| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.03.2013, 18:03
| #1 |
 |  Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) Hi! Habe schon seit längerem das Problem, dass auf meinem Laptop im Ordner C:\Users\NAME\AppData immer wieder ein Virus von Avira AntiVir gemeldet wird. Die letzten beiden Meldungen waren z.B.: In der Datei C:\User\NAME\AppData\LocalLow\...\95f8fc4-2af0db09 wurde ein Virus oder unerwünschtes Programm 'EXP/CVE-2012-0507.DD' gefunden. und: In der Datei C:\User\NAME\AppData\Local\bardydeab.exe wurde ein Virus oder unerwünschtes Programm ‘TR/Winwebsec.AJ.14’ gefunden. Ich kann die Dateien zwar löschen, aber nach einiger Zeit kommt dann eine neue Meldung von AntiVir mit einem neuen Virus. Habe schonmal rumgestöbert und gelesen, dass der Virus öfter vorkommt. Habe aber nichts gefunden, wie ich ihn jetzt einfach so löschen könnte ohne genaue Anleitung. Habe auch gelesen, dass der Virus harmlos sein soll, aber mit der Zeit nervt es einfach und weil jetzt auch noch meine Firewall irgendwie gelöscht wurde, wollte ich das jetzt doch mal beheben. Habe jetzt defogger ausgeführt und mir von OTL die folgende OTL.txt Datei erstellen lassen: OTL logfile created on: 24.03.2013 16:14:04 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\aläx\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,85 Gb Available Physical Memory | 71,30% Memory free 7,99 Gb Paging File | 6,63 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,56 Gb Total Space | 220,98 Gb Free Space | 77,66% Space Free | Partition Type: NTFS Drive D: | 13,23 Gb Total Space | 2,21 Gb Free Space | 16,67% Space Free | Partition Type: NTFS Drive E: | 435,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 931,51 Gb Total Space | 562,59 Gb Free Space | 60,40% Space Free | Partition Type: NTFS Computer Name: ALÄX-PC | User Name: aläx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- C:\Programme\WTGService.exe PRC - [2013.03.24 15:30:28 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe PRC - [2013.03.24 15:23:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aläx\Desktop\OTL.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- F:\Spiele\hamachi\hamachi-2-ui.exe PRC - [2011.07.04 15:17:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.28 18:30:19 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.09.02 22:25:33 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.08.02 16:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.07.08 18:05:12 | 000,160,992 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe PRC - [2010.07.08 18:05:08 | 000,145,120 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2008.03.13 03:59:05 | 000,684,032 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe ========== Modules (No Company Name) ========== MOD - [2008.03.13 03:59:05 | 000,684,032 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe ========== Services (SafeList) ========== SRV:64bit: - [2009.07.22 02:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV) SRV:64bit: - [2009.07.08 13:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2009.07.02 19:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.03.02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters) SRV - File not found [Auto | Running] -- C:\Programme\WTGService.exe -- (WTGService) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- F:\Spiele\hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.07.04 15:17:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.28 18:30:19 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.09.02 22:25:33 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.07.08 18:05:08 | 000,145,120 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.07.22 02:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009.03.02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters) SRV - [2009.02.22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 11:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple) DRV:64bit: - [2012.01.11 07:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam) DRV:64bit: - [2011.10.19 16:04:54 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2011.07.04 15:17:15 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.04 15:17:15 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.04.27 03:25:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm) DRV:64bit: - [2010.04.27 03:25:14 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus) DRV:64bit: - [2010.04.27 03:25:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl) DRV:64bit: - [2009.10.16 01:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2009.09.22 02:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.22 02:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009.07.21 04:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009.07.15 00:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.08 13:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2009.07.08 13:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2009.07.02 19:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 11:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.05.23 07:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.05 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.04.29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.03.09 06:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.02.03 16:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) DRV:64bit: - [2007.02.08 18:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) DRV:64bit: - [2006.06.14 15:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) DRV - [2010.06.14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2C7072CC-3B6A-4D18-856D-F60EF665414F} IE:64bit: - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE:64bit: - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE:64bit: - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKLM\..\SearchScopes,DefaultScope = {2C7072CC-3B6A-4D18-856D-F60EF665414F} IE - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109980&babsrc=SP_ss&mntrId=1c81958b000000000000904ce520160f IE - HKCU\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\..\SearchScopes\{47522523-F1B8-4B63-9EC9-15807E0E8449}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{5585AEC1-CE42-4BAE-A3BC-9DF54F6B9FD3}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{8973871B-05D6-44D3-BA13-14C8C276662C}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms} IE - HKCU\..\SearchScopes\{B1A44835-B2AC-49D9-8D8F-7629C6832589}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.kicker.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.14 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: gencrawler@some.com:2.0 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=109980&babsrc=adbartrp&mntrId=1c81958b000000000000904ce520160f&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.19 02:59:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.19 02:59:29 | 000,000,000 | ---D | M] [2010.02.05 21:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aläx\AppData\Roaming\mozilla\Extensions [2010.08.11 16:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\a4aqqrd9.default\extensions [2010.08.11 16:39:59 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\a4aqqrd9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.08.05 22:09:43 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\a4aqqrd9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013.03.19 03:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\p766a8oh.default\extensions [2013.03.19 03:08:28 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\p766a8oh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.06.17 13:02:13 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\p766a8oh.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2010.08.11 16:35:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\p766a8oh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013.03.19 03:08:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\p766a8oh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.03.19 03:04:16 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\aläx\AppData\Roaming\mozilla\firefox\profiles\p766a8oh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.06.17 13:02:15 | 000,001,218 | ---- | M] () -- C:\Users\aläx\AppData\Roaming\mozilla\firefox\profiles\p766a8oh.default\searchplugins\kikin-search.xml [2013.03.19 03:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.02.29 14:31:51 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com [2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.29 14:31:38 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [Windows Time] rundll32.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82E069DA-CFB1-49BC-AD6F-AE91BAE0ED11}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2000.01.23 19:39:44 | 000,000,050 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{2ef9167b-f7dd-11e0-b908-00269ea1636e}\Shell - "" = AutoRun O33 - MountPoints2\{2ef9167b-f7dd-11e0-b908-00269ea1636e}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{9bb123b5-197d-11df-a543-00269ea1636e}\Shell - "" = AutoRun O33 - MountPoints2\{9bb123b5-197d-11df-a543-00269ea1636e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{d08f58dd-d889-11de-852c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d08f58dd-d889-11de-852c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\S3\AUTORUN.EXE -- [2000.02.02 23:51:54 | 000,062,976 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.24 15:23:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\aläx\Desktop\OTL.exe [2013.03.19 20:32:36 | 000,000,000 | ---D | C] -- C:\Users\aläx\AppData\Local\Macromedia [2013.03.19 02:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.15 19:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.04 05:49:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.02.22 23:19:45 | 000,000,000 | ---D | C] -- C:\Users\aläx\AppData\Roaming\{13215AB9-2B2E-4F6E-ADF1-1D7048C31288} [2013.02.22 23:18:54 | 000,000,000 | ---D | C] -- C:\Users\aläx\AppData\Roaming\{8B7C62AE-92BD-48AE-AA5B-FA375BC97E3E} [2011.10.19 16:04:55 | 001,015,859 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc42.dll [2011.10.19 16:04:55 | 000,478,888 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\XSManager_SMSMMS.exe [2011.10.19 16:04:55 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp60.dll [2011.10.19 16:04:55 | 000,396,968 | ---- | C] (TODO: <Company name>) -- C:\Program Files\WTGToasterWin.dll [2011.10.19 16:04:55 | 000,331,432 | ---- | C] (XSManager GmbH) -- C:\Program Files\4GSystems_SMSMMSIta.dll [2011.10.19 16:04:55 | 000,331,432 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_SMSMMSSpa.dll [2011.10.19 16:04:55 | 000,331,432 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_SMSMMSFre.dll [2011.10.19 16:04:55 | 000,331,432 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_SMSMMSEng.dll [2011.10.19 16:04:55 | 000,286,773 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcrt.dll [2011.10.19 16:04:55 | 000,057,344 | ---- | C] (WinAbility® Software Corporation) -- C:\Program Files\VistaLib32.dll [2011.10.19 16:04:54 | 001,470,120 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\XSManager.exe [2011.10.19 16:04:54 | 000,839,336 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_OneClickAssistantSpa.dll [2011.10.19 16:04:54 | 000,839,336 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_OneClickAssistantFre.dll [2011.10.19 16:04:54 | 000,839,336 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_OneClickAssistantEng.dll [2011.10.19 16:04:54 | 000,835,240 | ---- | C] (XSManager) -- C:\Program Files\4GSystems_OneClickAssistantIta.dll [2011.07.31 21:24:01 | 000,334,640 | ---- | C] (PokerStars) -- C:\Program Files (x86)\Tracer.exe [2011.07.31 21:23:53 | 008,963,608 | ---- | C] (PokerStars) -- C:\Program Files (x86)\PokerStars.exe [2011.07.31 21:23:53 | 000,816,472 | ---- | C] (PokerStars.com) -- C:\Program Files (x86)\PokerStarsCommunicate.exe [2011.07.31 21:23:53 | 000,656,728 | ---- | C] ( PokerStars) -- C:\Program Files (x86)\PokerStarsOnlineUpdate.exe [2011.07.31 21:23:53 | 000,581,208 | ---- | C] (PokerStars) -- C:\Program Files (x86)\PokerStarsUpdate.exe [2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\aläx\AppData\Local\CDRip.dll [2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\aläx\AppData\Local\No23 Recorder.exe [2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\aläx\AppData\Local\basscd.dll [2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\aläx\AppData\Local\bass.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.24 16:12:11 | 000,004,454 | ---- | M] () -- C:\Users\aläx\Desktop\viruszeugs.rtf [2013.03.24 15:38:06 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.24 15:38:06 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.24 15:29:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.24 15:29:51 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys [2013.03.24 15:23:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aläx\Desktop\OTL.exe [2013.03.24 15:23:32 | 000,000,000 | ---- | M] () -- C:\Users\aläx\defogger_reenable [2013.03.24 15:22:59 | 000,050,477 | ---- | M] () -- C:\Users\aläx\Desktop\Defogger.exe [2013.03.21 22:35:46 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForaläx.job [2013.03.19 02:59:33 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.15 19:49:01 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.03.14 15:44:47 | 000,001,498 | ---- | M] () -- C:\Users\aläx\Desktop\DVD Shrink 3.2.lnk [2013.03.04 05:49:33 | 453,885,265 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.01 00:36:29 | 000,000,000 | ---- | M] () -- C:\Users\aläx\Documents\ts3_clientui-win64-1351504843-2013-03-01 00_36_29.123775.dmp [2013.02.25 21:00:39 | 000,000,000 | ---- | M] () -- C:\Users\aläx\Documents\ts3_clientui-win64-1351504843-2013-02-25 21_00_39.025264.dmp [2013.02.22 21:49:30 | 000,000,680 | ---- | M] () -- C:\Users\aläx\Desktop\TeamSpeak 3 Client.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.24 15:43:48 | 000,004,454 | ---- | C] () -- C:\Users\aläx\Desktop\viruszeugs.rtf [2013.03.24 15:23:32 | 000,000,000 | ---- | C] () -- C:\Users\aläx\defogger_reenable [2013.03.24 15:22:58 | 000,050,477 | ---- | C] () -- C:\Users\aläx\Desktop\Defogger.exe [2013.03.21 17:03:50 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForaläx.job [2013.03.19 02:59:33 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.15 19:49:01 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.03.15 19:49:01 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.03.14 15:44:47 | 000,001,498 | ---- | C] () -- C:\Users\aläx\Desktop\DVD Shrink 3.2.lnk [2013.03.04 05:49:33 | 453,885,265 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.03.01 00:36:29 | 000,000,000 | ---- | C] () -- C:\Users\aläx\Documents\ts3_clientui-win64-1351504843-2013-03-01 00_36_29.123775.dmp [2013.02.25 21:00:39 | 000,000,000 | ---- | C] () -- C:\Users\aläx\Documents\ts3_clientui-win64-1351504843-2013-02-25 21_00_39.025264.dmp [2013.02.22 21:49:30 | 000,000,680 | ---- | C] () -- C:\Users\aläx\Desktop\TeamSpeak 3 Client.lnk [2013.02.06 13:53:15 | 000,021,584 | ---- | C] () -- C:\Program Files (x86)\_update2xblack.dat [2013.02.06 13:51:35 | 000,008,933 | ---- | C] () -- C:\Program Files (x86)\_update2nova.dat [2013.02.06 13:51:35 | 000,000,626 | ---- | C] () -- C:\Program Files (x86)\_update2nova.red.dat [2012.12.27 19:18:57 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2012.12.27 19:18:57 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2012.12.27 19:18:57 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2012.12.27 18:24:42 | 000,000,204 | ---- | C] () -- C:\Windows\SIERRA.INI [2012.11.17 18:28:53 | 000,017,408 | ---- | C] () -- C:\Users\aläx\AppData\Local\WebpageIcons.db [2012.10.16 22:37:15 | 000,003,420 | ---- | C] () -- C:\Users\aläx\AppData\Local\recently-used.xbel [2012.07.31 19:58:52 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2012.07.15 21:51:54 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad [2012.07.02 18:54:31 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad [2012.06.23 19:08:35 | 000,061,440 | ---- | C] () -- C:\ProgramData\lwvbmfpg.exe [2012.06.23 19:07:50 | 000,000,052 | ---- | C] () -- C:\ProgramData\kecdlwzfsrwccet [2012.06.23 02:27:05 | 000,304,128 | ---- | C] () -- C:\Users\aläx\AppData\Local\bardydeab.exe [2011.10.19 16:04:55 | 004,129,044 | ---- | C] () -- C:\Program Files\webtogodb.wdb [2011.10.19 16:04:55 | 001,023,656 | ---- | C] () -- C:\Program Files\Setup.exe [2011.10.19 16:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderSpa.dll [2011.10.19 16:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderIta.dll [2011.10.19 16:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderGer.dll [2011.10.19 16:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderFre.dll [2011.10.19 16:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderEng.dll [2011.10.19 16:04:55 | 000,476,511 | ---- | C] () -- C:\Program Files\Help_eng.chm [2011.10.19 16:04:55 | 000,427,495 | ---- | C] () -- C:\Program Files\Help_ger.chm [2011.10.19 16:04:55 | 000,413,648 | ---- | C] () -- C:\Program Files\OSU.exe [2011.10.19 16:04:55 | 000,386,713 | ---- | C] () -- C:\Program Files\Help_ita.chm [2011.10.19 16:04:55 | 000,366,391 | ---- | C] () -- C:\Program Files\Help_fre.chm [2011.10.19 16:04:55 | 000,360,127 | ---- | C] () -- C:\Program Files\Help_spa.chm [2011.10.19 16:04:55 | 000,331,432 | ---- | C] () -- C:\Program Files\4GSystems_SMSMMSGer.dll [2011.10.19 16:04:55 | 000,329,168 | ---- | C] () -- C:\Program Files\WTGService.exe [2011.10.19 16:04:55 | 000,243,152 | ---- | C] () -- C:\Program Files\WTGVistaUtil.exe [2011.10.19 16:04:55 | 000,118,436 | ---- | C] () -- C:\Program Files\WTGPhoneCaps.dat [2011.10.19 16:04:55 | 000,094,278 | ---- | C] () -- C:\Program Files\WtgZip.dll [2011.10.19 16:04:55 | 000,065,192 | ---- | C] () -- C:\Program Files\WTGMMSPCClient.dll [2011.10.19 16:04:55 | 000,030,160 | ---- | C] () -- C:\Program Files\InstallWTGService.exe [2011.10.19 16:04:55 | 000,024,584 | ---- | C] () -- C:\Program Files\WTGMMSProfiles.dat [2011.10.19 16:04:55 | 000,024,576 | ---- | C] () -- C:\Program Files\WTGDebugs.dll [2011.10.19 16:04:55 | 000,000,992 | ---- | C] () -- C:\Program Files\providers.xml [2011.10.19 16:04:55 | 000,000,567 | ---- | C] () -- C:\Program Files\KD.xml [2011.10.19 16:04:55 | 000,000,518 | ---- | C] () -- C:\Program Files\mmsc.xml [2011.10.19 16:04:55 | 000,000,193 | ---- | C] () -- C:\Program Files\config.ini [2011.10.19 16:04:54 | 000,962,216 | ---- | C] () -- C:\Program Files\Uninstaller.exe [2011.10.19 16:04:54 | 000,835,240 | ---- | C] () -- C:\Program Files\4GSystems_OneClickAssistantGer.dll [2011.10.19 16:04:54 | 000,831,144 | ---- | C] () -- C:\Program Files\UninstallerSpa.dll [2011.10.19 16:04:54 | 000,831,144 | ---- | C] () -- C:\Program Files\UninstallerGer.dll [2011.10.19 16:04:54 | 000,831,144 | ---- | C] () -- C:\Program Files\UninstallerFre.dll [2011.10.19 16:04:54 | 000,745,128 | ---- | C] () -- C:\Program Files\UninstallerIta.dll [2011.10.19 16:04:54 | 000,376,832 | ---- | C] () -- C:\Program Files\WtgCore.dll [2011.10.19 16:04:54 | 000,204,800 | ---- | C] () -- C:\Program Files\WtgUtil.dll [2011.10.19 16:04:54 | 000,183,976 | ---- | C] () -- C:\Program Files\WTGSMSPCClient.dll [2011.10.19 16:04:54 | 000,143,360 | ---- | C] () -- C:\Program Files\WtgDetection.dll [2011.10.19 16:04:54 | 000,139,264 | ---- | C] () -- C:\Program Files\WtgBluetooth.dll [2011.10.19 16:04:54 | 000,110,592 | ---- | C] () -- C:\Program Files\WtgDatabase.dll [2011.10.19 16:04:54 | 000,065,536 | ---- | C] () -- C:\Program Files\WtgDialup.dll [2011.10.19 16:04:54 | 000,045,056 | ---- | C] () -- C:\Program Files\WtgDriverInstall.dll [2011.10.19 16:04:54 | 000,024,576 | ---- | C] () -- C:\Program Files\WtgDriverInstallX.dll [2011.10.19 16:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientSpa.dll [2011.10.19 16:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientIta.dll [2011.10.19 16:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientGer.dll [2011.10.19 16:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientFre.dll [2011.10.19 16:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientEng.dll [2011.10.19 15:31:32 | 000,258,048 | R--- | C] () -- C:\Windows\SysWow64\sptlib01.dll [2011.10.19 15:31:32 | 000,253,952 | R--- | C] () -- C:\Windows\SysWow64\sptlib02.dll [2011.10.19 15:31:32 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.dll [2011.10.19 15:31:32 | 000,003,456 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.sys [2011.07.31 21:24:46 | 000,087,582 | ---- | C] () -- C:\Program Files (x86)\_update2g.dat [2011.07.31 21:24:46 | 000,038,476 | ---- | C] () -- C:\Program Files (x86)\_update2gcd.dat [2011.07.31 21:24:46 | 000,005,019 | ---- | C] () -- C:\Program Files (x86)\_update2oldblack.dat [2011.07.31 21:24:46 | 000,003,452 | ---- | C] () -- C:\Program Files (x86)\_update2marine.dat [2011.07.31 21:24:46 | 000,003,356 | ---- | C] () -- C:\Program Files (x86)\_update2renaissance.dat [2011.07.31 21:24:46 | 000,003,265 | ---- | C] () -- C:\Program Files (x86)\_update2azure.dat [2011.07.31 21:24:46 | 000,001,655 | ---- | C] () -- C:\Program Files (x86)\_update2shiny.dat [2011.07.31 21:24:46 | 000,001,579 | ---- | C] () -- C:\Program Files (x86)\_update2black.dat [2011.07.31 21:24:46 | 000,001,122 | ---- | C] () -- C:\Program Files (x86)\_update2simple.dat [2011.07.31 21:24:46 | 000,000,947 | ---- | C] () -- C:\Program Files (x86)\_update2renaissance.green.dat [2011.07.31 21:24:46 | 000,000,486 | ---- | C] () -- C:\Program Files (x86)\_update2s.dat [2011.07.31 21:24:46 | 000,000,163 | ---- | C] () -- C:\Program Files (x86)\_update2rare.dat [2011.07.31 21:24:46 | 000,000,075 | ---- | C] () -- C:\Program Files (x86)\_update2default.dat [2011.07.31 21:24:01 | 000,000,905 | ---- | C] () -- C:\Program Files (x86)\Uninstall PokerStars.lnk [2011.07.31 21:24:01 | 000,000,475 | ---- | C] () -- C:\Program Files (x86)\update.ini [2011.07.31 21:24:01 | 000,000,219 | ---- | C] () -- C:\Program Files (x86)\trace.ini [2011.07.31 21:24:01 | 000,000,199 | ---- | C] () -- C:\Program Files (x86)\tinfo.dat [2011.07.31 21:24:01 | 000,000,195 | ---- | C] () -- C:\Program Files (x86)\user.ini [2011.07.31 21:23:53 | 000,585,728 | ---- | C] () -- C:\Program Files (x86)\PokerStarsUninstall.exe [2011.07.31 21:23:53 | 000,046,360 | ---- | C] () -- C:\Program Files (x86)\Stub.exe [2011.07.31 21:23:53 | 000,001,442 | ---- | C] () -- C:\Program Files (x86)\PokerStars.ini [2011.07.31 21:23:47 | 000,000,707 | ---- | C] () -- C:\Program Files (x86)\fw.ini [2011.07.21 17:22:14 | 000,000,600 | ---- | C] () -- C:\Users\aläx\AppData\Roaming\winscp.rnd [2011.05.11 21:50:20 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.03.08 21:49:18 | 000,001,466 | ---- | C] () -- C:\Users\aläx\AppData\Local\RecConfig.xml [2010.02.17 22:05:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\aläx\AppData\Local\lame_enc.dll [2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\aläx\AppData\Local\vorbisenc.dll [2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\aläx\AppData\Local\vorbisfile.dll [2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\aläx\AppData\Local\vorbis.dll [2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\aläx\AppData\Local\ogg.dll [2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\aläx\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\@ [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\L [2012.10.28 14:48:07 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U [2012.10.24 17:28:00 | 000,000,928 | ---- | M] () -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U\00000001.