.0640 2720 SCPolicySvc - ok
21:10:00.0723 2720 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:10:00.0828 2720 SDRSVC - ok
21:10:00.0880 2720 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:10:00.0942 2720 secdrv - ok
21:10:00.0973 2720 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:10:01.0014 2720 seclogon - ok
21:10:01.0047 2720 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:10:01.0156 2720 SENS - ok
21:10:01.0246 2720 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:10:01.0317 2720 SensrSvc - ok
21:10:01.0368 2720 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:10:01.0385 2720 Serenum - ok
21:10:01.0405 2720 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:10:01.0442 2720 Serial - ok
21:10:01.0473 2720 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:10:01.0505 2720 sermouse - ok
21:10:01.0697 2720 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:10:01.0792 2720 SessionEnv - ok
21:10:01.0820 2720 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:10:01.0848 2720 sffdisk - ok
21:10:01.0858 2720 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:10:01.0875 2720 sffp_mmc - ok
21:10:01.0880 2720 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:10:01.0898 2720 sffp_sd - ok
21:10:01.0928 2720 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:10:01.0958 2720 sfloppy - ok
21:10:01.0992 2720 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:10:02.0037 2720 SharedAccess - ok
21:10:02.0097 2720 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:10:02.0172 2720 ShellHWDetection - ok
21:10:02.0195 2720 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:10:02.0209 2720 SiSRaid2 - ok
21:10:02.0228 2720 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:10:02.0243 2720 SiSRaid4 - ok
21:10:02.0297 2720 [ C205EE85FB05593FDF29F1B6C1553A04 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:10:02.0311 2720 SkypeUpdate - ok
21:10:02.0360 2720 [ DD0443BC6CC78A19FD399817F8C51401 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
21:10:02.0369 2720 SmartDefragDriver - ok
21:10:02.0405 2720 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:10:02.0458 2720 Smb - ok
21:10:02.0508 2720 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:10:02.0542 2720 SNMPTRAP - ok
21:10:02.0574 2720 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:10:02.0587 2720 spldr - ok
21:10:02.0697 2720 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:10:02.0765 2720 Spooler - ok
21:10:02.0881 2720 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:10:03.0039 2720 sppsvc - ok
21:10:03.0179 2720 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:10:03.0279 2720 sppuinotify - ok
21:10:03.0392 2720 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:10:03.0504 2720 srv - ok
21:10:03.0532 2720 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:10:03.0575 2720 srv2 - ok
21:10:03.0610 2720 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:10:03.0642 2720 SrvHsfHDA - ok
21:10:03.0693 2720 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:10:03.0788 2720 SrvHsfV92 - ok
21:10:03.0823 2720 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:10:03.0877 2720 SrvHsfWinac - ok
21:10:03.0903 2720 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:10:03.0929 2720 srvnet - ok
21:10:03.0971 2720 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:10:04.0032 2720 SSDPSRV - ok
21:10:04.0087 2720 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
21:10:04.0098 2720 SSPORT - ok
21:10:04.0174 2720 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:10:04.0229 2720 SstpSvc - ok
21:10:04.0259 2720 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:10:04.0273 2720 stexstor - ok
21:10:04.0327 2720 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:10:04.0380 2720 stisvc - ok
21:10:04.0754 2720 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:10:04.0778 2720 storflt - ok
21:10:04.0854 2720 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:10:04.0876 2720 storvsc - ok
21:10:04.0908 2720 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:10:04.0920 2720 swenum - ok
21:10:04.0962 2720 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:10:05.0061 2720 swprv - ok
21:10:05.0097 2720 Synth3dVsc - ok
21:10:05.0176 2720 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:10:05.0274 2720 SysMain - ok
21:10:05.0306 2720 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:10:05.0348 2720 TabletInputService - ok
21:10:05.0391 2720 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:10:05.0465 2720 TapiSrv - ok
21:10:05.0491 2720 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:10:05.0542 2720 TBS - ok
21:10:05.0631 2720 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:10:05.0723 2720 Tcpip - ok
21:10:05.0784 2720 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:10:05.0827 2720 TCPIP6 - ok
21:10:05.0886 2720 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:10:05.0908 2720 tcpipreg - ok
21:10:06.0004 2720 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:10:06.0026 2720 TDPIPE - ok
21:10:06.0094 2720 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:10:06.0123 2720 TDTCP - ok
21:10:06.0167 2720 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:10:06.0228 2720 tdx - ok
21:10:06.0274 2720 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:10:06.0287 2720 TermDD - ok
21:10:06.0512 2720 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:10:06.0634 2720 TermService - ok
21:10:06.0876 2720 [ 9201BE2BAB8A9FF8E20D8439AE3BB04D ] Themes C:\Windows\system32\themeservice.dll
21:10:06.0884 2720 Themes ( UnsignedFile.Multi.Generic ) - warning
21:10:06.0885 2720 Themes - detected UnsignedFile.Multi.Generic (1)
21:10:06.0912 2720 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:10:06.0954 2720 THREADORDER - ok
21:10:06.0977 2720 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:10:07.0034 2720 TrkWks - ok
21:10:07.0148 2720 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:10:07.0248 2720 TrustedInstaller - ok
21:10:07.0290 2720 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:10:07.0340 2720 tssecsrv - ok
21:10:07.0374 2720 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:10:07.0399 2720 TsUsbFlt - ok
21:10:07.0404 2720 tsusbhub - ok
21:10:07.0472 2720 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:10:07.0516 2720 tunnel - ok
21:10:07.0546 2720 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:10:07.0561 2720 uagp35 - ok
21:10:07.0606 2720 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:10:07.0658 2720 udfs - ok
21:10:07.0696 2720 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:10:07.0730 2720 UI0Detect - ok
21:10:07.0786 2720 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:10:07.0801 2720 uliagpkx - ok
21:10:07.0830 2720 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:10:07.0854 2720 umbus - ok
21:10:07.0886 2720 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:10:07.0941 2720 UmPass - ok
21:10:07.0966 2720 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
21:10:08.0001 2720 UmRdpService - ok
21:10:08.0043 2720 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:10:08.0119 2720 upnphost - ok
21:10:08.0175 2720 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:10:08.0199 2720 USBAAPL64 - ok
21:10:08.0235 2720 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:10:08.0251 2720 usbccgp - ok
21:10:08.0299 2720 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:10:08.0333 2720 usbcir - ok
21:10:08.0390 2720 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:10:08.0431 2720 usbehci - ok
21:10:08.0460 2720 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:10:08.0479 2720 usbhub - ok
21:10:08.0512 2720 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:10:08.0544 2720 usbohci - ok
21:10:08.0610 2720 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:10:08.0639 2720 usbprint - ok
21:10:08.0679 2720 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:10:08.0709 2720 USBSTOR - ok
21:10:08.0781 2720 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:10:08.0808 2720 usbuhci - ok
21:10:08.0864 2720 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:10:08.0913 2720 usbvideo - ok
21:10:08.0965 2720 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:10:09.0024 2720 UxSms - ok
21:10:09.0045 2720 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:10:09.0059 2720 VaultSvc - ok
21:10:09.0112 2720 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:10:09.0126 2720 vdrvroot - ok
21:10:09.0630 2720 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:10:09.0734 2720 vds - ok
21:10:09.0793 2720 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:10:09.0826 2720 vga - ok
21:10:09.0847 2720 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:10:09.0906 2720 VgaSave - ok
21:10:09.0927 2720 VGPU - ok
21:10:09.0981 2720 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:10:09.0998 2720 vhdmp - ok
21:10:10.0021 2720 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:10:10.0034 2720 viaide - ok
21:10:10.0091 2720 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:10:10.0108 2720 vmbus - ok
21:10:10.0125 2720 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:10:10.0150 2720 VMBusHID - ok
21:10:10.0175 2720 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:10:10.0189 2720 volmgr - ok
21:10:10.0305 2720 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:10:10.0331 2720 volmgrx - ok