@ [2012.10.28 14:48:07 | 000,014,848 | ---- | M] () -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U\80000000.@ [2012.09.28 16:58:00 | 000,025,088 | ---- | M] () -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U\800000cb.@ [2012.06.02 12:01:02 | 000,002,048 | -HS- | M] () -- C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\@ [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\L [2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U [2012.06.02 01:44:43 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3976204669-1912250674-580245324-1001\$I3EQZVK.@ [2012.06.02 01:44:43 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3976204669-1912250674-580245324-1001\$I7Y6XCJ.@ [2012.06.02 01:41:06 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3976204669-1912250674-580245324-1001\$IU0NDEA.@ [2012.06.02 01:44:43 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3976204669-1912250674-580245324-1001\$IWY4OFA.@ [2012.06.06 20:29:50 | 000,000,116 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3976204669-1912250674-580245324-1001\$RWCOLQB.com\assets\oobe\l.png [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 11:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 09:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = \\.\globalroot\systemroot\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\n. "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.06 19:55:33 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\1&1 Mail & Media GmbH [2013.01.08 17:13:13 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\APP_NAME_NON_STRING [2010.09.19 17:00:54 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Ashampoo [2012.02.29 14:31:35 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Babylon [2012.10.28 22:50:16 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\calibre [2011.09.17 19:44:20 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Canneverbe Limited [2011.04.04 11:44:51 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\DAEMON Tools Lite [2012.11.04 10:25:14 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Dropbox [2012.09.25 15:50:01 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\DVDVideoSoft [2012.09.25 15:49:57 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers [2010.10.31 13:09:54 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Foxit Software [2010.06.27 11:23:02 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\fretsonfire [2012.06.22 14:53:24 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\ICQ [2011.06.17 13:02:13 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\kikin [2010.08.31 23:23:13 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Leadertech [2011.05.04 19:56:33 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Line 6 [2012.01.08 04:09:45 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Media Finder [2012.09.27 18:03:35 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\MediaMonkey [2011.11.27 16:38:04 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\mp3DirectCut [2013.03.12 22:01:46 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Mp3tag [2012.07.08 13:27:40 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Oghue [2010.02.21 21:26:31 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\OpenOffice.org [2012.11.29 23:04:31 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Origin [2012.04.22 14:30:16 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\PacificPoker [2013.01.08 17:14:02 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\PDF Architect [2013.01.08 17:31:24 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\pdfforge [2011.10.19 16:08:14 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Program Files [2010.11.24 20:06:26 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Samsung [2011.04.12 14:51:10 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Scribus [2013.01.10 21:03:52 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Softland [2013.02.22 21:36:34 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\TS3Client [2012.01.02 02:25:54 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\ts3overlay [2012.11.13 15:57:39 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Windows Live Writer [2010.02.03 17:56:41 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\_MDLogs [2013.02.22 23:19:45 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\{13215AB9-2B2E-4F6E-ADF1-1D7048C31288} [2013.02.22 23:18:54 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\{8B7C62AE-92BD-48AE-AA5B-FA375BC97E3E} ========== Purity Check ========== < End of report > Im Hilfethread stand noch etwas von einer Extra.txt Datei. Da habe ich aber irgendwie keine bekommen. :/ Hier noch die gmer.txt Datei: GMER 2.1.19155 - hxxp://www.gmer.net Rootkit scan 2013-03-24 17:58:44 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS725032A9A364 rev.PC3OC70E 298,09GB Running: gmer_2.1.19155.exe; Driver: C:\Users\ALX~1\AppData\Local\Temp\kxldrpog.sys ---- User code sections - GMER 2.1 ---- .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007737fa20 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007737fc18 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007737fd78 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077381ec8 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000074b57809 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000761e779b 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WS2_32.dll!send 0000000076826f01 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000768f0ec0 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!InternetQueryOptionA 000000007698702d 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007698c664 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007698e13a 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007698f8d8 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!HttpAddRequestHeadersA 0000000076992a3c 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076993184 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000769b5761 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000769b632d 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000769bfa49 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000769cf6c6 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000769e525a 8 bytes {JMP 0x3} .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077331465 2 bytes [33, 77] .text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773314bb 2 bytes [33, 77] .text ... * 2 .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077331465 2 bytes [33, 77] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773314bb 2 bytes [33, 77] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2288] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000071e41a22 2 bytes [E4, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2288] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000071e41ad0 2 bytes [E4, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2288] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000071e41b08 2 bytes [E4, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2288] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000071e41bba 2 bytes [E4, 71] .text C:\Windows\SysWOW64\PnkBstrA.exe[2288] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000071e41bda 2 bytes [E4, 71] .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007737fa20 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007737fc18 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007737fd78 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077381ec8 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000761e779b 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000074b57809 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000768f0ec0 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!InternetQueryOptionA 000000007698702d 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007698c664 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007698e13a 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007698f8d8 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!HttpAddRequestHeadersA 0000000076992a3c 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076993184 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000769b5761 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000769b632d 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000769bfa49 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000769cf6c6 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000769e525a 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WS2_32.dll!send 0000000076826f01 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007737fa20 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007737fc18 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007737fd78 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077381ec8 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000761e779b 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000074b57809 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077331465 2 bytes [33, 77] .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773314bb 2 bytes [33, 77] .text ... * 2 .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!InternetQueryOptionA 000000007698702d 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007698c664 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007698e13a 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007698f8d8 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!HttpAddRequestHeadersA 0000000076992a3c 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076993184 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000769b5761 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000769b632d 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000769bfa49 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000769cf6c6 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000769e525a 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000768f0ec0 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WS2_32.dll!send 0000000076826f01 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007737fa20 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007737fc18 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007737fd78 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077381ec8 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000074b57809 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000761e779b 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000768f0ec0 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WS2_32.dll!send 0000000076826f01 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!InternetQueryOptionA 000000007698702d 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007698c664 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007698e13a 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007698f8d8 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!HttpAddRequestHeadersA 0000000076992a3c 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076993184 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000769b5761 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000769b632d 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000769bfa49 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000769cf6c6 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000769e525a 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007737fa20 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007737fc18 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007737fd78 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077381ec8 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000074b57809 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000761e779b 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000768f0ec0 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WS2_32.dll!send 0000000076826f01 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!InternetQueryOptionA 000000007698702d 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007698c664 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007698e13a 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007698f8d8 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!HttpAddRequestHeadersA 0000000076992a3c 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076993184 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000769b5761 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000769b632d 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000769bfa49 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000769cf6c6 8 bytes {JMP 0x3} .text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000769e525a 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007737fa20 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007737fc18 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007737fd78 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077381ec8 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000761e779b 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000074b57809 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!InternetQueryOptionA 000000007698702d 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007698c664 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007698e13a 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007698f8d8 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!HttpAddRequestHeadersA 0000000076992a3c 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076993184 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000769b5761 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000769b632d 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000769bfa49 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000769cf6c6 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000769e525a 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000768f0ec0 8 bytes {JMP 0x3} .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WS2_32.dll!send 0000000076826f01 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007737fa20 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007737fc18 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007737fd78 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077381ec8 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000074b57809 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000761e779b 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000768f0ec0 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WS2_32.dll!send 0000000076826f01 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!InternetQueryOptionA 000000007698702d 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007698c664 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007698e13a 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007698f8d8 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!HttpAddRequestHeadersA 0000000076992a3c 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076993184 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000769b5761 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000769b632d 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000769bfa49 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000769cf6c6 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000769e525a 8 bytes {JMP 0x3} .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077331465 2 bytes [33, 77] .text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773314bb 2 bytes [33, 77] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6760:7088] 000007fefba62a7c ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{82E069DA-CFB1-49BC-AD6F-AE91BAE0ED11}@LeaseObtainedTime 1364139493 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{82E069DA-CFB1-49BC-AD6F-AE91BAE0ED11}@T1 1365046693 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{82E069DA-CFB1-49BC-AD6F-AE91BAE0ED11}@T2 1365727093 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{82E069DA-CFB1-49BC-AD6F-AE91BAE0ED11}@LeaseTerminatesTime 1365953893 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- So, ich hoffe das waren jetzt alle nötigen Informationen. Würde mich sehr freuen, wenn jemand helfen kann! Grüße, Alex |
|
24.03.2013, 19:52
| #2 |
| /// Malwareteam   |  Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld 
__________________ |
|
24.03.2013, 23:50
| #3 |
| | Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) Alles klar, freut mich, vielen Dank schonmal für deine Mühe!
__________________ |
|
25.03.2013, 13:09
| #4 |
| /// Malwareteam | Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) Hallo und Ich bin Christoph und möchte dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein PC clean ist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Scan mit Combofix
__________________ Keep Jazzing!  DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
|
27.03.2013, 20:15
| #5 |
| /// Malwareteam | Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist!
__________________ Keep Jazzing! DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
|
27.03.2013, 21:24
| #6 |
| | Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) Danke erstmal für das Angebot! Ja ich brauch noch Hilfe, bin aber zur Zeit nicht daheim und kann nichts am Laptop machen, sorry! Komme erst wieder am Sonntag zurück und würde dann gleich den Scan mit Combofix durchführen! Ich hoffe dass das für dich okay ist. |
|
27.03.2013, 21:37
| #7 |
| /// Malwareteam | Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) Hi OK, melde dich dann bitte, wenn du das Log hast.
__________________ Keep Jazzing! DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
|
31.03.2013, 21:16
| #8 |
| | Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) Hi So, hier ist jetzt das Log von Combofix: Code:
ATTFilter ComboFix 13-03-31.01 - aläx 31.03.2013 21:44:00.1.2 - x64
ausgeführt von:: c:\users\alõx\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\INSTALL.LOG
c:\program files (x86)\kikin
c:\program files (x86)\kikin\default_settings.xml
c:\program files (x86)\kikin\ie_kikin.dll
c:\program files (x86)\kikin\KikinBroker.exe
c:\program files (x86)\kikin\KikinCrashReporter.exe
c:\program files (x86)\kikin\uninst.exe
c:\program files (x86)\Update
c:\programdata\l_u0_0.pad
c:\programdata\lwvbmfpg.exe
c:\programdata\ras_0oed.pad
c:\programdata\to_r0tsef.pad
c:\windows\install.exe
c:\windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\@
c:\windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U\00000001.@
c:\windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U\80000000.@
c:\windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U\800000cb.@
c:\windows\IsUn0407.exe
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-28 bis 2013-03-31 ))))))))))))))))))))))))))))))
.
.
2013-03-31 19:52 . 2013-03-31 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-19 19:32 . 2013-03-19 19:32 -------- d-----w- c:\users\aläx\AppData\Local\Macromedia
2013-03-19 01:47 . 2013-03-19 01:47 310688 ----a-w- c:\windows\system32\javaws.exe
2013-03-19 01:47 . 2013-03-19 01:47 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-19 01:47 . 2013-03-19 01:47 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-19 01:47 . 2013-03-19 01:47 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-19 01:47 . 2013-03-19 01:47 188832 ----a-w- c:\windows\system32\javaw.exe
2013-03-19 01:47 . 2013-03-19 01:47 188320 ----a-w- c:\windows\system32\java.exe
2013-03-19 01:45 . 2013-03-19 01:47 -------- d-----w- c:\program files\Java
2013-03-15 18:45 . 2013-03-15 18:45 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-15 18:45 . 2013-03-15 18:45 -------- d-----w- c:\program files (x86)\Java
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-19 19:29 . 2012-07-17 16:07 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-19 19:29 . 2012-03-29 13:15 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-15 18:45 . 2012-09-10 21:19 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-15 18:45 . 2010-05-20 15:45 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-12 12:04 . 2012-01-19 17:44 43832 ----a-w- c:\windows\help\OEM\Scripts\PWAlertEnable.exe
2013-03-01 15:00 . 2011-11-17 17:38 21208 ----a-w- c:\windows\help\OEM\Scripts\PSGRedirector.exe
2013-02-25 13:19 . 2011-04-28 17:43 49152 ----a-w- c:\windows\help\OEM\Scripts\Interop.TaskScheduler.dll
2013-02-10 12:34 . 2013-02-10 12:34 40960 ----a-r- c:\users\aläx\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2013-02-10 12:34 . 2013-02-10 12:34 40960 ----a-r- c:\users\aläx\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2013-02-10 12:34 . 2013-02-10 12:34 40960 ----a-r- c:\users\aläx\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2013-02-10 12:34 . 2013-02-10 12:34 40960 ----a-r- c:\users\aläx\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2013-02-06 12:53 . 2011-07-31 20:23 8963608 ----a-w- c:\program files (x86)\PokerStars.exe
2013-02-06 12:51 . 2011-07-31 20:23 581208 ----a-w- c:\program files (x86)\PokerStarsUpdate.exe
2013-01-11 09:44 . 2012-12-06 16:07 19840 ----a-w- c:\windows\help\OEM\Scripts\Solution_RecoveryPgm.exe
2013-01-09 17:50 . 2011-04-28 17:43 1251640 ----a-w- c:\windows\help\OEM\Scripts\HPSAUpgrade.exe
2012-04-06 18:54 . 2011-07-31 20:24 334640 ----a-w- c:\program files (x86)\Tracer.exe
2011-07-31 20:23 . 2011-07-31 20:23 816472 ----a-w- c:\program files (x86)\PokerStarsCommunicate.exe
2011-07-31 20:23 . 2011-07-31 20:23 656728 ----a-w- c:\program files (x86)\PokerStarsOnlineUpdate.exe
2011-07-31 20:23 . 2011-07-31 20:23 585728 ----a-w- c:\program files (x86)\PokerStarsUninstall.exe
2011-07-31 20:23 . 2011-07-31 20:23 46360 ----a-w- c:\program files (x86)\Stub.exe
2010-06-22 16:48 . 2011-10-19 15:04 143360 ------w- c:\program files\WtgDetection.dll
2010-04-28 15:00 . 2011-10-19 15:04 396968 ------w- c:\program files\WTGToasterWin.dll
2010-04-28 15:00 . 2011-10-19 15:04 183976 ------w- c:\program files\WTGSMSPCClient.dll
2010-04-28 15:00 . 2011-10-19 15:04 65192 ------w- c:\program files\WTGMMSPCClient.dll
2010-04-28 15:00 . 2011-10-19 15:04 1023656 ------w- c:\program files\Setup.exe
2010-04-28 15:00 . 2011-10-19 15:04 831144 ------w- c:\program files\UninstallerSpa.dll
2010-04-28 15:00 . 2011-10-19 15:04 831144 ------w- c:\program files\UninstallerGer.dll
2010-04-28 15:00 . 2011-10-19 15:04 831144 ------w- c:\program files\UninstallerFre.dll
2010-04-28 15:00 . 2011-10-19 15:04 745128 ------w- c:\program files\UninstallerIta.dll
2010-04-28 15:00 . 2011-10-19 15:04 478888 ------w- c:\program files\XSManager_SMSMMS.exe
2010-04-28 15:00 . 2011-10-19 15:04 962216 ------w- c:\program files\Uninstaller.exe
2010-04-28 15:00 . 2011-10-19 15:04 1470120 ------w- c:\program files\XSManager.exe
2010-04-28 15:00 . 2011-10-19 15:04 20136 ------w- c:\program files\4GSystems_WTGSMSPCClientSpa.dll
2010-04-28 15:00 . 2011-10-19 15:04 20136 ------w- c:\program files\4GSystems_WTGSMSPCClientIta.dll
2010-04-28 15:00 . 2011-10-19 15:04 20136 ------w- c:\program files\4GSystems_WTGSMSPCClientGer.dll
2010-04-28 15:00 . 2011-10-19 15:04 20136 ------w- c:\program files\4GSystems_WTGSMSPCClientFre.dll
2010-04-28 15:00 . 2011-10-19 15:04 495272 ------w- c:\program files\4GSystems_UpgraderSpa.dll
2010-04-28 15:00 . 2011-10-19 15:04 495272 ------w- c:\program files\4GSystems_UpgraderIta.dll
2010-04-28 15:00 . 2011-10-19 15:04 495272 ------w- c:\program files\4GSystems_UpgraderGer.dll
2010-04-28 15:00 . 2011-10-19 15:04 20136 ------w- c:\program files\4GSystems_WTGSMSPCClientEng.dll
2010-04-28 15:00 . 2011-10-19 15:04 495272 ------w- c:\program files\4GSystems_UpgraderFre.dll
2010-04-28 15:00 . 2011-10-19 15:04 495272 ------w- c:\program files\4GSystems_UpgraderEng.dll
2010-04-28 15:00 . 2011-10-19 15:04 331432 ------w- c:\program files\4GSystems_SMSMMSSpa.dll
2010-04-28 15:00 . 2011-10-19 15:04 331432 ------w- c:\program files\4GSystems_SMSMMSIta.dll
2010-04-28 15:00 . 2011-10-19 15:04 331432 ------w- c:\program files\4GSystems_SMSMMSGer.dll
2010-04-28 15:00 . 2011-10-19 15:04 331432 ------w- c:\program files\4GSystems_SMSMMSFre.dll
2010-04-28 15:00 . 2011-10-19 15:04 331432 ------w- c:\program files\4GSystems_SMSMMSEng.dll
2010-04-28 15:00 . 2011-10-19 15:04 839336 ------w- c:\program files\4GSystems_OneClickAssistantSpa.dll
2010-04-28 15:00 . 2011-10-19 15:04 835240 ------w- c:\program files\4GSystems_OneClickAssistantIta.dll
2010-04-28 15:00 . 2011-10-19 15:04 835240 ------w- c:\program files\4GSystems_OneClickAssistantGer.dll
2010-04-28 15:00 . 2011-10-19 15:04 839336 ------w- c:\program files\4GSystems_OneClickAssistantFre.dll
2010-04-28 15:00 . 2011-10-19 15:04 839336 ------w- c:\program files\4GSystems_OneClickAssistantEng.dll
2010-04-12 16:04 . 2011-10-19 15:04 30160 ------w- c:\program files\InstallWTGService.exe
2010-04-12 16:03 . 2011-10-19 15:04 413648 ------w- c:\program files\OSU.exe
2010-04-12 16:03 . 2011-10-19 15:04 243152 ------w- c:\program files\WTGVistaUtil.exe
2010-04-12 16:03 . 2011-10-19 15:04 329168 ------w- c:\program files\WTGService.exe
2010-04-12 16:00 . 2011-10-19 15:04 24576 ------w- c:\program files\WtgDriverInstallX.dll
2010-04-12 16:00 . 2011-10-19 15:04 94278 ------w- c:\program files\WtgZip.dll
2010-04-12 15:59 . 2011-10-19 15:04 376832 ------w- c:\program files\WtgCore.dll
2010-04-12 15:59 . 2011-10-19 15:04 45056 ------w- c:\program files\WtgDriverInstall.dll
2010-04-12 15:59 . 2011-10-19 15:04 139264 ------w- c:\program files\WtgBluetooth.dll
2010-04-12 15:59 . 2011-10-19 15:04 65536 ------w- c:\program files\WtgDialup.dll
2010-04-12 15:59 . 2011-10-19 15:04 110592 ------w- c:\program files\WtgDatabase.dll
2010-04-12 15:59 . 2011-10-19 15:04 204800 ------w- c:\program files\WtgUtil.dll
2010-04-12 15:59 . 2011-10-19 15:04 24576 ------w- c:\program files\WTGDebugs.dll
2008-03-13 09:59 . 2011-10-19 15:04 57344 ------w- c:\program files\VistaLib32.dll
2008-03-13 09:59 . 2011-10-19 15:04 401462 ------w- c:\program files\msvcp60.dll
2008-03-13 09:59 . 2011-10-19 15:04 286773 ------w- c:\program files\msvcrt.dll
2008-03-13 09:59 . 2011-10-19 15:04 1015859 ------w- c:\program files\mfc42.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\aläx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\aläx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\aläx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\aläx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"starter4g"="c:\windows\starter4g.exe" [2010-07-08 160992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FSC RC.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2011-10-19 684032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2011-10-19 117888]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2009-10-16 50176]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;f:\spiele\hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 WTGService;WTGService;c:\program files\WTGService.exe [2010-04-12 329168]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-07-08 145120]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\aläx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\aläx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\aläx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\aläx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: Free YouTube Download - c:\users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to iPod Converter - c:\users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to Mp3 Converter - c:\users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
FF - ProfilePath - c:\users\aläx\AppData\Roaming\Mozilla\Firefox\Profiles\p766a8oh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.kicker.de
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109980&babsrc=adbartrp&mntrId=1c81958b000000000000904ce520160f&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKCU-Run-Windows Time - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
SafeBoot-Wdf01000.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Age of Mythology 1.0 - g:\spielä\Age of Mythology\UNINSTAL.EXE
AddRemove-Ashampoo Burning Studio 2010_is1 - g:\ashampoo burning studio 2010\unins000.exe
AddRemove-Beleuchtungstechnik - g:\progra~1\BFE-LE~1\BELEUC~1\UNWISE.EXE
AddRemove-CamStudio - g:\camstudio\uninstall.exe
AddRemove-CasinoClub - g:\casino\CASINO~1\UNWISE.EXE
AddRemove-DVDGenie - c:\program files (x86)\DVD Genie\uninst-dvdgenie.exe
AddRemove-Grand Theft Auto - c:\program files (x86)\gta\Uninst.isu
AddRemove-Guitar Pro 5_is1 - g:\guitar pro 5\unins000.exe
AddRemove-Line 6 Uninstaller - g:\line6monkey\Tools\Line 6 Uninstaller.exe
AddRemove-Moorhuhn-Sushi - c:\windows\system32\MOORHU~1.SCR
AddRemove-S3 - c:\windows\IsUn0407.exe
AddRemove-winscp3_is1 - g:\winscp\unins000.exe
AddRemove-{0E26E09B-6687-4A99-BD08-A9E705373029}_is1 - g:\vyzex pocket pod\Win32\unins000.exe
AddRemove-{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA} - c:\program files (x86)\kikin\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3976204669-1912250674-580245324-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:5d,5f,07,c8,7d,70,66,a3,37,57,77,19,6d,e0,93,5d,e1,4e,64,2f,21,5c,f0,
16,62,dd,37,52,c5,d4,a3,d9,c8,ba,ef,e3,42,18,65,8a,74,44,58,fb,d4,7f,b0,c4,\
"??"=hex:77,fd,ed,c6,ac,5b,1f,8d,80,9d,54,37,e8,7e,b1,68
.
[HKEY_USERS\S-1-5-21-3976204669-1912250674-580245324-1001\Software\SecuROM\License information*]
"datasecu"=hex:2e,cd,34,b4,6c,01,6d,5a,9d,82,a1,25,88,14,97,24,f2,c6,4f,dc,f9,
8c,1e,05,32,a0,df,a0,51,42,54,ea,1d,ba,4b,be,32,74,43,6e,35,a7,0e,a9,e7,38,\
"rkeysecu"=hex:55,f0,b8,87,d5,28,2e,0d,cb,f6,f6,5f,18,87,1b,ac
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
f:\spiele\hamachi\hamachi-2-ui.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-31 22:01:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-03-31 20:01
.
Vor Suchlauf: 8 Verzeichnis(se), 236.802.859.008 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 238.112.178.176 Bytes frei
.
- - End Of File - - E022A904FF6260780945550E29485A8C
|
|
31.03.2013, 21:35
| #9 |
| /// Malwareteam | Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) Da hast du dir ja was nettes angelacht  Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 3 Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Schritt 4 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste in deiner naechsten Antwort
__________________ Keep Jazzing! DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
|
31.03.2013, 22:43
| #10 |
| | Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) Hört sich ja toll an  AdwCleaner: Code:
ATTFilter # AdwCleaner v2.115 - Datei am 31/03/2013 um 22:42:43 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : aläx - ALÄX-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\aläx\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Ordner Gelöscht : C:\Program Files (x86)\Babylon
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Plasmoo
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gelöscht : C:\Users\aläx\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\aläx\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\kikin
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\Media Finder
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\Mozilla\Firefox\Profiles\a4aqqrd9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\Mozilla\Firefox\Profiles\p766a8oh.default\Conduit
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\Mozilla\Firefox\Profiles\p766a8oh.default\CT2269050
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\Mozilla\Firefox\Profiles\p766a8oh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\Mozilla\Firefox\Profiles\p766a8oh.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16446
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\aläx\AppData\Roaming\Mozilla\Firefox\Profiles\p766a8oh.default\prefs.js
C:\Users\aläx\AppData\Roaming\Mozilla\Firefox\Profiles\p766a8oh.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "11-8-2010");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Wed Aug 11 2010 18:17:38 GMT+0200");
Gelöscht : user_pref("CT2269050.FirstServerDate", "11-8-2010");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2269050.InstalledDate", "Wed Aug 11 2010 18:17:38 GMT+0200");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Aug 11 2010 18:17:39 GMT+0200");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.7.0.14", "Wed Aug 11 2010 18:17:38 GMT+0200");
Gelöscht : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Wed Aug 11 2010 18:17:39 GMT+0200");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Aug 11 2010 18:17:39 GMT+0200");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Wed Aug 11 2010 18:17:37 GMT+0200");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1281105247");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Wed Aug 11 2010 18:17:37 GMT+0200");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2269050.UserID", "UN85531458676184340");
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Wed Aug 11 2010 18:17:38 GMT+0200");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Aug 11 2010 18:17:38 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Aug 11 2010 18:17:37 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1276093853");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "{12eef586-10e9-40f2-96eb-35d80c0ac64c}");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Aug 11 2010 18:17:38 GMT+0200");
Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 29);
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Gelöscht : user_pref("extensions.BabylonToolbar.hmpg", true);
Gelöscht : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=109980&babsrc=adbar[...]
Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 29);
Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Gelöscht : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Gelöscht : user_pref("extensions.BabylonToolbar.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?AF=109980&babsrc=NT_ss&[...]
Gelöscht : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.propectorlck", 69084111);
Gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "free");
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Gelöscht : user_pref("extensions.asktb.apn_dbr", "ff_3.6.3");
Gelöscht : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Gelöscht : user_pref("extensions.asktb.cbid", "5J");
Gelöscht : user_pref("extensions.asktb.config-updated", false);
Gelöscht : user_pref("extensions.asktb.crumb", "2012.07.01+16.05.46-toolbar020iad-DE-TnVyZW1iZXJnLEdlcm1hbnk%3D[...]
Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Gelöscht : user_pref("extensions.asktb.displaybehavior", "");
Gelöscht : user_pref("extensions.asktb.displaytext", "");
Gelöscht : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Gelöscht : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Gelöscht : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMBY0250");
Gelöscht : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Gelöscht : user_pref("extensions.asktb.fresh-install", false);
Gelöscht : user_pref("extensions.asktb.guid", "73932ac6-ad86-423a-9efd-96009be1a7c8");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelöscht : user_pref("extensions.asktb.if", "first");
Gelöscht : user_pref("extensions.asktb.l", "dis");
Gelöscht : user_pref("extensions.asktb.last-config-req", "1341185133351");
Gelöscht : user_pref("extensions.asktb.locale", "de_DE");
Gelöscht : user_pref("extensions.asktb.location", "Nuremberg,Germany");
Gelöscht : user_pref("extensions.asktb.lstation", "");
Gelöscht : user_pref("extensions.asktb.news-native-on", true);
Gelöscht : user_pref("extensions.asktb.o", "102869");
Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gelöscht : user_pref("extensions.asktb.pstate", "");
Gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Gelöscht : user_pref("extensions.asktb.r", "2");
Gelöscht : user_pref("extensions.asktb.sa", "NO");
Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Gelöscht : user_pref("extensions.asktb.socialmini-first", true);
Gelöscht : user_pref("extensions.asktb.socialmini-interval", "1200000");
Gelöscht : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Gelöscht : user_pref("extensions.asktb.socialmini-max-items", "30");
Gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);
Gelöscht : user_pref("extensions.asktb.socialmini-speed", "10000");
Gelöscht : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Gelöscht : user_pref("extensions.asktb.themeid", "");
Gelöscht : user_pref("extensions.asktb.timeinstalled", "02.07.2012 01:06:13");
Gelöscht : user_pref("extensions.asktb.to", "");
Gelöscht : user_pref("extensions.asktb.v", "3.15.4.100013");
Gelöscht : user_pref("extensions.asktb.version", "5.15.4.23821");
Gelöscht : user_pref("extensions.asktb.volume", "");
Gelöscht : user_pref("keyword.URL", "hxxp://search.babylon.com/?AF=109980&babsrc=adbartrp&mntrId=1c81958b000000[...]