21:10:10.0368 2720 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:10:10.0387 2720 volsnap - ok
21:10:10.0425 2720 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:10:10.0443 2720 vsmraid - ok
21:10:10.0518 2720 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:10:10.0657 2720 VSS - ok
21:10:10.0685 2720 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:10:10.0716 2720 vwifibus - ok
21:10:10.0755 2720 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:10:10.0803 2720 W32Time - ok
21:10:10.0869 2720 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:10:10.0891 2720 WacomPen - ok
21:10:10.0940 2720 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:10:10.0980 2720 WANARP - ok
21:10:10.0986 2720 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:10:11.0027 2720 Wanarpv6 - ok
21:10:11.0125 2720 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:10:11.0206 2720 wbengine - ok
21:10:11.0237 2720 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:10:11.0261 2720 WbioSrvc - ok
21:10:11.0296 2720 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:10:11.0324 2720 wcncsvc - ok
21:10:11.0354 2720 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:10:11.0380 2720 WcsPlugInService - ok
21:10:11.0410 2720 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:10:11.0423 2720 Wd - ok
21:10:11.0488 2720 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:10:11.0558 2720 Wdf01000 - ok
21:10:11.0575 2720 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:10:11.0670 2720 WdiServiceHost - ok
21:10:11.0674 2720 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:10:11.0696 2720 WdiSystemHost - ok
21:10:11.0741 2720 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:10:11.0782 2720 WebClient - ok
21:10:11.0826 2720 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:10:11.0918 2720 Wecsvc - ok
21:10:11.0935 2720 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:10:11.0979 2720 wercplsupport - ok
21:10:11.0990 2720 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:10:12.0034 2720 WerSvc - ok
21:10:12.0055 2720 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:10:12.0096 2720 WfpLwf - ok
21:10:12.0114 2720 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:10:12.0129 2720 WIMMount - ok
21:10:12.0164 2720 [ 54D68B92DC59FBBA95919C804A7C3E07 ] winbondcir C:\Windows\system32\DRIVERS\winbondcir.sys
21:10:12.0190 2720 winbondcir - ok
21:10:12.0207 2720 WinDefend - ok
21:10:12.0214 2720 WinHttpAutoProxySvc - ok
21:10:12.0284 2720 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:10:12.0398 2720 Winmgmt - ok
21:10:12.0862 2720 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:10:12.0992 2720 WinRM - ok
21:10:13.0076 2720 [ FE88B288356E7B47B74B13372ADD906D ] winusb C:\Windows\system32\DRIVERS\winusb.sys
21:10:13.0112 2720 winusb - ok
21:10:13.0162 2720 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:10:13.0228 2720 Wlansvc - ok
21:10:13.0273 2720 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:10:13.0287 2720 WmiAcpi - ok
21:10:13.0322 2720 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:10:13.0353 2720 wmiApSrv - ok
21:10:13.0414 2720 WMPNetworkSvc - ok
21:10:13.0576 2720 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:10:13.0597 2720 WPCSvc - ok
21:10:13.0647 2720 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:10:13.0675 2720 WPDBusEnum - ok
21:10:13.0707 2720 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:10:13.0759 2720 ws2ifsl - ok
21:10:13.0787 2720 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:10:13.0826 2720 wscsvc - ok
21:10:13.0915 2720 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:10:14.0026 2720 wuauserv - ok
21:10:14.0169 2720 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:10:14.0200 2720 WudfPf - ok
21:10:14.0256 2720 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:10:14.0307 2720 WUDFRd - ok
21:10:14.0338 2720 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:10:14.0357 2720 wudfsvc - ok
21:10:14.0419 2720 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:10:14.0480 2720 WwanSvc - ok
21:10:14.0499 2720 ================ Scan global ===============================
21:10:14.0519 2720 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:10:14.0548 2720 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:10:14.0569 2720 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:10:14.0592 2720 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:10:14.0632 2720 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:10:14.0638 2720 [Global] - ok
21:10:14.0638 2720 ================ Scan MBR ==================================
21:10:14.0669 2720 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:10:16.0339 2720 \Device\Harddisk0\DR0 - ok
21:10:16.0339 2720 ================ Scan VBR ==================================
21:10:16.0429 2720 [ 02427ECBE8A356FC262CF4FF523E21C2 ] \Device\Harddisk0\DR0\Partition1
21:10:16.0432 2720 \Device\Harddisk0\DR0\Partition1 - ok
21:10:16.0934 2720 [ 9AC544CD5D43A5721988D52A067D7CC9 ] \Device\Harddisk0\DR0\Partition2
21:10:16.0936 2720 \Device\Harddisk0\DR0\Partition2 - ok
21:10:16.0937 2720 ============================================================
21:10:16.0937 2720 Scan finished
21:10:16.0937 2720 ============================================================
21:10:16.0954 2568 Detected object count: 1
21:10:16.0954 2568 Actual detected object count: 1
21:11:08.0171 2568 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
21:11:08.0171 2568 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
HAL6996 ( ° ) |
|
22.03.2013, 11:15
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2013, 12:01
| #13 |
| | Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei Hallo cosinus! Hier der ComboFix Log Code:
ATTFilter ComboFix 13-03-21.02 - HAL9000 22.03.2013 11:43:53.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4061.2798 [GMT 1:00]
ausgeführt von:: d:\download\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1363603086.bdinstall.bin
c:\users\Daniel\AppData\Roaming\system32
c:\windows\SysWow64\themeui.dll.tmp
c:\windows\SysWow64\uxtheme.dll.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-22 bis 2013-03-22 ))))))))))))))))))))))))))))))
.
.
2013-03-22 10:48 . 2013-03-22 10:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-22 10:47 . 2013-03-22 10:47 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E4B2C6D-75DE-48AD-9683-C6F18B19F4D5}\offreg.dll
2013-03-22 10:12 . 2013-03-22 10:12 -------- d-----w- c:\program files (x86)\Realtek
2013-03-22 10:00 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E4B2C6D-75DE-48AD-9683-C6F18B19F4D5}\mpengine.dll
2013-03-19 23:48 . 2013-03-19 23:49 -------- d-----w- c:\program files (x86)\Secure Banking
2013-03-19 21:23 . 2013-02-18 11:18 460888 ----a-w- c:\windows\system32\drivers\40872330.sys
2013-03-19 09:42 . 2013-03-19 09:42 -------- d-----w- c:\programdata\Kaspersky Lab
2013-03-19 08:54 . 2013-03-19 08:54 -------- d-----w- c:\users\Daniel\AppData\Roaming\Malwarebytes
2013-03-19 08:53 . 2013-03-19 08:53 -------- d-----w- c:\programdata\Malwarebytes
2013-03-19 08:53 . 2013-03-20 10:55 -------- d-----w- c:\program files (x86)\Anti-Malware
2013-03-19 08:53 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-19 08:49 . 2013-03-19 08:49 -------- d-----w- c:\users\Daniel\AppData\Local\Programs
2013-03-18 10:39 . 2013-03-18 10:39 -------- d-----w- c:\program files\Bitdefender
2013-03-18 10:37 . 2013-03-18 10:38 -------- d-----w- c:\program files\Common Files\Bitdefender
2013-03-18 10:31 . 2013-03-18 10:31 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-03-18 10:31 . 2013-03-18 10:31 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-18 10:31 . 2013-03-18 10:31 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-18 09:36 . 2013-03-18 10:43 -------- d-----w- c:\users\Daniel\AppData\Roaming\QuickScan
2013-03-18 09:34 . 2013-03-18 09:34 -------- d-----w- c:\program files\NVIDIA Corporation
2013-03-17 14:15 . 2013-03-17 17:19 -------- d-----w- c:\users\Daniel\AppData\Local\http___www.julien-manici
2013-03-17 10:05 . 2013-03-22 00:21 -------- d-----w- c:\users\Daniel\AppData\Local\Spotify
2013-03-17 10:04 . 2013-03-22 00:26 -------- d-----w- c:\users\Daniel\AppData\Roaming\Spotify
2013-03-12 22:21 . 2013-03-12 22:21 -------- d-----w- c:\windows\ehome
2013-03-12 22:21 . 2013-03-12 22:21 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2013-03-12 21:57 . 2013-03-12 21:57 -------- d-----w- c:\users\Daniel\AppData\Roaming\ArcSoft
2013-03-12 21:57 . 2006-09-18 07:50 22784 ----a-w- c:\windows\SysWow64\drivers\afc.sys
2013-03-12 21:49 . 2013-03-12 21:49 28672 ----a-w- c:\windows\system32\AF15BDAEX.dll
2013-03-12 21:49 . 2013-03-12 21:49 126 ----a-w- c:\windows\system32\AF15IRTBL.bin
2013-03-12 21:49 . 2013-03-12 21:49 507392 ----a-w- c:\windows\system32\drivers\AF15BDA.sys
2013-03-11 10:43 . 2013-03-11 10:43 -------- d-----w- c:\programdata\Local Settings
2013-03-10 15:33 . 2012-05-08 17:34 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-03-10 15:33 . 2013-03-10 15:33 -------- d-----w- c:\programdata\IObit
2013-03-10 15:33 . 2013-03-10 15:33 -------- d-----w- c:\users\Daniel\AppData\Roaming\IObit
2013-03-10 15:33 . 2010-11-26 17:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-03-10 15:33 . 2013-03-10 15:33 -------- d-----w- c:\program files (x86)\IObit
2013-03-09 14:07 . 2013-03-09 14:07 -------- d-----w- c:\users\Daniel\AppData\Roaming\OpenOffice.org
2013-03-09 14:05 . 2013-03-09 14:05 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2013-03-09 12:31 . 2013-03-09 12:31 -------- d-----w- c:\users\Daniel\AppData\Roaming\dvdcss
2013-03-09 11:43 . 2013-03-12 23:04 -------- d-----w- c:\users\Daniel\AppData\Roaming\vlc
2013-03-09 11:39 . 2013-03-09 11:39 -------- d-----w- c:\program files (x86)\VideoLAN
2013-03-09 11:24 . 2013-03-09 11:24 -------- d-----w- c:\users\Daniel\AppData\Roaming\DL
2013-03-09 11:23 . 2013-03-09 11:30 -------- d-----w- c:\users\Daniel\.Zettelkasten
2013-03-09 10:32 . 2013-03-09 10:32 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2013-03-08 19:46 . 2013-03-08 19:46 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-03-08 17:00 . 2013-03-08 17:00 -------- d-----w- c:\users\Daniel\AppData\Roaming\Thunderbird
2013-03-08 17:00 . 2013-03-08 17:00 -------- d-----w- c:\users\Daniel\AppData\Local\Thunderbird
2013-03-08 16:49 . 2013-03-21 21:56 -------- d-----w- c:\users\Daniel\AppData\Roaming\Skype
2013-03-08 16:49 . 2013-03-08 16:49 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-03-08 16:49 . 2013-03-08 16:49 -------- d-----r- c:\program files (x86)\Skype
2013-03-08 16:49 . 2013-03-08 16:49 -------- d-----w- c:\programdata\Skype
2013-03-08 10:38 . 2013-03-08 10:54 -------- d-----w- c:\users\Daniel\AppData\Roaming\WindSolutions
2013-03-08 10:38 . 2013-03-08 10:41 -------- d-----w- c:\programdata\WindSolutions
2013-03-08 02:07 . 2013-03-08 02:07 -------- d-----w- c:\program files\CCleaner
2013-03-08 01:47 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-03-08 01:46 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-03-08 01:46 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-03-08 01:46 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-03-08 01:46 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-03-08 01:46 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-03-08 01:46 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-03-08 01:46 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-03-08 01:46 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-03-08 01:46 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-03-08 00:30 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-03-08 00:30 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-03-08 00:30 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-03-08 00:30 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-03-08 00:27 . 2010-11-20 13:27 2851840 ----a-w- c:\windows\system32\themeui.dll.backup
2013-03-08 00:27 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup
2013-03-08 00:27 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup
2013-03-08 00:25 . 2013-03-08 00:25 -------- d-----w- c:\program files (x86)\7-Zip
2013-03-08 00:24 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-08 00:24 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-08 00:24 . 2013-03-08 00:42 -------- d-----w- c:\windows\system32\appmgmt
2013-03-08 00:15 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-03-08 00:15 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-03-08 00:15 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-03-08 00:15 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-03-08 00:15 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-03-08 00:15 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-03-08 00:15 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-03-08 00:15 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-03-08 00:15 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-03-08 00:15 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-03-08 00:15 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-03-08 00:08 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-03-08 00:08 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-03-08 00:03 . 2013-03-08 00:03 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-07 23:29 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 23:29 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-07 23:29 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-07 23:29 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-07 23:29 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-03-07 23:29 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-03-07 23:27 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-03-07 23:27 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-03-07 23:27 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2013-03-07 23:27 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-03-07 23:27 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-03-07 23:27 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-18 10:31 . 2012-01-31 06:11 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-08 00:27 . 2012-01-24 16:37 2851840 ----a-w- c:\windows\system32\themeui.dll
2013-03-08 00:27 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2013-03-08 00:27 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2013-03-08 00:03 . 2012-01-03 12:49 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-04 13:53 . 2009-10-14 05:12 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-18 08:22 . 2013-02-18 08:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll
2013-02-18 08:22 . 2013-02-18 08:22 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2013-02-18 08:22 . 2013-02-18 08:22 72552 ----a-w- c:\windows\system32\nvapo64v.dll
2013-02-18 08:22 . 2013-02-18 08:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2013-02-12 05:45 . 2013-03-20 08:31 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-20 08:31 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-20 08:31 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-20 08:31 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-20 08:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-20 08:31 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-17 00:28 . 2009-10-14 05:13 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-03-08 00:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"64428"="c:\progra~3\dxoidaj.exe" [2010-11-20 55296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"1781466620"= 504b0304c1c4d969fc052f6a1204000000300000bdb4b115d2af6be88d0dc594ffffd90db7914a288095f40bbdda47aadabf662c9fb3ba34f4f2df6c8cf1f53cf3a1be08728e78783fb49269354839f8861f6a053dd0a09bfa896646414abb20a4f91ec9a2502fbe27793e723d518f9d356536e640d14262950c781337718d356909c886b71513367f09eccd113321d9265616540806e871d36d0e92dc4356d3348ad64910bac1fcd25b5358502d6809e0b979b4a1d0ebdb1e165f99740c16a5c83a9d17f5668ad2cb3dabfa36916af7cd5b8c045b63acf1516c9140be766d0e7796d132de104d86266f38c85b7fc8ed7cf62461722cec1f77bfe90de1939ed304231e541181008cc16625a639fec26346c3bea270573e77f08adc907c5881e2e8e0db9a2db0ce72b0de6ba1605a2c427ceebf13673b12e14eed8b42da2a2ac59b6150c53655cd2f0c0bbb7d72edf110bfe36995941f27cdee3381c6cbfea5f4175d68e135bfac0866055239313362db5db3914fcd0f2d417c1c00224bfeb90f71c742fb29221a96338ddb41aaee98b887dc4af7b6c32ce2257a29ee876550f605778c201d92c9b129c55cae25a61c5422285712ca007c7380325536631e5eab3f68c6c48029eec65003315a36517d38d5da65d76e38ac61860f0e19be51b7ef684be92512759c1f6a183aae945ea4e2c4a8b8562a27388edbd169c8770bd6e0c4033635a311554aa846c14454895413a104296e2fb46e2dbe00d97b6b830f754471efe6772c6e87f0e9316bc620147a7cf098206bd614b9ce01b6d149b7c27f1c82520ae0248a8e687f2d11ff37ed97486b89a4f895154a6c3b37404bc285b0d658203b2751b10768a7b33641cd8a6a787149f87f59a889a65e0dd943816479452597d21c739a2be6575a91bc0b343a208572272b892842d78a5585d7805dd6f8f450c843f80b1884d29a9a3a7cbd377edcf3d3f25af4134d6c56f6e810dd15d451fd3a8d3b6b92c263bcea9f74d4e8dbb97fccb7ef2f4e02330cbae645c9584ce10d3bd6bd6e46c8cd2ccf5ecd692a6f44dab739b06411b8ad0e93e9374f61ec0305239a81a5fbc46b7fd0b9630ea0e39e54561dfe098263a86d85c2283862c62749b3d69ce2ac15628ccbc5b2b81de5bd7360216190729cbabbe717db6ce41cb7f69f48491a6963810b6c3b8917c1f8bc021ed32ec1b86c04369ec50eb4476e1c247021af0659390a809e1a1b0b50e980f0447a217b0c166461e504fb2425d9bbcfb4a667ce00d5cc2356754dd97cc21e2258a9379211026cca4c354476868e3437643d1160363e3990151322d4d0640683ddda0bcce80bcb65b19a9d1f054f5a5ee70a979a4a897c3af504913ba3ed1d5b9a94a2910850b35ff65724ccd0168cc422d72224f48d94a3c31079a9bb6f60313bd41eb79da58359274d6334dd0dc8d23e1f87159bc2902c6a3858e550c68bb89df234dcff2710541036cb3c0c67c60007449b
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R4 MBAMService;MBAMService;c:\program files (x86)\Anti-Malware\mbamservice.exe [2012-12-14 682344]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
S0 40872330;40872330;c:\windows\system32\DRIVERS\40872330.sys [2013-02-18 460888]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 46592]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - PROCEXP152
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-13 09:14 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 09:11]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 09:11]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 83.169.184.33 192.168.0.1
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gaxpaxita.info
FF - ExtSQL: 2013-02-14 16:41; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; c:\program files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-687046182-1720888418-2620476028-1001\Software\SecuROM\License information*]
"datasecu"=hex:38,7c,a4,b3,a5,bf,57,d6,cc,00,39,64,ec,f4,cc,9d,1c,a4,47,91,a9,
63,86,07,8d,36,9d,ec,18,ee,2c,73,4e,3f,d8,42,24,0c,11,6e,4e,61,da,f5,82,83,\
"rkeysecu"=hex:21,1b,fa,2b,9c,f0,f2,1d,72,a5,69,33,06,a7,6d,4a
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-22 11:50:44
ComboFix-quarantined-files.txt 2013-03-22 10:50
.