*************************
AdwCleaner[S1].txt - [19727 octets] - [31/03/2013 22:42:43]
########## EOF - C:\AdwCleaner[S1].txt - [19788 octets] ##########
JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.8 (03.31.2013:1)
OS: Windows 7 Home Premium x64
Ran by al„x on 31.03.2013 at 22:51:28,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\al„x\appdata\local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}
~~~ FireFox
Successfully deleted: [Folder] C:\Users\al„x\AppData\Roaming\mozilla\firefox\profiles\p766a8oh.default\extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Emptied folder: C:\Users\al„x\AppData\Roaming\mozilla\firefox\profiles\p766a8oh.default\minidumps [18 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.03.2013 at 23:01:15,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
aswMBR: (habe aus Versehen das erste mal zu früh abgespeichert) Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-31 23:07:57
-----------------------------
23:07:57.848 OS Version: Windows x64 6.1.7601 Service Pack 1
23:07:57.848 Number of processors: 2 586 0x602
23:07:57.848 ComputerName: ALÄX-PC UserName: aläx
23:07:58.877 Initialize success
23:09:32.546 AVAST engine defs: 13033100
23:09:59.316 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:09:59.316 Disk 0 Vendor: Hitachi_HTS725032A9A364 PC3OC70E Size: 305245MB BusType: 11
23:09:59.425 Disk 0 MBR read successfully
23:09:59.425 Disk 0 MBR scan
23:09:59.441 Disk 0 unknown MBR code
23:09:59.456 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
23:09:59.472 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 291394 MB offset 409600
23:09:59.503 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13547 MB offset 597184512
23:09:59.534 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
23:09:59.581 Disk 0 scanning C:\Windows\system32\drivers
23:10:16.741 Service scanning
23:10:42.981 Modules scanning
23:10:42.996 Disk 0 trace - called modules:
23:10:43.027 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:10:43.027 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800432a060]
23:10:43.043 3 CLASSPNP.SYS[fffff880010f043f] -> nt!IofCallDriver -> [0xfffffa80043242c0]
23:10:43.043 5 hpdskflt.sys[fffff880023bf289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80042a8680]
23:10:43.979 AVAST engine scan C:\Windows
23:10:48.269 AVAST engine scan C:\Windows\system32
23:15:00.069 AVAST engine scan C:\Windows\system32\drivers
23:15:17.822 AVAST engine scan C:\Users\aläx
23:15:21.909 File: C:\Users\aläx\AppData\Local\bardydeab.exe **INFECTED** Win32:Susn-AK [Trj]
23:16:32.983 Disk 0 MBR has been saved successfully to "C:\Users\aläx\Desktop\MBR.dat"
23:16:32.998 The log file has been saved successfully to "C:\Users\aläx\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-31 23:07:57
-----------------------------
23:07:57.848 OS Version: Windows x64 6.1.7601 Service Pack 1
23:07:57.848 Number of processors: 2 586 0x602
23:07:57.848 ComputerName: ALÄX-PC UserName: aläx
23:07:58.877 Initialize success
23:09:32.546 AVAST engine defs: 13033100
23:09:59.316 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:09:59.316 Disk 0 Vendor: Hitachi_HTS725032A9A364 PC3OC70E Size: 305245MB BusType: 11
23:09:59.425 Disk 0 MBR read successfully
23:09:59.425 Disk 0 MBR scan
23:09:59.441 Disk 0 unknown MBR code
23:09:59.456 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
23:09:59.472 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 291394 MB offset 409600
23:09:59.503 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13547 MB offset 597184512
23:09:59.534 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
23:09:59.581 Disk 0 scanning C:\Windows\system32\drivers
23:10:16.741 Service scanning
23:10:42.981 Modules scanning
23:10:42.996 Disk 0 trace - called modules:
23:10:43.027 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:10:43.027 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800432a060]
23:10:43.043 3 CLASSPNP.SYS[fffff880010f043f] -> nt!IofCallDriver -> [0xfffffa80043242c0]
23:10:43.043 5 hpdskflt.sys[fffff880023bf289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80042a8680]
23:10:43.979 AVAST engine scan C:\Windows
23:10:48.269 AVAST engine scan C:\Windows\system32
23:15:00.069 AVAST engine scan C:\Windows\system32\drivers
23:15:17.822 AVAST engine scan C:\Users\aläx
23:15:21.909 File: C:\Users\aläx\AppData\Local\bardydeab.exe **INFECTED** Win32:Susn-AK [Trj]
23:16:32.983 Disk 0 MBR has been saved successfully to "C:\Users\aläx\Desktop\MBR.dat"
23:16:32.998 The log file has been saved successfully to "C:\Users\aläx\Desktop\aswMBR.txt"
23:24:37.363 AVAST engine scan C:\ProgramData
23:26:07.125 Scan finished successfully
23:26:31.649 Disk 0 MBR has been saved successfully to "C:\Users\aläx\Desktop\MBR.dat"
23:26:31.664 The log file has been saved successfully to "C:\Users\aläx\Desktop\aswMBR.txt"
TDSSKiller: Code:
ATTFilter 23:30:26.0244 3836 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:30:26.0400 3836 ============================================================
23:30:26.0400 3836 Current date / time: 2013/03/31 23:30:26.0400
23:30:26.0400 3836 SystemInfo:
23:30:26.0400 3836
23:30:26.0400 3836 OS Version: 6.1.7601 ServicePack: 1.0
23:30:26.0400 3836 Product type: Workstation
23:30:26.0400 3836 ComputerName: ALÄX-PC
23:30:26.0400 3836 UserName: aläx
23:30:26.0400 3836 Windows directory: C:\Windows
23:30:26.0400 3836 System windows directory: C:\Windows
23:30:26.0400 3836 Running under WOW64
23:30:26.0400 3836 Processor architecture: Intel x64
23:30:26.0400 3836 Number of processors: 2
23:30:26.0400 3836 Page size: 0x1000
23:30:26.0400 3836 Boot type: Normal boot
23:30:26.0400 3836 ============================================================
23:30:27.0398 3836 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:30:27.0414 3836 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:30:27.0898 3836 ============================================================
23:30:27.0898 3836 \Device\Harddisk0\DR0:
23:30:27.0898 3836 MBR partitions:
23:30:27.0898 3836 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:30:27.0898 3836 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23921000
23:30:27.0898 3836 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23985000, BlocksNum 0x1A75800
23:30:27.0898 3836 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
23:30:27.0898 3836 \Device\Harddisk1\DR1:
23:30:27.0898 3836 MBR partitions:
23:30:27.0898 3836 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74706D71
23:30:27.0898 3836 ============================================================
23:30:27.0929 3836 C: <-> \Device\Harddisk0\DR0\Partition2
23:30:27.0976 3836 D: <-> \Device\Harddisk0\DR0\Partition3
23:30:28.0038 3836 F: <-> \Device\Harddisk1\DR1\Partition1
23:30:28.0038 3836 ============================================================
23:30:28.0038 3836 Initialize success
23:30:28.0038 3836 ============================================================
23:30:37.0164 2656 ============================================================
23:30:37.0164 2656 Scan started
23:30:37.0164 2656 Mode: Manual; SigCheck; TDLFS;
23:30:37.0164 2656 ============================================================
23:30:38.0209 2656 ================ Scan system memory ========================
23:30:38.0209 2656 System memory - ok
23:30:38.0209 2656 ================ Scan services =============================
23:30:38.0365 2656 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:30:38.0459 2656 1394ohci - ok
23:30:38.0490 2656 [ 4DF5E6215A102A192B2B6DBB61F2FBA5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
23:30:38.0506 2656 Accelerometer - ok
23:30:38.0521 2656 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:30:38.0537 2656 ACPI - ok
23:30:38.0552 2656 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:30:38.0615 2656 AcpiPmi - ok
23:30:38.0708 2656 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:30:38.0740 2656 AdobeARMservice - ok
23:30:38.0771 2656 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:30:38.0802 2656 adp94xx - ok
23:30:38.0833 2656 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:30:38.0864 2656 adpahci - ok
23:30:38.0880 2656 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:30:38.0896 2656 adpu320 - ok
23:30:38.0911 2656 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:30:38.0989 2656 AeLookupSvc - ok
23:30:39.0098 2656 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
23:30:39.0161 2656 AESTFilters - ok
23:30:39.0208 2656 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:30:39.0286 2656 AFD - ok
23:30:39.0348 2656 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
23:30:39.0442 2656 AgereSoftModem - ok
23:30:39.0473 2656 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:30:39.0504 2656 agp440 - ok
23:30:39.0520 2656 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:30:39.0582 2656 ALG - ok
23:30:39.0613 2656 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:30:39.0613 2656 aliide - ok
23:30:39.0676 2656 [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:30:39.0754 2656 AMD External Events Utility - ok
23:30:39.0785 2656 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:30:39.0800 2656 amdide - ok
23:30:39.0832 2656 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:30:39.0894 2656 AmdK8 - ok
23:30:39.0910 2656 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:30:39.0956 2656 AmdPPM - ok
23:30:39.0988 2656 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:30:40.0003 2656 amdsata - ok
23:30:40.0019 2656 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:30:40.0034 2656 amdsbs - ok
23:30:40.0050 2656 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:30:40.0066 2656 amdxata - ok
23:30:40.0128 2656 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:30:40.0144 2656 AntiVirSchedulerService - ok
23:30:40.0175 2656 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:30:40.0190 2656 AntiVirService - ok
23:30:40.0237 2656 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:30:40.0378 2656 AppID - ok
23:30:40.0409 2656 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:30:40.0487 2656 AppIDSvc - ok
23:30:40.0534 2656 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:30:40.0627 2656 Appinfo - ok
23:30:40.0799 2656 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:30:40.0861 2656 arc - ok
23:30:40.0861 2656 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:30:40.0877 2656 arcsas - ok
23:30:40.0908 2656 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:30:40.0970 2656 AsyncMac - ok
23:30:41.0002 2656 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:30:41.0017 2656 atapi - ok
23:30:41.0080 2656 [ 38562A6A9CB10844759EAF2B01A7FCD3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
23:30:41.0173 2656 athr - ok
23:30:41.0204 2656 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
23:30:41.0236 2656 AtiHdmiService - ok
23:30:41.0360 2656 [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:30:41.0485 2656 atikmdag - ok
23:30:41.0516 2656 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
23:30:41.0516 2656 AtiPcie - ok
23:30:41.0563 2656 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:30:41.0688 2656 AudioEndpointBuilder - ok
23:30:41.0704 2656 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:30:41.0735 2656 AudioSrv - ok
23:30:41.0782 2656 [ B1224E6B086CD6548315B04AB575A23E ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:30:41.0797 2656 avgntflt - ok
23:30:41.0844 2656 [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:30:41.0860 2656 avipbb - ok
23:30:41.0906 2656 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:30:42.0016 2656 AxInstSV - ok
23:30:42.0062 2656 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:30:42.0140 2656 b06bdrv - ok
23:30:42.0172 2656 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:30:42.0203 2656 b57nd60a - ok
23:30:42.0234 2656 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:30:42.0281 2656 BDESVC - ok
23:30:42.0296 2656 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:30:42.0359 2656 Beep - ok
23:30:42.0437 2656 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:30:42.0499 2656 BFE - ok
23:30:42.0593 2656 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
23:30:42.0702 2656 BITS - ok
23:30:42.0733 2656 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:30:42.0764 2656 blbdrive - ok
23:30:42.0811 2656 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:30:42.0858 2656 bowser - ok
23:30:42.0889 2656 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:30:42.0983 2656 BrFiltLo - ok
23:30:42.0998 2656 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:30:43.0030 2656 BrFiltUp - ok
23:30:43.0061 2656 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:30:43.0123 2656 BridgeMP - ok
23:30:43.0186 2656 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
23:30:43.0248 2656 Browser - ok
23:30:43.0264 2656 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:30:43.0310 2656 Brserid - ok
23:30:43.0326 2656 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:30:43.0373 2656 BrSerWdm - ok
23:30:43.0388 2656 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:30:43.0435 2656 BrUsbMdm - ok
23:30:43.0451 2656 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:30:43.0482 2656 BrUsbSer - ok
23:30:43.0513 2656 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:30:43.0560 2656 BTHMODEM - ok
23:30:43.0607 2656 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:30:43.0638 2656 bthserv - ok
23:30:43.0685 2656 catchme - ok
23:30:43.0716 2656 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:30:43.0763 2656 cdfs - ok
23:30:43.0810 2656 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
23:30:43.0841 2656 cdrom - ok
23:30:43.0888 2656 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:30:43.0981 2656 CertPropSvc - ok
23:30:44.0028 2656 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:30:44.0075 2656 circlass - ok
23:30:44.0106 2656 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:30:44.0153 2656 CLFS - ok
23:30:44.0215 2656 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:30:44.0246 2656 clr_optimization_v2.0.50727_32 - ok
23:30:44.0262 2656 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:30:44.0278 2656 clr_optimization_v2.0.50727_64 - ok
23:30:44.0356 2656 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:30:44.0387 2656 clr_optimization_v4.0.30319_32 - ok
23:30:44.0418 2656 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:30:44.0434 2656 clr_optimization_v4.0.30319_64 - ok
23:30:44.0465 2656 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:30:44.0496 2656 CmBatt - ok
23:30:44.0527 2656 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:30:44.0543 2656 cmdide - ok
23:30:44.0590 2656 [ 2BE0B819E0E1551136F4967660DF89B4 ] cmnsusbser C:\Windows\system32\DRIVERS\cmnsusbser.sys
23:30:44.0652 2656 cmnsusbser - ok
23:30:44.0683 2656 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys
23:30:44.0746 2656 CNG - ok
23:30:44.0824 2656 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
23:30:44.0855 2656 Com4QLBEx - ok
23:30:44.0855 2656 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:30:44.0870 2656 Compbatt - ok
23:30:44.0917 2656 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:30:44.0964 2656 CompositeBus - ok
23:30:44.0995 2656 COMSysApp - ok
23:30:45.0026 2656 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:30:45.0058 2656 crcdisk - ok
23:30:45.0089 2656 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:30:45.0167 2656 CryptSvc - ok
23:30:45.0214 2656 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:30:45.0307 2656 DcomLaunch - ok
23:30:45.0354 2656 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:30:45.0448 2656 defragsvc - ok
23:30:45.0479 2656 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:30:45.0526 2656 DfsC - ok
23:30:45.0572 2656 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:30:45.0619 2656 Dhcp - ok
23:30:45.0650 2656 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:30:45.0713 2656 discache - ok
23:30:45.0760 2656 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:30:45.0760 2656 Disk - ok
23:30:45.0791 2656 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:30:45.0853 2656 Dnscache - ok
23:30:45.0884 2656 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:30:45.0947 2656 dot3svc - ok
23:30:45.0962 2656 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:30:46.0025 2656 DPS - ok
23:30:46.0072 2656 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:30:46.0087 2656 drmkaud - ok
23:30:46.0118 2656 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:30:46.0150 2656 DXGKrnl - ok
23:30:46.0181 2656 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:30:46.0243 2656 EapHost - ok
23:30:46.0352 2656 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:30:46.0446 2656 ebdrv - ok
23:30:46.0477 2656 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:30:46.0540 2656 EFS - ok
23:30:46.0602 2656 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:30:46.0680 2656 ehRecvr - ok
23:30:46.0727 2656 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:30:46.0805 2656 ehSched - ok
23:30:46.0836 2656 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:30:46.0883 2656 elxstor - ok
23:30:46.0898 2656 [ 524C79054636D2E5751169005006460B ] enecir C:\Windows\system32\DRIVERS\enecir.sys
23:30:46.0961 2656 enecir - ok
23:30:47.0008 2656 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:30:47.0054 2656 ErrDev - ok
23:30:47.0101 2656 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:30:47.0148 2656 EventSystem - ok
23:30:47.0179 2656 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:30:47.0242 2656 exfat - ok
23:30:47.0288 2656 ezSharedSvc - ok
23:30:47.0288 2656 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:30:47.0382 2656 fastfat - ok
23:30:47.0444 2656 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:30:47.0538 2656 Fax - ok
23:30:47.0554 2656 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:30:47.0585 2656 fdc - ok
23:30:47.0616 2656 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:30:47.0663 2656 fdPHost - ok
23:30:47.0694 2656 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:30:47.0741 2656 FDResPub - ok
23:30:47.0772 2656 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:30:47.0788 2656 FileInfo - ok
23:30:47.0803 2656 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:30:47.0897 2656 Filetrace - ok
23:30:47.0912 2656 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:30:47.0959 2656 flpydisk - ok
23:30:48.0006 2656 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:30:48.0053 2656 FltMgr - ok
23:30:48.0100 2656 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
23:30:48.0162 2656 FontCache - ok
23:30:48.0209 2656 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:30:48.0240 2656 FontCache3.0.0.0 - ok
23:30:48.0256 2656 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:30:48.0271 2656 FsDepends - ok
23:30:48.0302 2656 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:30:48.0318 2656 Fs_Rec - ok
23:30:48.0365 2656 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:30:48.0396 2656 fvevol - ok
23:30:48.0427 2656 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:30:48.0443 2656 gagp30kx - ok
23:30:48.0505 2656 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
23:30:48.0536 2656 GameConsoleService - ok
23:30:48.0583 2656 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:30:48.0599 2656 GEARAspiWDM - ok
23:30:48.0646 2656 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:30:48.0724 2656 gpsvc - ok
23:30:48.0770 2656 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
23:30:48.0786 2656 hamachi - ok
23:30:48.0880 2656 Hamachi2Svc - ok
23:30:48.0911 2656 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:30:48.0973 2656 hcw85cir - ok
23:30:49.0020 2656 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:30:49.0051 2656 HdAudAddService - ok
23:30:49.0082 2656 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:30:49.0114 2656 HDAudBus - ok
23:30:49.0145 2656 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:30:49.0176 2656 HidBatt - ok
23:30:49.0207 2656 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:30:49.0238 2656 HidBth - ok
23:30:49.0285 2656 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:30:49.0332 2656 HidIr - ok
23:30:49.0379 2656 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
23:30:49.0426 2656 hidserv - ok
23:30:49.0472 2656 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:30:49.0504 2656 HidUsb - ok
23:30:49.0550 2656 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:30:49.0644 2656 hkmsvc - ok
23:30:49.0675 2656 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:30:49.0722 2656 HomeGroupListener - ok
23:30:49.0738 2656 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:30:49.0784 2656 HomeGroupProvider - ok
23:30:49.0831 2656 [ 0141816A095A3F5A83FFA5B4A47B8023 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
23:30:49.0847 2656 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
23:30:49.0847 2656 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
23:30:49.0878 2656 [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
23:30:49.0894 2656 hpdskflt - ok
23:30:49.0925 2656 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
23:30:49.0987 2656 HpqKbFiltr - ok
23:30:50.0034 2656 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
23:30:50.0065 2656 hpqwmiex - ok
23:30:50.0112 2656 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:30:50.0128 2656 HpSAMD - ok
23:30:50.0143 2656 [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv C:\Windows\system32\Hpservice.exe
23:30:50.0159 2656 hpsrv - ok
23:30:50.0206 2656 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:30:50.0284 2656 HTTP - ok
23:30:50.0315 2656 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:30:50.0330 2656 hwpolicy - ok
23:30:50.0362 2656 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:30:50.0377 2656 i8042prt - ok
23:30:50.0393 2656 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:30:50.0424 2656 iaStorV - ok
23:30:50.0471 2656 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:30:50.0502 2656 idsvc - ok
23:30:50.0658 2656 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
23:30:50.0783 2656 igfx - ok
23:30:50.0830 2656 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:30:50.0830 2656 iirsp - ok
23:30:50.0892 2656 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:30:50.0954 2656 IKEEXT - ok
23:30:50.0986 2656 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:30:51.0001 2656 intelide - ok
23:30:51.0017 2656 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:30:51.0048 2656 intelppm - ok
23:30:51.0079 2656 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:30:51.0157 2656 IPBusEnum - ok
23:30:51.0188 2656 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:30:51.0251 2656 IpFilterDriver - ok
23:30:51.0313 2656 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:30:51.0391 2656 iphlpsvc - ok
23:30:51.0422 2656 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:30:51.0438 2656 IPMIDRV - ok