Vor Suchlauf: 11 Verzeichnis(se), 105.045.975.040 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 104.972.849.152 Bytes frei
.
- - End Of File - - 0981165310ED33DD0894F766BF7AEDB9
Nachtrag ComboFix vom Desktop aus: Log Code:
ATTFilter ComboFix 13-03-21.02 - HAL9000 22.03.2013 12:06:50.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4061.2597 [GMT 1:00]
ausgeführt von:: c:\users\Daniel\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-22 bis 2013-03-22 ))))))))))))))))))))))))))))))
.
.
2013-03-22 11:10 . 2013-03-22 11:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-22 10:47 . 2013-03-22 10:47 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E4B2C6D-75DE-48AD-9683-C6F18B19F4D5}\offreg.dll
2013-03-22 10:12 . 2013-03-22 10:12 -------- d-----w- c:\program files (x86)\Realtek
2013-03-22 10:00 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E4B2C6D-75DE-48AD-9683-C6F18B19F4D5}\mpengine.dll
2013-03-19 23:48 . 2013-03-19 23:49 -------- d-----w- c:\program files (x86)\Secure Banking
2013-03-19 21:23 . 2013-02-18 11:18 460888 ----a-w- c:\windows\system32\drivers\40872330.sys
2013-03-19 09:42 . 2013-03-19 09:42 -------- d-----w- c:\programdata\Kaspersky Lab
2013-03-19 08:54 . 2013-03-19 08:54 -------- d-----w- c:\users\Daniel\AppData\Roaming\Malwarebytes
2013-03-19 08:53 . 2013-03-19 08:53 -------- d-----w- c:\programdata\Malwarebytes
2013-03-19 08:53 . 2013-03-20 10:55 -------- d-----w- c:\program files (x86)\Anti-Malware
2013-03-19 08:53 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-19 08:49 . 2013-03-19 08:49 -------- d-----w- c:\users\Daniel\AppData\Local\Programs
2013-03-18 10:39 . 2013-03-18 10:39 -------- d-----w- c:\program files\Bitdefender
2013-03-18 10:37 . 2013-03-18 10:38 -------- d-----w- c:\program files\Common Files\Bitdefender
2013-03-18 10:31 . 2013-03-18 10:31 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-03-18 10:31 . 2013-03-18 10:31 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-18 10:31 . 2013-03-18 10:31 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-18 09:36 . 2013-03-18 10:43 -------- d-----w- c:\users\Daniel\AppData\Roaming\QuickScan
2013-03-18 09:34 . 2013-03-18 09:34 -------- d-----w- c:\program files\NVIDIA Corporation
2013-03-17 14:15 . 2013-03-17 17:19 -------- d-----w- c:\users\Daniel\AppData\Local\http___www.julien-manici
2013-03-17 10:05 . 2013-03-22 00:21 -------- d-----w- c:\users\Daniel\AppData\Local\Spotify
2013-03-17 10:04 . 2013-03-22 00:26 -------- d-----w- c:\users\Daniel\AppData\Roaming\Spotify
2013-03-12 22:21 . 2013-03-12 22:21 -------- d-----w- c:\windows\ehome
2013-03-12 22:21 . 2013-03-12 22:21 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2013-03-12 21:57 . 2013-03-12 21:57 -------- d-----w- c:\users\Daniel\AppData\Roaming\ArcSoft
2013-03-12 21:57 . 2006-09-18 07:50 22784 ----a-w- c:\windows\SysWow64\drivers\afc.sys
2013-03-12 21:49 . 2013-03-12 21:49 28672 ----a-w- c:\windows\system32\AF15BDAEX.dll
2013-03-12 21:49 . 2013-03-12 21:49 126 ----a-w- c:\windows\system32\AF15IRTBL.bin
2013-03-12 21:49 . 2013-03-12 21:49 507392 ----a-w- c:\windows\system32\drivers\AF15BDA.sys
2013-03-11 10:43 . 2013-03-11 10:43 -------- d-----w- c:\programdata\Local Settings
2013-03-10 15:33 . 2012-05-08 17:34 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-03-10 15:33 . 2013-03-10 15:33 -------- d-----w- c:\programdata\IObit
2013-03-10 15:33 . 2013-03-10 15:33 -------- d-----w- c:\users\Daniel\AppData\Roaming\IObit
2013-03-10 15:33 . 2010-11-26 17:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-03-10 15:33 . 2013-03-10 15:33 -------- d-----w- c:\program files (x86)\IObit
2013-03-09 14:07 . 2013-03-09 14:07 -------- d-----w- c:\users\Daniel\AppData\Roaming\OpenOffice.org
2013-03-09 14:05 . 2013-03-09 14:05 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2013-03-09 12:31 . 2013-03-09 12:31 -------- d-----w- c:\users\Daniel\AppData\Roaming\dvdcss
2013-03-09 11:43 . 2013-03-12 23:04 -------- d-----w- c:\users\Daniel\AppData\Roaming\vlc
2013-03-09 11:39 . 2013-03-09 11:39 -------- d-----w- c:\program files (x86)\VideoLAN
2013-03-09 11:24 . 2013-03-09 11:24 -------- d-----w- c:\users\Daniel\AppData\Roaming\DL
2013-03-09 11:23 . 2013-03-09 11:30 -------- d-----w- c:\users\Daniel\.Zettelkasten
2013-03-09 10:32 . 2013-03-09 10:32 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2013-03-08 19:46 . 2013-03-08 19:46 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-03-08 17:00 . 2013-03-08 17:00 -------- d-----w- c:\users\Daniel\AppData\Roaming\Thunderbird
2013-03-08 17:00 . 2013-03-08 17:00 -------- d-----w- c:\users\Daniel\AppData\Local\Thunderbird
2013-03-08 16:49 . 2013-03-21 21:56 -------- d-----w- c:\users\Daniel\AppData\Roaming\Skype
2013-03-08 16:49 . 2013-03-08 16:49 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-03-08 16:49 . 2013-03-08 16:49 -------- d-----r- c:\program files (x86)\Skype
2013-03-08 16:49 . 2013-03-08 16:49 -------- d-----w- c:\programdata\Skype
2013-03-08 10:38 . 2013-03-08 10:54 -------- d-----w- c:\users\Daniel\AppData\Roaming\WindSolutions
2013-03-08 10:38 . 2013-03-08 10:41 -------- d-----w- c:\programdata\WindSolutions
2013-03-08 02:07 . 2013-03-08 02:07 -------- d-----w- c:\program files\CCleaner
2013-03-08 01:47 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-03-08 01:46 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-03-08 01:46 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-03-08 01:46 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-03-08 01:46 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-03-08 01:46 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-03-08 01:46 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-03-08 01:46 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-03-08 01:46 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-03-08 01:46 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-03-08 00:30 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2013-03-08 00:30 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-03-08 00:30 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-03-08 00:30 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-03-08 00:27 . 2010-11-20 13:27 2851840 ----a-w- c:\windows\system32\themeui.dll.backup
2013-03-08 00:27 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup
2013-03-08 00:27 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup
2013-03-08 00:25 . 2013-03-08 00:25 -------- d-----w- c:\program files (x86)\7-Zip
2013-03-08 00:24 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-08 00:24 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-08 00:24 . 2013-03-08 00:42 -------- d-----w- c:\windows\system32\appmgmt
2013-03-08 00:15 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-03-08 00:15 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-03-08 00:15 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-03-08 00:15 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-03-08 00:15 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-03-08 00:15 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-03-08 00:15 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-03-08 00:15 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-03-08 00:15 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-03-08 00:15 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-03-08 00:15 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-03-08 00:08 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-03-08 00:08 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-03-08 00:03 . 2013-03-08 00:03 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-07 23:29 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 23:29 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-07 23:29 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-07 23:29 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-07 23:29 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-03-07 23:29 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-03-07 23:27 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-03-07 23:27 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-03-07 23:27 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2013-03-07 23:27 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-03-07 23:27 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-03-07 23:27 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-18 10:31 . 2012-01-31 06:11 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-08 00:27 . 2012-01-24 16:37 2851840 ----a-w- c:\windows\system32\themeui.dll
2013-03-08 00:27 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2013-03-08 00:27 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2013-03-08 00:03 . 2012-01-03 12:49 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-04 13:53 . 2009-10-14 05:12 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-18 08:22 . 2013-02-18 08:22 31080 ----a-w- c:\windows\system32\nvhdap64.dll
2013-02-18 08:22 . 2013-02-18 08:22 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2013-02-18 08:22 . 2013-02-18 08:22 72552 ----a-w- c:\windows\system32\nvapo64v.dll
2013-02-18 08:22 . 2013-02-18 08:22 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2013-02-12 05:45 . 2013-03-20 08:31 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-20 08:31 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-20 08:31 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-20 08:31 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-20 08:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-20 08:31 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-17 00:28 . 2009-10-14 05:13 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-04 04:43 . 2013-03-08 00:07 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"64428"="c:\progra~3\dxoidaj.exe" [2010-11-20 55296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"1781466620"= 504b0304c1c4d969fc052f6a1204000000300000bdb4b115d2af6be88d0dc594ffffd90db7914a288095f40bbdda47aadabf662c9fb3ba34f4f2df6c8cf1f53cf3a1be08728e78783fb49269354839f8861f6a053dd0a09bfa896646414abb20a4f91ec9a2502fbe27793e723d518f9d356536e640d14262950c781337718d356909c886b71513367f09eccd113321d9265616540806e871d36d0e92dc4356d3348ad64910bac1fcd25b5358502d6809e0b979b4a1d0ebdb1e165f99740c16a5c83a9d17f5668ad2cb3dabfa36916af7cd5b8c045b63acf1516c9140be766d0e7796d132de104d86266f38c85b7fc8ed7cf62461722cec1f77bfe90de1939ed304231e541181008cc16625a639fec26346c3bea270573e77f08adc907c5881e2e8e0db9a2db0ce72b0de6ba1605a2c427ceebf13673b12e14eed8b42da2a2ac59b6150c53655cd2f0c0bbb7d72edf110bfe36995941f27cdee3381c6cbfea5f4175d68e135bfac0866055239313362db5db3914fcd0f2d417c1c00224bfeb90f71c742fb29221a96338ddb41aaee98b887dc4af7b6c32ce2257a29ee876550f605778c201d92c9b129c55cae25a61c5422285712ca007c7380325536631e5eab3f68c6c48029eec65003315a36517d38d5da65d76e38ac61860f0e19be51b7ef684be92512759c1f6a183aae945ea4e2c4a8b8562a27388edbd169c8770bd6e0c4033635a311554aa846c14454895413a104296e2fb46e2dbe00d97b6b830f754471efe6772c6e87f0e9316bc620147a7cf098206bd614b9ce01b6d149b7c27f1c82520ae0248a8e687f2d11ff37ed97486b89a4f895154a6c3b37404bc285b0d658203b2751b10768a7b33641cd8a6a787149f87f59a889a65e0dd943816479452597d21c739a2be6575a91bc0b343a208572272b892842d78a5585d7805dd6f8f450c843f80b1884d29a9a3a7cbd377edcf3d3f25af4134d6c56f6e810dd15d451fd3a8d3b6b92c263bcea9f74d4e8dbb97fccb7ef2f4e02330cbae645c9584ce10d3bd6bd6e46c8cd2ccf5ecd692a6f44dab739b06411b8ad0e93e9374f61ec0305239a81a5fbc46b7fd0b9630ea0e39e54561dfe098263a86d85c2283862c62749b3d69ce2ac15628ccbc5b2b81de5bd7360216190729cbabbe717db6ce41cb7f69f48491a6963810b6c3b8917c1f8bc021ed32ec1b86c04369ec50eb4476e1c247021af0659390a809e1a1b0b50e980f0447a217b0c166461e504fb2425d9bbcfb4a667ce00d5cc2356754dd97cc21e2258a9379211026cca4c354476868e3437643d1160363e3990151322d4d0640683ddda0bcce80bcb65b19a9d1f054f5a5ee70a979a4a897c3af504913ba3ed1d5b9a94a2910850b35ff65724ccd0168cc422d72224f48d94a3c31079a9bb6f60313bd41eb79da58359274d6334dd0dc8d23e1f87159bc2902c6a3858e550c68bb89df234dcff2710541036cb3c0c67c60007449b
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R4 MBAMService;MBAMService;c:\program files (x86)\Anti-Malware\mbamservice.exe [2012-12-14 682344]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
S0 40872330;40872330;c:\windows\system32\DRIVERS\40872330.sys [2013-02-18 460888]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 46592]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - PROCEXP152
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-13 09:14 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 09:11]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 09:11]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 83.169.184.33 192.168.0.1
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gaxpaxita.info
FF - ExtSQL: 2013-02-14 16:41; {5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}; c:\program files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-687046182-1720888418-2620476028-1001\Software\SecuROM\License information*]
"datasecu"=hex:38,7c,a4,b3,a5,bf,57,d6,cc,00,39,64,ec,f4,cc,9d,1c,a4,47,91,a9,
63,86,07,8d,36,9d,ec,18,ee,2c,73,4e,3f,d8,42,24,0c,11,6e,4e,61,da,f5,82,83,\
"rkeysecu"=hex:21,1b,fa,2b,9c,f0,f2,1d,72,a5,69,33,06,a7,6d,4a
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-22 12:12:30
ComboFix-quarantined-files.txt 2013-03-22 11:12
ComboFix2.txt 2013-03-22 10:50
.
Vor Suchlauf: 17 Verzeichnis(se), 105.023.717.376 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 104.962.560.000 Bytes frei
.