23:30:51.0469 2656 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:30:51.0532 2656 IPNAT - ok
23:30:51.0547 2656 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:30:51.0657 2656 IRENUM - ok
23:30:51.0688 2656 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:30:51.0688 2656 isapnp - ok
23:30:51.0703 2656 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:30:51.0735 2656 iScsiPrt - ok
23:30:51.0766 2656 [ F8844B00C10E386C704C610E95A9847D ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
23:30:51.0828 2656 JMCR - ok
23:30:51.0859 2656 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:30:51.0875 2656 kbdclass - ok
23:30:51.0891 2656 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:30:51.0922 2656 kbdhid - ok
23:30:51.0937 2656 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:30:51.0953 2656 KeyIso - ok
23:30:51.0984 2656 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:30:52.0000 2656 KSecDD - ok
23:30:52.0015 2656 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:30:52.0031 2656 KSecPkg - ok
23:30:52.0047 2656 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:30:52.0125 2656 ksthunk - ok
23:30:52.0171 2656 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:30:52.0249 2656 KtmRm - ok
23:30:52.0281 2656 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
23:30:52.0359 2656 LanmanServer - ok
23:30:52.0405 2656 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:30:52.0468 2656 LanmanWorkstation - ok
23:30:52.0546 2656 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
23:30:52.0577 2656 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
23:30:52.0577 2656 LightScribeService - detected UnsignedFile.Multi.Generic (1)
23:30:52.0608 2656 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:30:52.0671 2656 lltdio - ok
23:30:52.0717 2656 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:30:52.0780 2656 lltdsvc - ok
23:30:52.0795 2656 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:30:52.0842 2656 lmhosts - ok
23:30:52.0873 2656 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:30:52.0889 2656 LSI_FC - ok
23:30:52.0920 2656 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:30:52.0936 2656 LSI_SAS - ok
23:30:52.0936 2656 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:30:52.0951 2656 LSI_SAS2 - ok
23:30:52.0967 2656 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:30:52.0983 2656 LSI_SCSI - ok
23:30:53.0014 2656 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:30:53.0092 2656 luafv - ok
23:30:53.0139 2656 [ 922CBAC7B992B9614CAB7122F4BF9406 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
23:30:53.0154 2656 ManyCam - ok
23:30:53.0185 2656 [ 34A42DD7CF525D0D2C5232916496E4B8 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys
23:30:53.0217 2656 mcaudrv_simple - ok
23:30:53.0248 2656 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:30:53.0279 2656 Mcx2Svc - ok
23:30:53.0295 2656 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:30:53.0310 2656 megasas - ok
23:30:53.0341 2656 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:30:53.0357 2656 MegaSR - ok
23:30:53.0388 2656 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:30:53.0451 2656 MMCSS - ok
23:30:53.0482 2656 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:30:53.0544 2656 Modem - ok
23:30:53.0575 2656 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:30:53.0638 2656 monitor - ok
23:30:53.0669 2656 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:30:53.0685 2656 mouclass - ok
23:30:53.0716 2656 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:30:53.0731 2656 mouhid - ok
23:30:53.0778 2656 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:30:53.0794 2656 mountmgr - ok
23:30:53.0809 2656 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:30:53.0825 2656 mpio - ok
23:30:53.0841 2656 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:30:53.0887 2656 mpsdrv - ok
23:30:53.0950 2656 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:30:54.0043 2656 MpsSvc - ok
23:30:54.0075 2656 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:30:54.0090 2656 MRxDAV - ok
23:30:54.0121 2656 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:30:54.0184 2656 mrxsmb - ok
23:30:54.0215 2656 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:30:54.0231 2656 mrxsmb10 - ok
23:30:54.0246 2656 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:30:54.0262 2656 mrxsmb20 - ok
23:30:54.0293 2656 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:30:54.0309 2656 msahci - ok
23:30:54.0324 2656 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:30:54.0340 2656 msdsm - ok
23:30:54.0355 2656 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:30:54.0387 2656 MSDTC - ok
23:30:54.0433 2656 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:30:54.0480 2656 Msfs - ok
23:30:54.0480 2656 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:30:54.0543 2656 mshidkmdf - ok
23:30:54.0574 2656 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:30:54.0574 2656 msisadrv - ok
23:30:54.0605 2656 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:30:54.0667 2656 MSiSCSI - ok
23:30:54.0667 2656 msiserver - ok
23:30:54.0699 2656 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:30:54.0761 2656 MSKSSRV - ok
23:30:54.0777 2656 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:30:54.0855 2656 MSPCLOCK - ok
23:30:54.0886 2656 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:30:54.0948 2656 MSPQM - ok
23:30:54.0979 2656 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:30:55.0011 2656 MsRPC - ok
23:30:55.0057 2656 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:30:55.0073 2656 mssmbios - ok
23:30:55.0089 2656 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:30:55.0151 2656 MSTEE - ok
23:30:55.0182 2656 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:30:55.0229 2656 MTConfig - ok
23:30:55.0245 2656 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:30:55.0276 2656 Mup - ok
23:30:55.0323 2656 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:30:55.0385 2656 napagent - ok
23:30:55.0416 2656 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:30:55.0463 2656 NativeWifiP - ok
23:30:55.0494 2656 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
23:30:55.0525 2656 NDIS - ok
23:30:55.0557 2656 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:30:55.0603 2656 NdisCap - ok
23:30:55.0635 2656 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:30:55.0666 2656 NdisTapi - ok
23:30:55.0713 2656 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:30:55.0791 2656 Ndisuio - ok
23:30:55.0822 2656 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:30:55.0884 2656 NdisWan - ok
23:30:55.0915 2656 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:30:55.0993 2656 NDProxy - ok
23:30:56.0040 2656 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:30:56.0118 2656 NetBIOS - ok
23:30:56.0149 2656 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:30:56.0227 2656 NetBT - ok
23:30:56.0243 2656 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:30:56.0259 2656 Netlogon - ok
23:30:56.0290 2656 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:30:56.0368 2656 Netman - ok
23:30:56.0399 2656 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:30:56.0461 2656 netprofm - ok
23:30:56.0493 2656 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:30:56.0508 2656 NetTcpPortSharing - ok
23:30:56.0649 2656 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
23:30:56.0758 2656 netw5v64 - ok
23:30:56.0789 2656 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:30:56.0805 2656 nfrd960 - ok
23:30:56.0851 2656 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:30:56.0929 2656 NlaSvc - ok
23:30:56.0992 2656 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:30:57.0054 2656 Npfs - ok
23:30:57.0070 2656 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:30:57.0132 2656 nsi - ok
23:30:57.0148 2656 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:30:57.0195 2656 nsiproxy - ok
23:30:57.0273 2656 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:30:57.0319 2656 Ntfs - ok
23:30:57.0335 2656 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:30:57.0397 2656 Null - ok
23:30:57.0429 2656 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:30:57.0444 2656 nvraid - ok
23:30:57.0475 2656 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:30:57.0491 2656 nvstor - ok
23:30:57.0522 2656 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:30:57.0538 2656 nv_agp - ok
23:30:57.0553 2656 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:30:57.0585 2656 ohci1394 - ok
23:30:57.0647 2656 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:30:57.0678 2656 ose - ok
23:30:57.0709 2656 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:30:57.0756 2656 p2pimsvc - ok
23:30:57.0787 2656 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:30:57.0803 2656 p2psvc - ok
23:30:57.0834 2656 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:30:57.0850 2656 Parport - ok
23:30:57.0865 2656 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:30:57.0897 2656 partmgr - ok
23:30:57.0897 2656 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:30:57.0943 2656 PcaSvc - ok
23:30:57.0990 2656 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:30:58.0021 2656 pci - ok
23:30:58.0037 2656 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:30:58.0053 2656 pciide - ok
23:30:58.0068 2656 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:30:58.0084 2656 pcmcia - ok
23:30:58.0115 2656 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:30:58.0131 2656 pcw - ok
23:30:58.0146 2656 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:30:58.0209 2656 PEAUTH - ok
23:30:58.0287 2656 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:30:58.0318 2656 PerfHost - ok
23:30:58.0380 2656 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:30:58.0458 2656 pla - ok
23:30:58.0521 2656 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:30:58.0567 2656 PlugPlay - ok
23:30:58.0583 2656 PnkBstrA - ok
23:30:58.0599 2656 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:30:58.0630 2656 PNRPAutoReg - ok
23:30:58.0661 2656 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:30:58.0677 2656 PNRPsvc - ok
23:30:58.0708 2656 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:30:58.0770 2656 PolicyAgent - ok
23:30:58.0817 2656 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:30:58.0879 2656 Power - ok
23:30:58.0926 2656 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:30:58.0973 2656 PptpMiniport - ok
23:30:59.0020 2656 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:30:59.0051 2656 Processor - ok
23:30:59.0098 2656 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:30:59.0145 2656 ProfSvc - ok
23:30:59.0160 2656 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:30:59.0191 2656 ProtectedStorage - ok
23:30:59.0238 2656 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:30:59.0269 2656 Psched - ok
23:30:59.0316 2656 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:30:59.0363 2656 ql2300 - ok
23:30:59.0363 2656 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:30:59.0379 2656 ql40xx - ok
23:30:59.0425 2656 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:30:59.0457 2656 QWAVE - ok
23:30:59.0488 2656 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:30:59.0503 2656 QWAVEdrv - ok
23:30:59.0581 2656 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
23:30:59.0613 2656 RapiMgr - ok
23:30:59.0628 2656 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:30:59.0691 2656 RasAcd - ok
23:30:59.0722 2656 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:30:59.0769 2656 RasAgileVpn - ok
23:30:59.0784 2656 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:30:59.0847 2656 RasAuto - ok
23:30:59.0878 2656 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:30:59.0925 2656 Rasl2tp - ok
23:30:59.0987 2656 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:31:00.0034 2656 RasMan - ok
23:31:00.0049 2656 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:31:00.0127 2656 RasPppoe - ok
23:31:00.0159 2656 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:31:00.0221 2656 RasSstp - ok
23:31:00.0252 2656 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:31:00.0346 2656 rdbss - ok
23:31:00.0361 2656 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:31:00.0424 2656 rdpbus - ok
23:31:00.0455 2656 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:31:00.0486 2656 RDPCDD - ok
23:31:00.0517 2656 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:31:00.0564 2656 RDPENCDD - ok
23:31:00.0595 2656 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:31:00.0627 2656 RDPREFMP - ok
23:31:00.0658 2656 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:31:00.0689 2656 RDPWD - ok
23:31:00.0720 2656 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:31:00.0751 2656 rdyboost - ok
23:31:00.0767 2656 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:31:00.0829 2656 RemoteAccess - ok
23:31:00.0861 2656 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:31:00.0954 2656 RemoteRegistry - ok
23:31:01.0032 2656 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
23:31:01.0063 2656 RichVideo - ok
23:31:01.0079 2656 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:31:01.0110 2656 RpcEptMapper - ok
23:31:01.0141 2656 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:31:01.0157 2656 RpcLocator - ok
23:31:01.0204 2656 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
23:31:01.0266 2656 RpcSs - ok
23:31:01.0282 2656 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:31:01.0329 2656 rspndr - ok
23:31:01.0360 2656 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:31:01.0375 2656 RTL8167 - ok
23:31:01.0391 2656 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:31:01.0407 2656 SamSs - ok
23:31:01.0422 2656 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:31:01.0453 2656 sbp2port - ok
23:31:01.0469 2656 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:31:01.0531 2656 SCardSvr - ok
23:31:01.0563 2656 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:31:01.0641 2656 scfilter - ok
23:31:01.0687 2656 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:31:01.0765 2656 Schedule - ok
23:31:01.0797 2656 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:31:01.0828 2656 SCPolicySvc - ok
23:31:01.0890 2656 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
23:31:01.0937 2656 sdbus - ok
23:31:01.0984 2656 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:31:02.0046 2656 SDRSVC - ok
23:31:02.0077 2656 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:31:02.0155 2656 secdrv - ok
23:31:02.0171 2656 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:31:02.0233 2656 seclogon - ok
23:31:02.0265 2656 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
23:31:02.0311 2656 SENS - ok
23:31:02.0327 2656 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:31:02.0343 2656 SensrSvc - ok
23:31:02.0358 2656 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:31:02.0374 2656 Serenum - ok
23:31:02.0389 2656 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:31:02.0436 2656 Serial - ok
23:31:02.0467 2656 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:31:02.0499 2656 sermouse - ok
23:31:02.0545 2656 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:31:02.0608 2656 SessionEnv - ok
23:31:02.0655 2656 [ 4FCACE92BB0345D58BB96ADBD69F5237 ] sfdrv01 C:\Windows\system32\drivers\sfdrv01.sys
23:31:02.0670 2656 sfdrv01 - ok
23:31:02.0701 2656 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:31:02.0748 2656 sffdisk - ok
23:31:02.0779 2656 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:31:02.0811 2656 sffp_mmc - ok
23:31:02.0826 2656 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:31:02.0873 2656 sffp_sd - ok
23:31:02.0904 2656 [ 17F6BD95BF04B924F4C05CE78BEF8AE6 ] sfhlp02 C:\Windows\system32\drivers\sfhlp02.sys
23:31:02.0904 2656 sfhlp02 - ok
23:31:02.0935 2656 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:31:02.0967 2656 sfloppy - ok
23:31:02.0998 2656 [ F3B72568A6FA36E5D63D30B8186D1C48 ] sfvfs02 C:\Windows\system32\drivers\sfvfs02.sys
23:31:03.0013 2656 sfvfs02 - ok
23:31:03.0076 2656 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:31:03.0185 2656 SharedAccess - ok
23:31:03.0232 2656 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:31:03.0294 2656 ShellHWDetection - ok
23:31:03.0341 2656 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:31:03.0341 2656 SiSRaid2 - ok
23:31:03.0372 2656 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:31:03.0388 2656 SiSRaid4 - ok
23:31:03.0403 2656 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:31:03.0450 2656 Smb - ok
23:31:03.0497 2656 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:31:03.0528 2656 SNMPTRAP - ok
23:31:03.0559 2656 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:31:03.0559 2656 spldr - ok
23:31:03.0591 2656 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
23:31:03.0637 2656 Spooler - ok
23:31:03.0731 2656 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:31:03.0840 2656 sppsvc - ok
23:31:03.0856 2656 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:31:03.0918 2656 sppuinotify - ok
23:31:03.0965 2656 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:31:03.0996 2656 srv - ok
23:31:04.0027 2656 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:31:04.0059 2656 srv2 - ok
23:31:04.0090 2656 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:31:04.0152 2656 SrvHsfHDA - ok
23:31:04.0215 2656 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:31:04.0246 2656 SrvHsfV92 - ok
23:31:04.0277 2656 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:31:04.0308 2656 SrvHsfWinac - ok
23:31:04.0324 2656 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:31:04.0371 2656 srvnet - ok
23:31:04.0402 2656 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:31:04.0449 2656 SSDPSRV - ok
23:31:04.0480 2656 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:31:04.0527 2656 SstpSvc - ok
23:31:04.0558 2656 [ D21FF3592DAEE244EE8376830A672B52 ] ss_bus C:\Windows\system32\DRIVERS\ss_bus.sys
23:31:04.0573 2656 ss_bus - ok
23:31:04.0605 2656 [ 451DB3D10E6112E06B4506D4A7BECEC1 ] ss_mdfl C:\Windows\system32\DRIVERS\ss_mdfl.sys
23:31:04.0620 2656 ss_mdfl - ok
23:31:04.0636 2656 [ EF40C8A268A5263A0EF48FED8E57CBED ] ss_mdm C:\Windows\system32\DRIVERS\ss_mdm.sys
23:31:04.0651 2656 ss_mdm - ok
23:31:04.0729 2656 [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
23:31:04.0745 2656 STacSV - ok
23:31:04.0761 2656 StarOpen - ok
23:31:04.0776 2656 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:31:04.0792 2656 stexstor - ok
23:31:04.0839 2656 [ ED1722F43CE61409EF68340402D6267D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
23:31:04.0885 2656 STHDA - ok
23:31:04.0948 2656 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:31:04.0979 2656 stisvc - ok
23:31:05.0026 2656 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
23:31:05.0073 2656 swenum - ok
23:31:05.0135 2656 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:31:05.0291 2656 swprv - ok
23:31:05.0338 2656 [ 929C9FA0B18AD2EBC8340591C4BF00FF ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:31:05.0385 2656 SynTP - ok
23:31:05.0463 2656 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:31:05.0525 2656 SysMain - ok
23:31:05.0572 2656 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:31:05.0587 2656 TabletInputService - ok
23:31:05.0619 2656 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:31:05.0681 2656 TapiSrv - ok
23:31:05.0712 2656 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:31:05.0775 2656 TBS - ok
23:31:05.0868 2656 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:31:05.0931 2656 Tcpip - ok
23:31:05.0962 2656 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:31:06.0009 2656 TCPIP6 - ok
23:31:06.0040 2656 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:31:06.0102 2656 tcpipreg - ok
23:31:06.0149 2656 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:31:06.0165 2656 TDPIPE - ok
23:31:06.0196 2656 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:31:06.0227 2656 TDTCP - ok
23:31:06.0258 2656 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:31:06.0336 2656 tdx - ok
23:31:06.0367 2656 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:31:06.0383 2656 TermDD - ok
23:31:06.0414 2656 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:31:06.0461 2656 TermService - ok
23:31:06.0508 2656 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
23:31:06.0539 2656 TFsExDisk - ok
23:31:06.0570 2656 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:31:06.0633 2656 Themes - ok
23:31:06.0664 2656 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:31:06.0695 2656 THREADORDER - ok
23:31:06.0711 2656 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:31:06.0757 2656 TrkWks - ok
23:31:06.0804 2656 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:31:06.0898 2656 TrustedInstaller - ok
23:31:06.0945 2656 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:31:06.0976 2656 tssecsrv - ok
23:31:07.0023 2656 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:31:07.0085 2656 TsUsbFlt - ok
23:31:07.0132 2656 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:31:07.0179 2656 tunnel - ok
23:31:07.0210 2656 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:31:07.0225 2656 uagp35 - ok
23:31:07.0257 2656 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:31:07.0319 2656 udfs - ok
23:31:07.0350 2656 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:31:07.0381 2656 UI0Detect - ok
23:31:07.0428 2656 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:31:07.0444 2656 uliagpkx - ok
23:31:07.0475 2656 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
23:31:07.0506 2656 umbus - ok
23:31:07.0553 2656 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:31:07.0584 2656 UmPass - ok
23:31:07.0615 2656 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:31:07.0678 2656 upnphost - ok
23:31:07.0740 2656 [ 5CF1EAD086176DD3348E920A40BED03D ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
23:31:07.0771 2656 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
23:31:07.0771 2656 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
23:31:07.0818 2656 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:31:07.0865 2656 usbaudio - ok
23:31:07.0912 2656 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:31:07.0959 2656 usbccgp - ok
23:31:07.0974 2656 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:31:07.0990 2656 usbcir - ok
23:31:08.0005 2656 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:31:08.0052 2656 usbehci - ok
23:31:08.0083 2656 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
23:31:08.0099 2656 usbfilter - ok
23:31:08.0130 2656 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:31:08.0161 2656 usbhub - ok
23:31:08.0177 2656 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:31:08.0224 2656 usbohci - ok
23:31:08.0255 2656 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:31:08.0286 2656 usbprint - ok
23:31:08.0333 2656 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:31:08.0411 2656 USBSTOR - ok