- - End Of File - - 814BF0CA6F7FA859B5E26497A491B0E9
HAL6996 ( ° ) Geändert von HAL6996 (22.03.2013 um 12:14 Uhr) Grund: Habe nicht aufgepasst! |
|
22.03.2013, 13:37
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2013, 14:15
| #15 |
| | Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei JRT Log Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Ultimate x64
Ran by HAL9000 on 22.03.2013 at 13:40:03,71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\wajam
Successfully deleted: [Registry Key] hkey_local_machine\software\wajam
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\priam_bho.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajam_install_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajam_install_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajamupdater_rasmancs
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [Folder] C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\jjoa6wuc.default\extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.03.2013 at 13:48:21,31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Log 1 Code:
ATTFilter # AdwCleaner v2.115 - Datei am 22/03/2013 um 13:52:15 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : HAL9000 - HAL9000
# Bootmodus : Normal
# Ausgeführt unter : D:\Computer\Sicherheit\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v9.0.1 (de)
Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v25.0.1364.172
Datei : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R2].txt - [2352 octets] - [22/03/2013 13:50:27]
AdwCleaner[R3].txt - [2412 octets] - [22/03/2013 13:52:05]
AdwCleaner[S1].txt - [2347 octets] - [22/03/2013 13:52:15]
########## EOF - C:\AdwCleaner[S1].txt - [2407 octets] ##########
AdwCleaner Log 2 Code:
ATTFilter # AdwCleaner v2.115 - Datei am 22/03/2013 um 13:50:27 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : HAL9000 - HAL9000
# Bootmodus : Normal
# Ausgeführt unter : D:\Computer\Sicherheit\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\END
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v9.0.1 (de)
Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\jjoa6wuc.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v25.0.1364.172
Datei : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
Datei : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R2].txt - [2225 octets] - [22/03/2013 13:50:27]
########## EOF - C:\AdwCleaner[R2].txt - [2285 octets] ##########
Code:
ATTFilter OTL logfile created on: 22.03.2013 13:57:35 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Download 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 68,04% Memory free 7,93 Gb Paging File | 6,55 Gb Available in Paging File | 82,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 144,04 Gb Total Space | 97,68 Gb Free Space | 67,81% Space Free | Partition Type: NTFS Drive D: | 140,50 Gb Total Space | 112,68 Gb Free Space | 80,20% Space Free | Partition Type: NTFS Computer Name: HAL9000 | User Name: HAL9000 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Download\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libglesv2.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libegl.dll () MOD - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll () ========== Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (AF15BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (ITETech ) DRV:64bit: - (40872330) -- C:\Windows\SysNative\drivers\40872330.sys (Kaspersky Lab ZAO) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys () DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics) DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV:64bit: - (winbondcir) -- C:\Windows\SysNative\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 31 9F C2 0E 0B CD 01 [binary data] IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.gaxpaxita.info" FF - prefs.js..browser.search.suggest.enabled: false FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 00:16:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.18 11:31:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.03.08 20:46:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.01.03 12:55:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions [2013.03.22 13:47:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\jjoa6wuc.default\extensions [2012.01.31 09:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.01.31 09:01:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2011.12.21 08:50:58 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll O1 HOSTS File: ([2013.03.22 11:48:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 1781466620 = 50 4B 03 04 C1 C4 D9 69 FC 05 2F 6A 12 04 00 00 00 30 00 00 BD B4 B1 15 D2 AF 6B E8 8D 0D C5 94 FF FF D9 0D B7 91 4A 28 80 95 F4 0B BD DA 47 AA DA BF 66 2C 9F B3 BA 34 F4 F2 DF 6C 8C F1 F5 3C F3 A1 BE 08 72 8E 78 78 3F B4 92 69 35 48 39 F8 86 1F 6A 05 3D D0 A0 9B FA 89 66 46 41 4A BB 20 A4 F9 1E C9 A2 50 2F BE 27 79 3E 72 3D 51 8F 9D 35 65 36 E6 40 D1 42 62 95 0C 78 13 37 71 8D 35 69 09 C8 86 B7 15 13 36 7F 09 EC CD 11 33 21 D9 26 56 16 54 08 06 E8 71 D3 6D 0E 92 DC 43 56 D3 34 8A D6 49 10 BA C1 FC D2 5B 53 58 50 2D 68 09 E0 B9 79 B4 A1 D0 EB DB 1E 16 5F 99 74 0C 16 A5 C8 3A 9D 17 F5 66 8A D2 CB 3D AB FA 36 91 6A F7 CD 5B 8C 04 5B 63 AC F1 51 6C 91 40 BE 76 6D 0E 77 96 D1 32 DE 10 4D 86 26 6F 38 C8 5B 7F C8 ED 7C F6 24 61 72 2C EC 1F 77 BF E9 0D E1 93 9E D3 04 23 1E 54 11 81 00 8C C1 66 25 A6 39 FE C2 63 46 C3 BE A2 70 57 3E 77 F0 8A DC 90 7C 58 81 E2 E8 E0 DB 9A 2D B0 CE 72 B0 DE 6B A1 60 5A 2C 42 7C EE BF 13 67 3B 12 E1 4E ED 8B 42 DA 2A 2A C5 9B 61 50 C5 36 55 CD 2F 0C 0B BB 7D 72 ED F1 10 BF E3 69 95 94 1F 27 CD EE 33 81 C6 CB FE A5 F4 17 5D 68 E1 35 BF AC 08 66 05 52 39 31 33 62 DB 5D B3 91 4F CD 0F 2D 41 7C 1C 00 22 4B FE B9 0F 71 C7 42 FB 29 22 1A 96 33 8D DB 41 AA EE 98 B8 87 DC 4A F7 B6 C3 2C E2 25 7A 29 EE 87 65 50 F6 05 77 8C 20 1D 92 C9 B1 29 C5 5C AE 25 A6 1C 54 22 28 57 12 CA 00 7C 73 80 32 55 36 63 1E 5E AB 3F 68 C6 C4 80 29 EE C6 50 03 31 5A 36 51 7D 38 D5 DA 65 D7 6E 38 AC 61 86 0F 0E 19 BE 51 B7 EF 68 4B E9 25 12 75 9C 1F 6A 18 3A AE 94 5E A4 E2 C4 A8 B8 56 2A 27 38 8E DB D1 69 C8 77 0B D6 E0 C4 03 36 35 A3 11 55 4A A8 46 C1 44 54 89 54 13 A1 04 29 6E 2F B4 6E 2D BE 00 D9 7B 6B 83 0F 75 44 71 EF E6 77 2C 6E 87 F0 E9 31 6B C6 20 14 7A 7C F0 98 20 6B D6 14 B9 CE 01 B6 D1 49 B7 C2 7F 1C 82 52 0A E0 24 8A 8E 68 7F 2D 11 FF 37 ED 97 48 6B 89 A4 F8 95 15 4A 6C 3B 37 40 4B C2 85 B0 D6 58 20 3B 27 51 B1 07 68 A7 B3 36 41 CD 8A 6A 78 71 49 F8 7F 59 A8 89 A6 5E 0D D9 43 81 64 79 45 25 97 D2 1C 73 9A 2B E6 57 5A 91 BC 0B 34 3A 20 85 72 27 2B 89 28 42 D7 8A 55 85 D7 80 5D D6 F8 F4 50 C8 43 F8 0B 18 84 D2 9A 9A 3A 7C BD 37 7E DC F3 D3 F2 5A F4 13 4D 6C 56 F6 E8 10 DD 15 D4 51 FD 3A 8D 3B 6B 92 C2 63 BC EA 9F 74 D4 E8 DB B9 7F CC B7 EF 2F 4E 02 33 0C BA E6 45 C9 58 4C E1 0D 3B D6 BD 6E 46 C8 CD 2C CF 5E CD 69 2A 6F 44 DA B7 39 B0 64 11 B8 AD 0E 93 E9 37 4F 61 EC 03 05 23 9A 81 A5 FB C4 6B 7F D0 B9 63 0E A0 E3 9E 54 56 1D FE 09 82 63 A8 6D 85 C2 28 38 62 C6 27 49 B3 D6 9C E2 AC 15 62 8C CB C5 B2 B8 1D E5 BD 73 60 21 61 90 72 9C BA BB E7 17 DB 6C E4 1C B7 F6 9F 48 49 1A 69 63 81 0B 6C 3B 89 17 C1 F8 BC 02 1E D3 2E C1 B8 6C 04 36 9E C5 0E B4 47 6E 1C 24 70 21 AF 06 59 39 0A 80 9E 1A 1B 0B 50 E9 80 F0 44 7A 21 7B 0C 16 64 61 E5 04 FB 24 25 D9 BB CF B4 A6 67 CE 00 D5 CC 23 56 75 4D D9 7C C2 1E 22 58 A9 37 92 11 02 6C CA 4C 35 44 76 86 8E 34 37 64 3D 11 60 36 3E 39 90 15 13 22 D4 D0 64 06 83 DD DA 0B CC E8 0B CB 65 B1 9A 9D 1F 05 4F 5A 5E E7 0A 97 9A 4A 89 7C 3A F5 04 91 3B A3 ED 1D 5B 9A 94 A2 91 08 50 B3 5F F6 57 24 CC D0 16 8C C4 22 D7 22 24 F4 8D 94 A3 C3 10 79 A9 BB 6F 60 31 3B D4 1E B7 9D A5 83 59 27 4D 63 34 DD 0D C8 D2 3E 1F 87 15 9B C2 90 2C 6A 38 58 E5 50 C6 8B B8 9D F2 34 DC FF 27 10 54 10 36 CB 3C 0C 67 C6 00 07 44 9B [Binary data over 200 bytes] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 64428 = c:\progra~3\dxoidaj.exe (Unjibafe. Lymen) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-687046182-1720888418-2620476028-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.17.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://comport-emea.daimler.com/,DSID=dadca7ce55cbc7782b10ab029b390293,DanaInfo=.astvuhr99HnJn043x3-9tT80E,SSL,ST=1+/dwa7W.cab (Domino Web Access 7 Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.184.33 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{780A8806-5207-42AA-ABAC-6B224290FCFA}: DhcpNameServer = 83.169.184.33 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DACB780E-E525-4441-A3DD-EA7C8FE376B6}: DhcpNameServer = 83.169.184.33 192.168.0.1 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.22 13:40:01 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.22 13:39:35 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.22 12:12:31 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.22 12:05:56 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.03.22 11:42:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.22 11:42:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.22 11:42:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.22 11:42:40 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.22 11:42:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.22 11:41:15 | 005,042,224 | R--- | C] (Swearware) -- C:\Users\Daniel\Desktop\ComboFix.exe [2013.03.22 11:15:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.03.22 11:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.03.22 11:15:26 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.03.22 11:15:26 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll [2013.03.22 11:15:26 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll [2013.03.22 11:15:26 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll [2013.03.22 11:15:26 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll [2013.03.22 11:15:25 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.03.22 11:15:25 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.03.22 11:15:25 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.03.22 11:15:25 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.03.22 11:15:24 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2013.03.22 11:15:24 | 000,220,776 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll [2013.03.22 11:15:24 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2013.03.22 11:15:24 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2013.03.22 11:15:24 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2013.03.22 11:15:23 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2013.03.22 11:15:23 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2013.03.22 11:15:22 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2013.03.22 11:15:22 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2013.03.22 11:15:22 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2013.03.22 11:15:22 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.03.22 11:15:22 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2013.03.22 11:15:22 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.03.22 11:15:22 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.03.22 11:15:22 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.03.22 11:15:22 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2013.03.22 11:15:22 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.03.22 11:15:22 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.03.22 11:15:22 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll [2013.03.22 11:15:21 | 005,096,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat [2013.03.22 11:15:21 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll [2013.03.22 11:15:20 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2013.03.22 11:15:20 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2013.03.22 11:15:20 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll [2013.03.22 11:15:20 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2013.03.22 11:15:20 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2013.03.22 11:15:20 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2013.03.22 11:15:20 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2013.03.22 11:15:20 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2013.03.22 11:15:19 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.03.22 11:15:19 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.03.22 11:15:19 