23:31:08.0427 2656 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:31:08.0458 2656 usbuhci - ok
23:31:08.0489 2656 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:31:08.0505 2656 usbvideo - ok
23:31:08.0536 2656 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:31:08.0583 2656 UxSms - ok
23:31:08.0598 2656 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:31:08.0614 2656 VaultSvc - ok
23:31:08.0629 2656 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:31:08.0645 2656 vdrvroot - ok
23:31:08.0692 2656 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:31:08.0754 2656 vds - ok
23:31:08.0785 2656 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:31:08.0801 2656 vga - ok
23:31:08.0817 2656 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:31:08.0863 2656 VgaSave - ok
23:31:08.0910 2656 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:31:08.0941 2656 vhdmp - ok
23:31:08.0973 2656 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:31:08.0988 2656 viaide - ok
23:31:08.0988 2656 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:31:09.0004 2656 volmgr - ok
23:31:09.0051 2656 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:31:09.0082 2656 volmgrx - ok
23:31:09.0097 2656 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:31:09.0113 2656 volsnap - ok
23:31:09.0144 2656 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:31:09.0160 2656 vsmraid - ok
23:31:09.0222 2656 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:31:09.0316 2656 VSS - ok
23:31:09.0347 2656 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:31:09.0378 2656 vwifibus - ok
23:31:09.0409 2656 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:31:09.0441 2656 vwififlt - ok
23:31:09.0472 2656 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:31:09.0519 2656 W32Time - ok
23:31:09.0550 2656 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:31:09.0581 2656 WacomPen - ok
23:31:09.0628 2656 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:31:09.0721 2656 WANARP - ok
23:31:09.0721 2656 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:31:09.0753 2656 Wanarpv6 - ok
23:31:09.0815 2656 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:31:09.0862 2656 wbengine - ok
23:31:09.0893 2656 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:31:09.0909 2656 WbioSrvc - ok
23:31:09.0955 2656 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
23:31:09.0987 2656 WcesComm - ok
23:31:10.0033 2656 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:31:10.0080 2656 wcncsvc - ok
23:31:10.0096 2656 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:31:10.0111 2656 WcsPlugInService - ok
23:31:10.0127 2656 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:31:10.0143 2656 Wd - ok
23:31:10.0174 2656 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:31:10.0205 2656 Wdf01000 - ok
23:31:10.0221 2656 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:31:10.0377 2656 WdiServiceHost - ok
23:31:10.0377 2656 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:31:10.0392 2656 WdiSystemHost - ok
23:31:10.0423 2656 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:31:10.0501 2656 WebClient - ok
23:31:10.0533 2656 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:31:10.0595 2656 Wecsvc - ok
23:31:10.0611 2656 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:31:10.0673 2656 wercplsupport - ok
23:31:10.0689 2656 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:31:10.0751 2656 WerSvc - ok
23:31:10.0767 2656 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:31:10.0798 2656 WfpLwf - ok
23:31:10.0829 2656 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:31:10.0845 2656 WIMMount - ok
23:31:10.0876 2656 WinDefend - ok
23:31:10.0891 2656 WinHttpAutoProxySvc - ok
23:31:10.0938 2656 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:31:10.0985 2656 Winmgmt - ok
23:31:11.0047 2656 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:31:11.0125 2656 WinRM - ok
23:31:11.0172 2656 [ FE88B288356E7B47B74B13372ADD906D ] WINUSB C:\Windows\system32\drivers\WinUSB.SYS
23:31:11.0235 2656 WINUSB - ok
23:31:11.0297 2656 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:31:11.0359 2656 Wlansvc - ok
23:31:11.0515 2656 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:31:11.0562 2656 wlidsvc - ok
23:31:11.0609 2656 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:31:11.0640 2656 WmiAcpi - ok
23:31:11.0671 2656 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:31:11.0718 2656 wmiApSrv - ok
23:31:11.0734 2656 WMPNetworkSvc - ok
23:31:11.0765 2656 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:31:11.0781 2656 WPCSvc - ok
23:31:11.0812 2656 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:31:11.0827 2656 WPDBusEnum - ok
23:31:11.0843 2656 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:31:11.0905 2656 ws2ifsl - ok
23:31:11.0952 2656 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
23:31:11.0999 2656 wscsvc - ok
23:31:11.0999 2656 WSearch - ok
23:31:12.0061 2656 [ 624809FE31F0EBBA33FD4C98E016DD83 ] WTGService C:\Program Files\WTGService.exe
23:31:12.0093 2656 WTGService - ok
23:31:12.0155 2656 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:31:12.0217 2656 wuauserv - ok
23:31:12.0233 2656 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:31:12.0311 2656 WudfPf - ok
23:31:12.0342 2656 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:31:12.0405 2656 WUDFRd - ok
23:31:12.0436 2656 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:31:12.0483 2656 wudfsvc - ok
23:31:12.0514 2656 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:31:12.0545 2656 WwanSvc - ok
23:31:12.0592 2656 [ 72C17898CFA71513E50BD40CDD18A943 ] XS Stick Service C:\Windows\service4g.exe
23:31:12.0623 2656 XS Stick Service - ok
23:31:12.0639 2656 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
23:31:12.0685 2656 yukonw7 - ok
23:31:12.0717 2656 ================ Scan global ===============================
23:31:12.0732 2656 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:31:12.0763 2656 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:31:12.0779 2656 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:31:12.0810 2656 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:31:12.0841 2656 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:31:12.0857 2656 [Global] - ok
23:31:12.0857 2656 ================ Scan MBR ==================================
23:31:12.0857 2656 [ 80063A27F44478B1A9B3E74C2F4343C7 ] \Device\Harddisk0\DR0
23:31:13.0091 2656 \Device\Harddisk0\DR0 - ok
23:31:13.0434 2656 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR1
23:31:13.0840 2656 \Device\Harddisk1\DR1 - ok
23:31:13.0840 2656 ================ Scan VBR ==================================
23:31:13.0840 2656 [ D9E5DACA560537DF001C77AEA84298E6 ] \Device\Harddisk0\DR0\Partition1
23:31:13.0840 2656 \Device\Harddisk0\DR0\Partition1 - ok
23:31:13.0871 2656 [ 746A4F7787ADF6BDE2496981A7E4DCF4 ] \Device\Harddisk0\DR0\Partition2
23:31:13.0871 2656 \Device\Harddisk0\DR0\Partition2 - ok
23:31:13.0902 2656 [ ED07FB09BA8B311A8233B7A9FAA24E0C ] \Device\Harddisk0\DR0\Partition3
23:31:13.0902 2656 \Device\Harddisk0\DR0\Partition3 - ok
23:31:13.0933 2656 [ 221106910C50085A0CB88D9EF284D698 ] \Device\Harddisk0\DR0\Partition4
23:31:13.0933 2656 \Device\Harddisk0\DR0\Partition4 - ok
23:31:13.0933 2656 [ E3A087E5193B57A9E892440079078E0F ] \Device\Harddisk1\DR1\Partition1
23:31:13.0949 2656 \Device\Harddisk1\DR1\Partition1 - ok
23:31:13.0949 2656 ============================================================
23:31:13.0949 2656 Scan finished
23:31:13.0949 2656 ============================================================
23:31:13.0965 5048 Detected object count: 3
23:31:13.0965 5048 Actual detected object count: 3
23:31:38.0425 5048 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:31:38.0425 5048 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:31:38.0425 5048 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
23:31:38.0425 5048 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:31:38.0425 5048 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
23:31:38.0425 5048 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:33:16.0346 4884 Deinitialize success
|
|
01.04.2013, 11:09
| #11 |
| /// Malwareteam | Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) Sieht doch schonmal etwas besser aus. Schritt 1
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /360
C:\Windows\SysNative\*.dll /360
C:\Windows\SysWOW64\*.dll /360
CREATERESTOREPOINT
__________________ Keep Jazzing! DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
|
01.04.2013, 14:08
| #12 |
| /// Malwareteam | Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) Bitte nimm mal das Skript, hatte da was vergessen: Schritt 1
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /360
C:\Windows\SysNative\*.dll /360
C:\Windows\SysWOW64\*.dll /360
CREATERESTOREPOINT
__________________ Keep Jazzing! DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
|
01.04.2013, 21:00
| #13 |
| | Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) Extras.txt hat er mir wie schon am Anfang keine ausgespuckt. Hier die OTL.txt: (ist zu groß, darum post ich das jetzt auf 2 mal. Wenn ich es stattdessen einfach als Anhang senden soll, gib mir bitte Bescheid) Code:
ATTFilter OTL logfile created on: 01.04.2013 21:29:40 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\aläx\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 68,10% Memory free 7,99 Gb Paging File | 6,43 Gb Available in Paging File | 80,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,56 Gb Total Space | 219,17 Gb Free Space | 77,02% Space Free | Partition Type: NTFS Drive D: | 13,23 Gb Total Space | 2,21 Gb Free Space | 16,67% Space Free | Partition Type: NTFS Drive E: | 7,43 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 931,51 Gb Total Space | 564,59 Gb Free Space | 60,61% Space Free | Partition Type: NTFS Computer Name: ALÄX-PC | User Name: aläx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- C:\Programme\WTGService.exe PRC - [2013.03.24 16:23:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aläx\Desktop\OTL.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- F:\Spiele\hamachi\hamachi-2-ui.exe PRC - [2011.07.04 16:17:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.28 19:30:19 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.09.02 23:25:33 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.08.02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.07.08 19:05:12 | 000,160,992 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe PRC - [2010.07.08 19:05:08 | 000,145,120 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2009.07.24 19:24:02 | 000,427,304 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe PRC - [2009.07.23 21:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2009.07.23 12:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2008.03.13 04:59:05 | 000,684,032 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe ========== Modules (No Company Name) ========== MOD - [2009.07.23 12:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2008.03.13 04:59:05 | 000,684,032 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe ========== Services (SafeList) ========== SRV:64bit: - [2009.07.22 03:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV) SRV:64bit: - [2009.07.08 14:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2009.07.02 20:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.03.02 23:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters) SRV - File not found [Auto | Running] -- C:\Programme\WTGService.exe -- (WTGService) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- F:\Spiele\hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.07.04 16:17:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.28 19:30:19 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.09.02 23:25:33 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.07.08 19:05:08 | 000,145,120 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.07.22 03:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.22 20:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009.03.02 23:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters) SRV - [2009.02.22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 12:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple) DRV:64bit: - [2012.01.11 08:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam) DRV:64bit: - [2011.10.19 17:04:54 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2011.07.04 16:17:15 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.04 16:17:15 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.04.27 04:25:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm) DRV:64bit: - [2010.04.27 04:25:14 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus) DRV:64bit: - [2010.04.27 04:25:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl) DRV:64bit: - [2009.10.16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2009.09.22 03:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.22 03:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2009.07.21 05:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009.07.15 01:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.08 14:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2009.07.08 14:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2009.07.02 20:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.06.29 20:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 12:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.05.23 08:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.05.05 07:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV:64bit: - [2009.04.29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2009.03.09 07:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01) DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02) DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02) DRV - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE:64bit: - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE:64bit: - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de IE - HKCU\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 IE - HKCU\..\SearchScopes\{47522523-F1B8-4B63-9EC9-15807E0E8449}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKCU\..\SearchScopes\{5585AEC1-CE42-4BAE-A3BC-9DF54F6B9FD3}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{8973871B-05D6-44D3-BA13-14C8C276662C}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms} IE - HKCU\..\SearchScopes\{B1A44835-B2AC-49D9-8D8F-7629C6832589}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.kicker.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.14 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: gencrawler@some.com:2.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.19 03:59:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.19 03:59:29 | 000,000,000 | ---D | M] [2010.02.05 22:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aläx\AppData\Roaming\mozilla\Extensions [2013.03.31 22:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\a4aqqrd9.default\extensions [2010.08.05 23:09:43 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\a4aqqrd9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013.03.31 23:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\p766a8oh.default\extensions [2013.03.19 04:08:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\p766a8oh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.03.19 04:04:16 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\aläx\AppData\Roaming\mozilla\firefox\profiles\p766a8oh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.06.17 14:02:15 | 000,001,218 | ---- | M] () -- C:\Users\aläx\AppData\Roaming\mozilla\firefox\profiles\p766a8oh.default\searchplugins\kikin-search.xml [2013.03.31 22:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.07 16:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.03.31 21:55:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm File not found O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82E069DA-CFB1-49BC-AD6F-AE91BAE0ED11}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS) MsConfig:64bit - StartUpFolder: C:^Users^aläx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^aläx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - - File not found MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= - File not found MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - F:\Spiele\hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig:64bit - StartUpReg: Media Finder - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: vasja - hkey= - key= - File not found MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig:64bit - StartUpReg: xlgkeoxjlmnqkpj - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.04.01 01:44:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.04.01 01:34:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.04.01 01:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.04.01 01:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.31 23:55:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.03.31 23:28:08 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\aläx\Desktop\tdsskiller.exe [2013.03.31 23:06:04 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\aläx\Desktop\aswMBR.exe [2013.03.31 22:51:26 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.31 22:51:13 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.31 22:50:43 | 000,550,772 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\aläx\Desktop\JRT.exe [2013.03.31 22:01:57 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.31 21:55:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.31 21:41:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.31 21:41:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.31 21:41:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.31 21:40:04 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.31 21:39:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.31 21:36:03 | 005,045,447 | R--- | C] (Swearware) -- C:\Users\aläx\Desktop\ComboFix.exe [2013.03.24 16:23:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\aläx\Desktop\OTL.exe [2013.03.19 21:32:36 | 000,000,000 | ---D | C] -- C:\Users\aläx\AppData\Local\Macromedia [2013.03.19 03:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.15 20:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.04 06:49:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.10.19 17:04:55 | 001,015,859 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc42.dll [2011.10.19 17:04:55 | 000,478,888 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\XSManager_SMSMMS.exe [2011.10.19 17:04:55 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp60.dll [2011.10.19 17:04:55 | 000,396,968 | ---- | C] (TODO: <Company name>) -- C:\Program Files\WTGToasterWin.dll [2011.10.19 17:04:55 | 000,331,432 | ---- | C] (XSManager GmbH) -- C:\Program Files\4GSystems_SMSMMSIta.dll [2011.10.19 17:04:55 | 000,331,432 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_SMSMMSSpa.dll [2011.10.19 17:04:55 | 000,331,432 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_SMSMMSFre.dll [2011.10.19 17:04:55 | 000,331,432 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_SMSMMSEng.dll [2011.10.19 17:04:55 | 000,286,773 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcrt.dll [2011.10.19 17:04:55 | 000,057,344 | ---- | C] (WinAbility® Software Corporation) -- C:\Program Files\VistaLib32.dll [2011.10.19 17:04:54 | 001,470,120 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\XSManager.exe [2011.10.19 17:04:54 | 000,839,336 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_OneClickAssistantSpa.dll [2011.10.19 17:04:54 | 000,839,336 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_OneClickAssistantFre.dll [2011.10.19 17:04:54 | 000,839,336 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_OneClickAssistantEng.dll [2011.10.19 17:04:54 | 000,835,240 | ---- | C] (XSManager) -- C:\Program Files\4GSystems_OneClickAssistantIta.dll [2011.07.31 22:24:01 | 000,334,640 | ---- | C] (PokerStars) -- C:\Program Files (x86)\Tracer.exe [2011.07.31 22:23:53 | 008,963,608 | ---- | C] (PokerStars) -- C:\Program Files (x86)\PokerStars.exe [2011.07.31 22:23:53 | 000,816,472 | ---- | C] (PokerStars.com) -- C:\Program Files (x86)\PokerStarsCommunicate.exe [2011.07.31 22:23:53 | 000,656,728 | ---- | C] ( PokerStars) -- C:\Program Files (x86)\PokerStarsOnlineUpdate.exe [2011.07.31 22:23:53 | 000,581,208 | ---- | C] (PokerStars) -- C:\Program Files (x86)\PokerStarsUpdate.exe [2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\aläx\AppData\Local\CDRip.dll [2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\aläx\AppData\Local\No23 Recorder.exe [2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\aläx\AppData\Local\basscd.dll [2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\aläx\AppData\Local\bass.