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll [2013.03.22 11:15:19 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2013.03.22 11:15:19 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.03.22 11:15:15 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.03.22 11:15:15 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2013.03.22 11:15:15 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll [2013.03.22 11:15:15 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll [2013.03.22 11:15:14 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2013.03.22 11:15:14 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2013.03.22 11:15:14 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2013.03.22 11:15:14 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll [2013.03.22 11:15:14 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2013.03.22 11:15:14 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2013.03.22 11:15:14 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2013.03.22 11:15:14 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2013.03.22 11:15:14 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2013.03.22 11:15:14 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2013.03.22 11:15:13 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2013.03.22 11:15:13 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2013.03.22 11:15:13 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2013.03.22 11:15:13 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2013.03.22 11:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.03.21 10:32:58 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Daniel\Desktop\aswMBR.exe [2013.03.20 23:40:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\MBA [2013.03.20 10:01:50 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [2013.03.20 09:27:54 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.20 09:27:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.20 09:27:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.20 09:27:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.20 09:27:52 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.20 09:27:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.20 09:27:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.20 09:27:52 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.20 09:27:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.20 09:27:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.20 09:27:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.20 09:27:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.20 09:27:48 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.20 09:27:48 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.20 09:27:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.20 00:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Banking [2013.03.20 00:48:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Banking [2013.03.19 22:23:54 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\40872330.sys [2013.03.19 10:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.03.19 09:54:03 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes [2013.03.19 09:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.19 09:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-Malware [2013.03.19 09:53:49 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.19 09:53:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anti-Malware [2013.03.19 09:49:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Programs [2013.03.18 11:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender [2013.03.18 11:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender [2013.03.18 11:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.03.18 11:31:40 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.18 11:31:40 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.18 11:31:31 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.18 10:36:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\QuickScan [2013.03.18 10:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.03.17 15:15:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\http___www.julien-manici [2013.03.17 11:05:05 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Spotify [2013.03.17 11:04:45 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Spotify [2013.03.12 23:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player [2013.03.12 23:21:21 | 000,000,000 | ---D | C] -- C:\Windows\ehome [2013.03.12 22:57:31 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\ArcSoft [2013.03.12 22:57:30 | 000,022,784 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\SysWow64\drivers\afc.sys [2013.03.12 22:49:07 | 000,028,672 | ---- | C] (afa) -- C:\Windows\SysNative\AF15BDAEX.dll [2013.03.12 22:49:03 | 000,507,392 | ---- | C] (ITETech ) -- C:\Windows\SysNative\drivers\AF15BDA.sys [2013.03.11 11:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings [2013.03.10 23:53:25 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Local Settings [2013.03.10 16:33:46 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe [2013.03.10 16:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit [2013.03.10 16:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2 [2013.03.10 16:33:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\IObit [2013.03.10 16:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit [2013.03.10 16:14:45 | 000,000,000 | R--D | C] -- C:\Users\Daniel\Documents\Scanned Documents [2013.03.10 16:14:45 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Fax [2013.03.09 15:07:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org [2013.03.09 15:06:25 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.03.09 15:05:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2013.03.09 13:31:55 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\dvdcss [2013.03.09 12:43:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\vlc [2013.03.09 12:39:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013.03.09 12:24:23 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\DL [2013.03.09 12:23:58 | 000,000,000 | ---D | C] -- C:\Users\Daniel\.Zettelkasten [2013.03.08 20:46:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.03.08 18:00:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Thunderbird [2013.03.08 18:00:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Thunderbird [2013.03.08 17:49:30 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Skype [2013.03.08 17:49:25 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.03.08 17:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.03.08 17:49:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.03.08 17:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.03.08 11:38:52 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\WindSolutions [2013.03.08 11:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions [2013.03.08 03:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.03.08 02:49:32 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys [2013.03.08 02:49:32 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2013.03.08 02:49:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll [2013.03.08 02:49:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe [2013.03.08 02:49:31 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys [2013.03.08 02:49:30 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe [2013.03.08 02:49:30 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe [2013.03.08 02:49:30 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.03.08 02:49:30 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.03.08 02:49:30 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2013.03.08 02:49:30 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll [2013.03.08 02:49:30 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll [2013.03.08 02:49:30 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe [2013.03.08 02:49:30 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll [2013.03.08 02:49:30 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll [2013.03.08 02:49:30 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.03.08 02:49:30 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll [2013.03.08 02:49:30 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.03.08 02:49:30 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll [2013.03.08 02:49:30 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll [2013.03.08 02:49:29 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.03.08 02:49:29 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2013.03.08 02:49:29 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe [2013.03.08 02:49:28 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.03.08 02:47:22 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.03.08 02:47:22 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.03.08 02:47:22 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.03.08 02:47:22 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.03.08 02:47:11 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.03.08 02:47:11 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.03.08 02:47:09 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.03.08 02:47:09 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.08 02:47:09 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.03.08 02:47:09 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.08 02:47:09 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.03.08 02:47:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.08 02:47:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.03.08 02:47:09 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.08 02:47:09 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.08 02:47:08 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.03.08 02:47:08 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.03.08 02:47:08 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.03.08 02:47:08 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.03.08 02:47:08 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.03.08 02:47:08 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.03.08 02:47:08 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.08 02:47:08 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.03.08 02:47:08 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.08 02:47:08 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.03.08 02:47:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.08 02:47:08 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.03.08 02:47:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.08 02:47:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.03.08 02:47:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.08 02:47:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.03.08 02:47:07 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.03.08 02:47:07 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.03.08 02:47:07 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.03.08 02:47:07 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.03.08 02:47:07 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.03.08 02:47:07 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.03.08 02:47:07 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.03.08 02:47:07 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.03.08 02:47:06 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.03.08 02:47:06 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.03.08 02:46:37 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.03.08 02:46:37 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2013.03.08 02:46:37 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013.03.08 01:31:39 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.03.08 01:30:09 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2013.03.08 01:30:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2013.03.08 01:28:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skin Pack [2013.03.08 01:28:33 | 006,676,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mspaint.exe [2013.03.08 01:28:33 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2013.03.08 01:28:32 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\calc.exe [2013.03.08 01:28:31 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll [2013.03.08 01:28:27 