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.01 21:21:42 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.01 21:21:42 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.01 21:21:37 | 001,498,568 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.01 21:21:37 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.01 21:21:37 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.01 21:21:37 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.01 21:21:37 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.01 21:13:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.01 21:12:52 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys [2013.04.01 10:47:02 | 000,382,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.01 02:00:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.01 02:00:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.31 23:28:11 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\aläx\Desktop\tdsskiller.exe [2013.03.31 23:26:31 | 000,000,512 | ---- | M] () -- C:\Users\aläx\Desktop\MBR.dat [2013.03.31 23:07:28 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\aläx\Desktop\aswMBR.exe [2013.03.31 22:50:50 | 000,550,772 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\aläx\Desktop\JRT.exe [2013.03.31 22:41:23 | 000,609,993 | ---- | M] () -- C:\Users\aläx\Desktop\adwcleaner.exe [2013.03.31 21:55:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.31 21:36:04 | 005,045,447 | R--- | M] (Swearware) -- C:\Users\aläx\Desktop\ComboFix.exe [2013.03.25 21:32:50 | 000,514,060 | ---- | M] () -- C:\Users\aläx\Desktop\Mietvertrag Studentenwohnheim Würzburg.pdf [2013.03.24 17:38:22 | 000,377,856 | ---- | M] () -- C:\Users\aläx\Desktop\gmer_2.1.19155.exe [2013.03.24 16:23:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aläx\Desktop\OTL.exe [2013.03.24 16:23:32 | 000,000,000 | ---- | M] () -- C:\Users\aläx\defogger_reenable [2013.03.24 16:22:59 | 000,050,477 | ---- | M] () -- C:\Users\aläx\Desktop\Defogger.exe [2013.03.19 03:59:33 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.15 20:49:01 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.03.14 16:44:47 | 000,001,498 | ---- | M] () -- C:\Users\aläx\Desktop\DVD Shrink 3.2.lnk [2013.03.04 06:49:33 | 453,885,265 | ---- | M] () -- C:\Windows\MEMORY.DMP [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.01 02:08:27 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.04.01 02:00:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.04.01 02:00:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.01 01:36:33 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.03.31 23:16:32 | 000,000,512 | ---- | C] () -- C:\Users\aläx\Desktop\MBR.dat [2013.03.31 22:41:13 | 000,609,993 | ---- | C] () -- C:\Users\aläx\Desktop\adwcleaner.exe [2013.03.31 21:41:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.31 21:41:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.31 21:41:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.31 21:41:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.31 21:41:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.25 21:32:49 | 000,514,060 | ---- | C] () -- C:\Users\aläx\Desktop\Mietvertrag Studentenwohnheim Würzburg.pdf [2013.03.24 17:38:21 | 000,377,856 | ---- | C] () -- C:\Users\aläx\Desktop\gmer_2.1.19155.exe [2013.03.24 16:23:32 | 000,000,000 | ---- | C] () -- C:\Users\aläx\defogger_reenable [2013.03.24 16:22:58 | 000,050,477 | ---- | C] () -- C:\Users\aläx\Desktop\Defogger.exe [2013.03.19 03:59:33 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.15 20:49:01 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.03.15 20:49:01 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.03.14 16:44:47 | 000,001,498 | ---- | C] () -- C:\Users\aläx\Desktop\DVD Shrink 3.2.lnk [2013.03.04 06:49:33 | 453,885,265 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.02.06 14:53:15 | 000,021,584 | ---- | C] () -- C:\Program Files (x86)\_update2xblack.dat [2013.02.06 14:51:35 | 000,008,933 | ---- | C] () -- C:\Program Files (x86)\_update2nova.dat [2013.02.06 14:51:35 | 000,000,626 | ---- | C] () -- C:\Program Files (x86)\_update2nova.red.dat [2012.12.27 20:18:57 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2012.12.27 20:18:57 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2012.12.27 20:18:57 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2012.12.27 19:24:42 | 000,000,204 | ---- | C] () -- C:\Windows\SIERRA.INI [2012.11.17 19:28:53 | 000,017,408 | ---- | C] () -- C:\Users\aläx\AppData\Local\WebpageIcons.db [2012.10.16 23:37:15 | 000,003,420 | ---- | C] () -- C:\Users\aläx\AppData\Local\recently-used.xbel [2012.06.23 20:07:50 | 000,000,052 | ---- | C] () -- C:\ProgramData\kecdlwzfsrwccet [2012.06.23 03:27:05 | 000,304,128 | ---- | C] () -- C:\Users\aläx\AppData\Local\bardydeab.exe [2011.10.19 17:04:55 | 004,129,044 | ---- | C] () -- C:\Program Files\webtogodb.wdb [2011.10.19 17:04:55 | 001,023,656 | ---- | C] () -- C:\Program Files\Setup.exe [2011.10.19 17:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderSpa.dll [2011.10.19 17:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderIta.dll [2011.10.19 17:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderGer.dll [2011.10.19 17:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderFre.dll [2011.10.19 17:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderEng.dll [2011.10.19 17:04:55 | 000,476,511 | ---- | C] () -- C:\Program Files\Help_eng.chm [2011.10.19 17:04:55 | 000,427,495 | ---- | C] () -- C:\Program Files\Help_ger.chm [2011.10.19 17:04:55 | 000,413,648 | ---- | C] () -- C:\Program Files\OSU.exe [2011.10.19 17:04:55 | 000,386,713 | ---- | C] () -- C:\Program Files\Help_ita.chm [2011.10.19 17:04:55 | 000,366,391 | ---- | C] () -- C:\Program Files\Help_fre.chm [2011.10.19 17:04:55 | 000,360,127 | ---- | C] () -- C:\Program Files\Help_spa.chm [2011.10.19 17:04:55 | 000,331,432 | ---- | C] () -- C:\Program Files\4GSystems_SMSMMSGer.dll [2011.10.19 17:04:55 | 000,329,168 | ---- | C] () -- C:\Program Files\WTGService.exe [2011.10.19 17:04:55 | 000,243,152 | ---- | C] () -- C:\Program Files\WTGVistaUtil.exe [2011.10.19 17:04:55 | 000,118,436 | ---- | C] () -- C:\Program Files\WTGPhoneCaps.dat [2011.10.19 17:04:55 | 000,094,278 | ---- | C] () -- C:\Program Files\WtgZip.dll [2011.10.19 17:04:55 | 000,065,192 | ---- | C] () -- C:\Program Files\WTGMMSPCClient.dll [2011.10.19 17:04:55 | 000,030,160 | ---- | C] () -- C:\Program Files\InstallWTGService.exe [2011.10.19 17:04:55 | 000,024,584 | ---- | C] () -- C:\Program Files\WTGMMSProfiles.dat [2011.10.19 17:04:55 | 000,024,576 | ---- | C] () -- C:\Program Files\WTGDebugs.dll [2011.10.19 17:04:55 | 000,000,992 | ---- | C] () -- C:\Program Files\providers.xml [2011.10.19 17:04:55 | 000,000,567 | ---- | C] () -- C:\Program Files\KD.xml [2011.10.19 17:04:55 | 000,000,518 | ---- | C] () -- C:\Program Files\mmsc.xml [2011.10.19 17:04:55 | 000,000,193 | ---- | C] () -- C:\Program Files\config.ini [2011.10.19 17:04:54 | 000,962,216 | ---- | C] () -- C:\Program Files\Uninstaller.exe [2011.10.19 17:04:54 | 000,835,240 | ---- | C] () -- C:\Program Files\4GSystems_OneClickAssistantGer.dll [2011.10.19 17:04:54 | 000,831,144 | ---- | C] () -- C:\Program Files\UninstallerSpa.dll [2011.10.19 17:04:54 | 000,831,144 | ---- | C] () -- C:\Program Files\UninstallerGer.dll [2011.10.19 17:04:54 | 000,831,144 | ---- | C] () -- C:\Program Files\UninstallerFre.dll [2011.10.19 17:04:54 | 000,745,128 | ---- | C] () -- C:\Program Files\UninstallerIta.dll [2011.10.19 17:04:54 | 000,376,832 | ---- | C] () -- C:\Program Files\WtgCore.dll [2011.10.19 17:04:54 | 000,204,800 | ---- | C] () -- C:\Program Files\WtgUtil.dll [2011.10.19 17:04:54 | 000,183,976 | ---- | C] () -- C:\Program Files\WTGSMSPCClient.dll [2011.10.19 17:04:54 | 000,143,360 | ---- | C] () -- C:\Program Files\WtgDetection.dll [2011.10.19 17:04:54 | 000,139,264 | ---- | C] () -- C:\Program Files\WtgBluetooth.dll [2011.10.19 17:04:54 | 000,110,592 | ---- | C] () -- C:\Program Files\WtgDatabase.dll [2011.10.19 17:04:54 | 000,065,536 | ---- | C] () -- C:\Program Files\WtgDialup.dll [2011.10.19 17:04:54 | 000,045,056 | ---- | C] () -- C:\Program Files\WtgDriverInstall.dll [2011.10.19 17:04:54 | 000,024,576 | ---- | C] () -- C:\Program Files\WtgDriverInstallX.dll [2011.10.19 17:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientSpa.dll [2011.10.19 17:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientIta.dll [2011.10.19 17:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientGer.dll [2011.10.19 17:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientFre.dll [2011.10.19 17:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientEng.dll [2011.10.19 16:31:32 | 000,258,048 | R--- | C] () -- C:\Windows\SysWow64\sptlib01.dll [2011.10.19 16:31:32 | 000,253,952 | R--- | C] () -- C:\Windows\SysWow64\sptlib02.dll [2011.10.19 16:31:32 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.dll [2011.10.19 16:31:32 | 000,003,456 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.sys [2011.07.31 22:24:46 | 000,087,582 | ---- | C] () -- C:\Program Files (x86)\_update2g.dat [2011.07.31 22:24:46 | 000,038,476 | ---- | C] () -- C:\Program Files (x86)\_update2gcd.dat [2011.07.31 22:24:46 | 000,005,019 | ---- | C] () -- C:\Program Files (x86)\_update2oldblack.dat [2011.07.31 22:24:46 | 000,003,452 | ---- | C] () -- C:\Program Files (x86)\_update2marine.dat [2011.07.31 22:24:46 | 000,003,356 | ---- | C] () -- C:\Program Files (x86)\_update2renaissance.dat [2011.07.31 22:24:46 | 000,003,265 | ---- | C] () -- C:\Program Files (x86)\_update2azure.dat [2011.07.31 22:24:46 | 000,001,655 | ---- | C] () -- C:\Program Files (x86)\_update2shiny.dat [2011.07.31 22:24:46 | 000,001,579 | ---- | C] () -- C:\Program Files (x86)\_update2black.dat [2011.07.31 22:24:46 | 000,001,122 | ---- | C] () -- C:\Program Files (x86)\_update2simple.dat [2011.07.31 22:24:46 | 000,000,947 | ---- | C] () -- C:\Program Files (x86)\_update2renaissance.green.dat [2011.07.31 22:24:46 | 000,000,486 | ---- | C] () -- C:\Program Files (x86)\_update2s.dat [2011.07.31 22:24:46 | 000,000,163 | ---- | C] () -- C:\Program Files (x86)\_update2rare.dat [2011.07.31 22:24:46 | 000,000,075 | ---- | C] () -- C:\Program Files (x86)\_update2default.dat [2011.07.31 22:24:01 | 000,000,905 | ---- | C] () -- C:\Program Files (x86)\Uninstall PokerStars.lnk [2011.07.31 22:24:01 | 000,000,475 | ---- | C] () -- C:\Program Files (x86)\update.ini [2011.07.31 22:24:01 | 000,000,219 | ---- | C] () -- C:\Program Files (x86)\trace.ini [2011.07.31 22:24:01 | 000,000,199 | ---- | C] () -- C:\Program Files (x86)\tinfo.dat [2011.07.31 22:24:01 | 000,000,195 | ---- | C] () -- C:\Program Files (x86)\user.ini [2011.07.31 22:23:53 | 000,585,728 | ---- | C] () -- C:\Program Files (x86)\PokerStarsUninstall.exe [2011.07.31 22:23:53 | 000,046,360 | ---- | C] () -- C:\Program Files (x86)\Stub.exe [2011.07.31 22:23:53 | 000,001,442 | ---- | C] () -- C:\Program Files (x86)\PokerStars.ini [2011.07.31 22:23:47 | 000,000,707 | ---- | C] () -- C:\Program Files (x86)\fw.ini [2011.07.21 18:22:14 | 000,000,600 | ---- | C] () -- C:\Users\aläx\AppData\Roaming\winscp.rnd [2011.05.11 22:50:20 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.03.08 22:49:18 | 000,001,466 | ---- | C] () -- C:\Users\aläx\AppData\Local\RecConfig.xml [2010.02.17 23:05:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\aläx\AppData\Local\lame_enc.dll [2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\aläx\AppData\Local\vorbisenc.dll [2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\aläx\AppData\Local\vorbisfile.dll [2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\aläx\AppData\Local\vorbis.dll [2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\aläx\AppData\Local\ogg.dll [2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\aläx\AppData\Local\no23xwrapper.dll ========== ZeroAccess Check ========== [2011.11.17 08:41:18 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\L [2013.03.31 21:40:51 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U [2012.06.02 13:01:02 | 000,002,048 | -HS- | M] () -- C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\@ [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\L [2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.06 20:55:33 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\1&1 Mail & Media GmbH [2013.01.08 18:13:13 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\APP_NAME_NON_STRING [2010.09.19 18:00:54 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Ashampoo [2012.10.28 23:50:16 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\calibre [2011.09.17 20:44:20 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Canneverbe Limited [2011.04.04 12:44:51 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\DAEMON Tools Lite [2012.11.04 11:25:14 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Dropbox [2012.09.25 16:50:01 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\DVDVideoSoft [2010.10.31 14:09:54 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Foxit Software [2010.06.27 12:23:02 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\fretsonfire [2012.06.22 15:53:24 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\ICQ [2010.09.01 00:23:13 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Leadertech [2011.05.04 20:56:33 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Line 6 [2012.09.27 19:03:35 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\MediaMonkey [2011.11.27 17:38:04 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\mp3DirectCut [2013.03.12 23:01:46 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Mp3tag [2012.07.08 14:27:40 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Oghue [2010.02.21 22:26:31 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\OpenOffice.org [2012.11.30 00:04:31 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Origin [2012.04.22 15:30:16 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\PacificPoker [2013.01.08 18:14:02 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\PDF Architect [2011.10.19 17:08:14 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Program Files [2010.11.24 21:06:26 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Samsung [2011.04.12 15:51:10 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Scribus [2013.01.10 22:03:52 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Softland [2013.02.22 22:36:34 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\TS3Client [2012.01.02 03:25:54 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\ts3overlay [2012.11.13 16:57:39 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Windows Live Writer [2010.02.03 18:56:41 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\_MDLogs [2013.02.23 00:19:45 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\{13215AB9-2B2E-4F6E-ADF1-1D7048C31288} [2013.02.23 00:18:54 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\{8B7C62AE-92BD-48AE-AA5B-FA375BC97E3E} |
|
01.04.2013, 21:01
| #14 |
| | Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) So, hier jetzt der zweite Teil: Code:
ATTFilter ========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2013.03.31 21:55:54 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2013.03.24 17:00:06 | 000,000,000 | ---D | M] -- C:\4gEJsVyiA73
[2009.10.02 08:15:52 | 000,000,000 | ---D | M] -- C:\boot
[2013.04.01 10:41:42 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.02.03 16:50:59 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.11.24 02:00:24 | 000,000,000 | ---D | M] -- C:\HP
[2013.03.31 22:51:14 | 000,000,000 | ---D | M] -- C:\JRT
[2009.10.01 20:04:01 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.04.01 01:33:23 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.04.01 01:33:23 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.03.31 22:42:52 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.02.03 16:50:59 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.03.31 22:01:58 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.02.03 16:52:40 | 000,000,000 | ---D | M] -- C:\Recovery
[2010.02.03 16:57:00 | 000,000,000 | ---D | M] -- C:\SwSetup
[2013.04.01 21:31:35 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.02.03 16:52:50 | 000,000,000 | ---D | M] -- C:\SYSTEM.SAV
[2010.08.08 21:10:14 | 000,000,000 | ---D | M] -- C:\Temp
[2012.11.06 17:40:01 | 000,000,000 | R--D | M] -- C:\Users
[2013.04.01 10:42:46 | 000,000,000 | ---D | M] -- C:\Windows
< %PROGRAMFILES%\*.exe >
[2013.02.06 14:53:19 | 008,963,608 | ---- | M] (PokerStars) -- C:\Program Files (x86)\PokerStars.exe
[2011.07.31 22:23:53 | 000,816,472 | ---- | M] (PokerStars.com) -- C:\Program Files (x86)\PokerStarsCommunicate.exe
[2011.07.31 22:23:53 | 000,656,728 | ---- | M] ( PokerStars) -- C:\Program Files (x86)\PokerStarsOnlineUpdate.exe
[2011.07.31 22:23:53 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\PokerStarsUninstall.exe
[2013.02.06 14:51:35 | 000,581,208 | ---- | M] (PokerStars) -- C:\Program Files (x86)\PokerStarsUpdate.exe
[2011.07.31 22:23:53 | 000,046,360 | ---- | M] () -- C:\Program Files (x86)\Stub.exe
[2012.04.06 20:54:34 | 000,334,640 | ---- | M] (PokerStars) -- C:\Program Files (x86)\Tracer.exe
< %LOCALAPPDATA%\*.exe >
[2012.06.23 03:27:05 | 000,304,128 | ---- | M] () -- C:\Users\aläx\AppData\Local\bardydeab.exe
[2007.01.18 22:09:54 | 000,623,616 | ---- | M] (Ivan Bischof ©2003 - 2005) -- C:\Users\aläx\AppData\Local\No23 Recorder.exe
< %systemroot%\*. /mp /s >
< %windir%\installer\*. /5 >
[2013.04.01 01:42:04 | 000,000,000 | ---D | M] -- C:\Windows\installer\{39D0E034-1042-4905-BECB-5502909FCB7C}
[2013.04.01 01:34:43 | 000,000,000 | ---D | M] -- C:\Windows\installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
[2013.04.01 02:29:20 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90110407-6000-11D3-8CFE-0150048383C9}
[2013.04.01 02:14:46 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90120000-0020-0407-0000-0000000FF1CE}
[2013.04.01 02:14:50 | 000,000,000 | ---D | M] -- C:\Windows\installer\{95120000-00AF-0407-0000-0000000FF1CE}
[2013.03.31 21:40:51 | 000,000,000 | ---D | M] -- C:\Windows\installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}
< %localappdata%\*. /5 >
[2013.04.01 21:14:11 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Local\LogMeIn Hamachi
[2013.04.01 21:29:38 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Local\Temp
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
< MD5 for: EXPLORER.EXE >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 5
"ProviderFileName0" = unimdm.tsp -- [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 4
< HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 5
"ProviderFileName0" = unimdm.tsp -- [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 4
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S >
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-100
"Group" = NetworkProvider
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\wkssvc.dll,-101
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = BowserMRxSmb10MRxSmb20NSI [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeImperson [Binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage]
"Bind" = \Device\Smb_Tcpip_{82E069DA-CFB1-4 [Binary data over 200 bytes]
"Route" = "Smb" "Tcpip" "{82E069DA-CFB1-49BC [Binary data over 200 bytes]
"Export" = \Device\LanmanWorkstation_Smb_Tcpi [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\NetworkProvider]
"DeviceName" = \Device\LanmanRedirector
"Name" = Microsoft Windows Network
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-102
"ProviderPath" = %SystemRoot%\System32\ntlanman.dll -- [2010.11.20 14:20:46 | 000,069,120 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"ServiceDll" = %SystemRoot%\System32\wkssvc.dll
"ServiceDllUnloadOnStop" = 1
"EnablePlainTextPassword" = 0
"EnableSecuritySignature" = 1
"RequireSecuritySignature" = 0
"OtherDomains" = [binary data]
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S >
"DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101
"Group" = TDI
"ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\dnsapi.dll,-102
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = Tdxnsi [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll" = %SystemRoot%\System32\dnsrslvr.dll
"ServiceDllUnloadOnStop" = 1
"extension" = %SystemRoot%\System32\dnsext.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache]
"ShutdownOnIdle" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security]
"Security" = 01 00 14 80 F8 00 00 00 04 01 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 C8 00 08 00 00 00 00 02 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 02 28 00 CD 01 02 00 01 06 00 00 00 00 00 05 50 00 00 00 04 C9 44 AF 94 D9 D3 E5 2B E1 B7 1C 17 84 87 13 6E 1A FA 65 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0]
"Type" = 4
"Action" = 1
"GUID" = 07 9E 56 B7 21 84 E0 4E AD 10 86 91 5A FD AD 09 [binary data]
"Data0" = 5355UDP [binary data]
"DataType0" = 2
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost >
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes]
"LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes]
"LocalServiceNoNetwork" = PLA [binary data] -- [2010.11.20 14:20:54 | 001,508,864 | ---- | M] (Microsoft Corporation)
"rpcss" = RpcSs [binary data]
"LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc]
< HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost >
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes]
"LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes]
"LocalServiceNoNetwork" = PLA [binary data] -- [2010.11.20 14:20:54 | 001,508,864 | ---- | M] (Microsoft Corporation)
"rpcss" = RpcSs [binary data]
"LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalService]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\netsvcs]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkService]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\termsvcs]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\wcssvc]
< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com >
< %SystemRoot%\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
< %SystemRoot%\system32\*.tsp /64 >
[2009.07.14 03:38:54 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\hidphone.tsp
[2009.07.14 03:38:54 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kmddsp.tsp
[2009.07.14 03:38:54 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ndptsp.tsp
[2009.07.14 03:38:54 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\remotesp.tsp
[2010.11.20 15:24:24 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\unimdm.tsp
< C:\Windows\system32\*.dll /360 >
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 06:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 04:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2013.04.01 01:57:18 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.04.01 01:57:18 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.04.01 01:57:18 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.04.01 01:57:18 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.04.01 01:57:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.04.01 01:57:18 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.04.01 01:57:18 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.04.01 01:57:19 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.04.01 01:57:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
[2012.11.30 04:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
[2012.07.26 19:08:06 | 000,153,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\atl110.dll
[2012.12.16 16:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll
[2012.12.16 16:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdosys.dll
[2012.06.02 06:36:29 | 001,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2012.06.02 06:36:29 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll
[2012.06.02 06:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll
[2013.04.01 01:57:18 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d2d1.dll
[2013.04.01 01:57:18 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10.dll
[2013.04.01 01:57:18 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10core.dll
[2013.04.01 01:57:18 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll
[2013.04.01 01:57:18 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10warp.dll
[2013.04.01 01:57:18 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1.dll
[2013.04.01 01:57:18 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1core.dll
[2013.04.01 01:57:18 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d11.dll
[2013.03.15 20:45:26 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\deployJava1.dll
[2012.10.09 19:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcore6.dll
[2012.10.09 19:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcsvc6.dll
[2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll
[2013.04.01 01:57:18 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll
[2013.04.01 01:57:18 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxgi.dll
[2013.04.01 02:00:06 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll
[2013.04.01 02:00:06 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll
[2013.04.01 02:00:07 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\elshyph.dll
[2012.05.30 08:29:14 | 000,065,536 | ---- | M] (Beepa P/L) -- C:\Windows\system32\frapsvid.dll