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.03.08 01:28:27 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagesp1.dll [2013.03.08 01:28:12 | 020,268,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imageres.dll [2013.03.08 01:28:11 | 001,866,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll [2013.03.08 01:28:11 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVolSSO.dll [2013.03.08 01:28:09 | 001,808,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnidui.dll [2013.03.08 01:28:09 | 000,749,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\batmeter.dll [2013.03.08 01:28:06 | 000,780,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ActionCenter.dll [2013.03.08 01:28:01 | 002,755,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll.backup [2013.03.08 01:27:50 | 002,851,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll.backup [2013.03.08 01:27:48 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll.backup [2013.03.08 01:25:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.03.08 01:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013.03.08 01:24:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.03.08 01:15:56 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013.03.08 01:15:56 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013.03.08 01:15:56 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013.03.08 01:15:56 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013.03.08 01:15:12 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2013.03.08 01:15:11 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2013.03.08 01:15:11 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2013.03.08 01:15:11 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2013.03.08 01:09:29 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2013.03.08 01:09:17 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2013.03.08 01:09:17 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013.03.08 01:09:17 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2013.03.08 01:09:17 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2013.03.08 01:09:17 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2013.03.08 01:09:17 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2013.03.08 01:08:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.03.08 01:07:51 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013.03.08 01:07:42 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.03.08 01:07:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.03.08 01:07:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.03.08 01:07:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.03.08 01:07:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.03.08 01:07:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.03.08 01:07:37 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.03.08 01:07:13 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2013.03.08 01:07:13 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.03.08 01:03:11 | 000,691,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.08 00:29:11 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.03.08 00:29:09 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.03.08 00:29:09 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.03.08 00:29:06 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.03.08 00:29:05 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.03.08 00:28:58 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2013.03.08 00:28:58 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2013.03.08 00:28:58 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2013.03.08 00:28:44 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2013.03.08 00:28:44 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2013.03.08 00:28:44 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2013.03.08 00:28:41 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.03.08 00:28:41 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.03.08 00:28:41 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.03.08 00:28:41 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.03.08 00:28:41 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.03.08 00:28:41 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.03.08 00:28:41 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.03.08 00:28:40 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.03.08 00:28:40 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.03.08 00:28:40 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.03.08 00:28:40 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.03.08 00:28:40 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.03.08 00:28:40 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.03.08 00:28:40 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.03.08 00:28:40 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.03.08 00:28:40 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.03.08 00:28:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.03.08 00:28:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.03.08 00:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.03.08 00:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.03.08 00:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.03.08 00:28:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.03.08 00:28:40 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.03.08 00:28:40 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.03.08 00:28:39 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.03.08 00:28:39 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.03.08 00:28:39 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.03.08 00:28:39 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.03.08 00:28:39 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.03.08 00:28:39 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.03.08 00:28:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.03.08 00:28:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.03.08 00:28:22 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.03.08 00:28:22 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.03.08 00:28:21 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.03.08 00:28:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.03.08 00:28:20 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.03.08 00:28:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.03.08 00:28:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.03.08 00:28:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.03.08 00:28:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.03.08 00:28:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.03.08 00:28:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.03.08 00:28:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.03.08 00:28:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.03.08 00:28:10 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2013.03.08 00:28:10 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2013.03.08 00:28:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2013.03.08 00:28:06 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2013.03.08 00:28:06 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2013.03.08 00:28:05 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2013.03.08 00:28:05 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.03.08 00:28:04 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2013.03.08 00:28:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2013.03.08 00:27:59 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.03.08 00:27:58 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.01.24 17:36:25 | 000,055,296 | -HS- | C] (Unjibafe. Lymen) -- C:\ProgramData\dxoidaj.exe ========== Files - Modified Within 30 Days ========== [2013.03.22 13:58:59 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.22 13:58:59 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.22 13:53:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.22 13:53:27 | 3193,593,856 | -HS- | M] () -- C:\hiberfil.sys [2013.03.22 13:14:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.22 11:48:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.22 11:41:47 | 005,042,224 | R--- | M] (Swearware) -- C:\Users\Daniel\Desktop\ComboFix.exe [2013.03.21 10:52:06 | 000,000,512 | ---- | M] () -- C:\Users\Daniel\Desktop\MBR.dat [2013.03.21 10:34:23 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Daniel\Desktop\aswMBR.exe [2013.03.21 10:20:56 | 000,294,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.18 11:31:24 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.18 11:31:24 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.18 11:31:24 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.18 11:31:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.18 11:31:24 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.18 11:31:24 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.17 15:02:21 | 000,000,017 | ---- | M] () -- C:\Users\Daniel\AppData\Local\resmon.resmoncfg [2013.03.12 22:49:03 | 000,507,392 | ---- | M] (ITETech ) -- C:\Windows\SysNative\drivers\AF15BDA.sys [2013.03.12 22:49:03 | 000,028,672 | ---- | M] (afa) -- C:\Windows\SysNative\AF15BDAEX.dll [2013.03.12 22:49:03 | 000,000,126 | ---- | M] () -- C:\Windows\SysNative\AF15IRTBL.bin [2013.03.11 00:14:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.08 04:32:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.03.08 02:17:28 | 000,609,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.08 02:17:28 | 000,113,108 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.08 01:32:15 | 001,456,332 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.08 01:32:15 | 000,595,198 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.08 01:32:15 | 000,099,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.08 01:27:50 | 002,851,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll [2013.03.08 01:27:48 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2013.03.08 01:03:11 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.08 01:03:11 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013.03.22 11:42:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.22 11:42:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.22 11:42:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.22 11:42:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.22 11:42:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.22 11:15:22 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.03.21 10:52:06 | 000,000,512 | ---- | C] () -- C:\Users\Daniel\Desktop\MBR.dat [2013.03.21 10:20:45 | 000,294,168 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.17 15:02:21 | 000,000,017 | ---- | C] () -- C:\Users\Daniel\AppData\Local\resmon.resmoncfg [2013.03.17 11:05:04 | 000,001,803 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2013.03.12 23:22:11 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.03.12 23:22:06 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2013.03.12 22:49:07 | 000,000,126 | ---- | C] () -- C:\Windows\SysNative\AF15IRTBL.bin [2013.03.12 12:46:48 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2013.03.10 16:33:20 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys [2013.03.08 04:32:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.03.08 01:30:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.03.08 01:15:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.04.08 18:27:11 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.01.03 10:28:18 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2012.01.03 10:28:18 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2012.01.03 10:28:18 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2012.01.03 10:28:18 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Ich habe bei OTL noch nicht gefixt. War das richtig? Vielen Dank! HAL6996 ( ° ) |
|
| Themen zu Was kann ich löschen? > Malwarebytes Anti-Malware Logdatei |
| administrator, anti-malware, appdata, autostart, c:\windows, csrss.exe, explorer, löschen?, malwarebytes, microsoft, pum.userwload, regedit.exe, rundll32.exe, svchost.exe, trojan.agent, trojan.agent.cv, trojan.agent.ge, trojan.agent.gen, trojan.downloader, trojan.ransom, trojan.ransom.gen, win32/bundpil.a, win32/kryptik.axac, win32/trojandownloader.wauchos.a |
Linear-Darstellung