[2012.12.07 14:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gameux.dll
[2013.04.01 02:00:06 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardie.dll
[2013.04.01 02:00:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IEAdvpack.dll
[2013.04.01 02:00:06 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll
[2013.04.01 02:00:06 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll
[2013.04.01 02:00:06 | 013,761,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2013.04.01 02:00:06 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll
[2013.04.01 02:00:06 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll
[2013.04.01 02:00:07 | 002,046,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2013.04.01 02:00:06 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll
[2013.04.01 02:00:06 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll
[2013.04.01 02:00:06 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2013.04.01 02:00:07 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imgutil.dll
[2013.04.01 02:00:07 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inseng.dll
[2013.04.01 02:00:07 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
[2013.04.01 02:00:06 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll
[2013.04.01 02:00:07 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2012.08.11 01:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll
[2012.11.30 06:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll
[2012.11.30 06:53:59 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll
[2013.04.01 02:00:06 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll
[2012.07.17 14:49:00 | 000,209,648 | ---- | M] (Microsoft Corp.) -- C:\Windows\system32\LIVESSP.DLL
[2013.04.01 02:00:07 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2013.04.01 02:00:06 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll
[2013.04.01 02:00:07 | 014,317,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2013.04.01 02:00:07 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2013.04.01 02:00:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmler.dll
[2013.04.01 02:00:07 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmlmedia.dll
[2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll
[2013.04.01 02:00:07 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msls31.dll
[2013.04.01 01:57:18 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msmpeg2vdec.dll
[2012.05.05 11:54:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MSMPIDE.DLL
[2013.04.01 02:00:07 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msrating.dll
[2012.07.26 19:08:06 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp110.dll
[2012.07.26 19:08:06 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr110.dll
[2012.11.01 06:47:54 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2012.11.01 06:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2012.11.20 06:51:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll
[2012.10.03 18:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncsi.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2012.10.03 18:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netcorehc.dll
[2012.10.03 18:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netevent.dll
[2013.03.15 20:45:26 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\npDeployJava1.dll
[2013.01.04 04:47:33 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntvdm64.dll
[2013.04.01 02:00:07 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll
[2013.04.01 02:00:07 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pngfilt.dll
[2012.06.02 06:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2012.06.02 06:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll
[2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2012.12.27 20:28:14 | 000,012,067 | ---- | M] () -- C:\Windows\system32\SIntf16.dll
[2012.12.27 20:28:14 | 000,017,212 | ---- | M] () -- C:\Windows\system32\SIntf32.dll
[2012.12.27 20:28:14 | 000,021,840 | ---- | M] () -- C:\Windows\system32\SIntfNT.dll
[2012.09.12 16:07:44 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sirenacm.dll
[2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\srclient.dll
[2012.06.02 06:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll
[2012.09.26 00:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll
[2012.11.09 06:42:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2013.04.01 01:57:18 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\UIAnimation.dll
[2013.04.01 02:00:06 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2013.04.01 02:00:07 | 001,129,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2012.11.22 06:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\usp10.dll
[2013.04.01 02:00:07 | 000,523,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2012.07.26 19:08:06 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vccorlib110.dll
[2012.07.26 19:08:06 | 000,115,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vcomp110.dll
[2013.04.01 02:00:07 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webcheck.dll
[2012.11.09 06:43:04 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll
[2013.03.15 20:45:28 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\WindowsAccessBridge-32.dll
[2013.04.01 01:57:18 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecs.dll
[2013.04.01 01:57:18 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecsExt.dll
[2013.04.01 02:00:07 | 001,766,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2012.08.24 18:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2013.04.01 01:57:18 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMPhoto.dll
[2013.01.04 06:51:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wow32.dll
[2012.12.07 14:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wpc.dll
[2013.04.01 01:57:18 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsGdiConverter.dll
[2013.04.01 01:57:18 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsPrint.dll
[2012.07.05 14:21:30 | 000,107,212 | ---- | M] () -- C:\Windows\system32\zlib1.dll
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
< C:\Windows\SysNative\*.dll /360 >
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 07:38:44 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 07:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.04.01 01:57:18 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.04.01 01:57:18 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.04.01 01:57:18 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.04.01 01:57:18 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.04.01 01:57:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.04.01 01:57:19 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.04.01 01:57:19 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.04.01 01:57:19 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.04.01 01:57:19 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2012.11.30 07:38:45 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.07.26 15:22:10 | 000,177,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\atl110.dll
[2012.12.16 16:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 19:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.07.05 00:13:27 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.07.05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browser.dll
[2012.06.06 08:02:54 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.06.02 07:41:27 | 001,464,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.02 07:41:28 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.02 07:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsvc.dll
[2013.04.01 01:57:18 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.04.01 01:57:18 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.04.01 01:57:18 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.04.01 01:57:18 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.04.01 01:57:18 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.04.01 01:57:18 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.04.01 01:57:18 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.04.01 01:57:18 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.03.19 03:47:06 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.10.09 20:17:13 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.10.09 20:17:13 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.10.03 13:50:16 | 000,020,872 | ---- | M] (Softland) -- C:\Windows\SysNative\dopdfmi7.dll
[2012.10.03 13:50:18 | 000,025,480 | ---- | M] (Softland) -- C:\Windows\SysNative\dopdfmn7.dll
[2012.11.02 07:59:11 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013.04.01 01:57:18 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.04.01 01:57:18 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.04.01 02:00:06 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.01 02:00:06 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.01 02:00:07 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.04.01 01:57:18 | 001,175,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll
[2012.05.30 08:29:18 | 000,071,680 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll
[2012.12.07 15:15:31 | 002,746,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.04.01 02:00:06 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.01 02:00:06 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.01 02:00:06 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.01 02:00:06 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2013.04.01 02:00:06 | 015,407,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2013.04.01 02:00:06 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.01 02:00:06 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.01 02:00:06 | 002,647,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2013.04.01 02:00:06 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.01 02:00:06 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.01 02:00:06 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.01 02:00:06 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.01 02:00:06 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.10.03 19:42:16 | 000,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iphlpsvc.dll
[2013.04.01 02:00:06 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.01 02:00:06 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.01 02:00:06 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2012.08.11 02:56:03 | 000,715,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kerberos.dll
[2012.11.30 07:41:07 | 001,161,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.11.30 07:41:07 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.04.01 02:00:06 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.07.17 15:14:44 | 000,253,184 | ---- | M] (Microsoft Corp.) -- C:\Windows\SysNative\LIVESSP.DLL
[2012.05.14 07:26:34 | 000,956,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013.04.01 02:00:06 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.01 02:00:06 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2013.04.01 02:00:06 | 019,221,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2013.04.01 02:00:06 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.01 02:00:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.01 02:00:06 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2012.04.07 14:31:40 | 003,216,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2013.04.01 02:00:06 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.04.01 01:57:18 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.04.01 02:00:06 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.07.26 15:22:10 | 000,661,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
[2012.07.26 15:22:10 | 000,828,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
[2012.11.01 07:43:42 | 001,882,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3.dll
[2012.11.01 07:43:42 | 002,002,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6.dll
[2012.11.20 07:48:49 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.10.03 19:44:16 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.07.05 00:16:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.10.03 19:44:17 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.10.03 19:44:17 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.10.03 19:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nlaapi.dll
[2012.10.03 19:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nlasvc.dll
[2013.03.19 03:47:06 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.11.30 07:43:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.04.01 02:00:06 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.10.28 19:32:34 | 000,103,936 | ---- | M] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2013.04.01 02:00:06 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.05.01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\profsvc.dll
[2012.04.26 07:41:55 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.04.26 07:41:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.02 07:45:31 | 000,340,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\schannel.dll
[2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shell32.dll
[2012.05.05 10:36:55 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.09.26 00:46:17 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.09 07:45:09 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tzres.dll
[2013.04.01 01:57:18 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.04.01 02:00:06 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.01 02:00:06 | 001,365,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2012.11.22 07:44:23 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.04.01 02:00:06 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.07.26 15:22:10 | 000,354,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
[2012.07.26 15:22:10 | 000,124,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vcomp110.dll
[2012.07.26 04:36:08 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013.04.01 02:00:06 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\webcheck.dll
[2012.11.09 07:45:32 | 000,750,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.03.19 03:47:08 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.04.01 01:57:18 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.04.01 01:57:18 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.04.01 02:00:06 | 002,240,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2013.01.04 07:46:09 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.08.24 20:05:07 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013.04.01 01:57:18 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2012.11.30 07:45:35 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.11.30 07:45:35 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.11.30 07:45:35 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.07 15:20:16 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuaueng.dll
[2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.07.26 05:08:14 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.07.26 05:08:14 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.07.26 05:08:14 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFSvc.dll
[2012.07.26 05:08:14 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.04.01 01:57:18 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.04.01 01:57:18 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
< C:\Windows\SysWOW64\*.dll /360 >
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 06:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 04:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
[2013.04.01 01:57:18 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.04.01 01:57:18 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.04.01 01:57:18 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.04.01 01:57:18 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.04.01 01:57:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.04.01 01:57:18 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.04.01 01:57:18 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.04.01 01:57:19 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.04.01 01:57:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
[2012.11.30 04:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
[2012.07.26 19:08:06 | 000,153,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl110.dll
[2012.12.16 16:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\atmfd.dll
[2012.12.16 16:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWOW64\atmlib.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\browcli.dll
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cdosys.dll
[2012.06.02 06:36:29 | 001,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
[2012.06.02 06:36:29 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll
[2012.06.02 06:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsvc.dll
[2013.04.01 01:57:18 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll
[2013.04.01 01:57:18 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll
[2013.04.01 01:57:18 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll
[2013.04.01 01:57:18 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10level9.dll
[2013.04.01 01:57:18 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10warp.dll
[2013.04.01 01:57:18 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll
[2013.04.01 01:57:18 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll
[2013.04.01 01:57:18 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d11.dll
[2013.03.15 20:45:26 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\deployJava1.dll
[2012.10.09 19:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcore6.dll
[2012.10.09 19:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll
[2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dpnet.dll
[2013.04.01 01:57:18 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll
[2013.04.01 01:57:18 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll
[2013.04.01 02:00:06 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxtmsft.dll
[2013.04.01 02:00:06 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxtrans.dll
[2013.04.01 02:00:07 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\elshyph.dll
[2012.05.30 08:29:14 | 000,065,536 | ---- | M] (Beepa P/L) -- C:\Windows\SysWOW64\frapsvid.dll
[2012.12.07 14:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gameux.dll
[2013.04.01 02:00:06 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\icardie.dll
[2013.04.01 02:00:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IEAdvpack.dll
[2013.04.01 02:00:06 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieapfltr.dll
[2013.04.01 02:00:06 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iedkcs32.dll
[2013.04.01 02:00:06 | 013,761,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll
[2013.04.01 02:00:06 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iepeers.dll
[2013.04.01 02:00:06 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iernonce.dll
[2013.04.01 02:00:07 | 002,046,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
[2013.04.01 02:00:06 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iesetup.dll
[2013.04.01 02:00:06 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iesysprep.dll
[2013.04.01 02:00:06 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieui.dll
[2013.04.01 02:00:07 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imgutil.dll
[2013.04.01 02:00:07 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\inseng.dll
[2013.04.01 02:00:07 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript.dll
[2013.04.01 02:00:06 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript9.dll
[2013.04.01 02:00:07 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jsproxy.dll
[2012.08.11 01:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kerberos.dll
[2012.11.30 06:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
[2012.11.30 06:53:59 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
[2013.04.01 02:00:06 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\licmgr10.dll
[2012.07.17 14:49:00 | 000,209,648 | ---- | M] (Microsoft Corp.) -- C:\Windows\SysWOW64\LIVESSP.DLL
[2013.04.01 02:00:07 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msfeeds.dll
[2013.04.01 02:00:06 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msfeedsbs.dll
[2013.04.01 02:00:07 | 014,317,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtml.dll
[2013.04.01 02:00:07 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmled.dll
[2013.04.01 02:00:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmler.dll
[2013.04.01 02:00:07 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmlmedia.dll
[2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
[2013.04.01 02:00:07 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll
[2013.04.01 01:57:18 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msmpeg2vdec.dll
[2012.05.05 11:54:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MSMPIDE.DLL
[2013.04.01 02:00:07 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msrating.dll
[2012.07.26 19:08:06 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp110.dll
[2012.07.26 19:08:06 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr110.dll
[2012.11.01 06:47:54 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3.dll
[2012.11.01 06:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml6.dll
[2012.11.20 06:51:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll
[2012.10.03 18:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncsi.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll
[2012.10.03 18:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netcorehc.dll
[2012.10.03 18:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netevent.dll
[2013.03.15 20:45:26 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\npDeployJava1.dll
[2013.01.04 04:47:33 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntvdm64.dll
[2013.04.01 02:00:07 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\occache.dll
[2013.04.01 02:00:07 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pngfilt.dll
[2012.06.02 06:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll
[2012.06.02 06:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
[2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
[2012.12.27 20:28:14 | 000,012,067 | ---- | M] () -- C:\Windows\SysWOW64\SIntf16.dll
[2012.12.27 20:28:14 | 000,017,212 | ---- | M] () -- C:\Windows\SysWOW64\SIntf32.dll
[2012.12.27 20:28:14 | 000,021,840 | ---- | M] () -- C:\Windows\SysWOW64\SIntfNT.dll
[2012.09.12 16:07:44 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sirenacm.dll
[2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
[2012.06.02 06:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
[2012.09.26 00:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\synceng.dll
[2012.11.09 06:42:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\tzres.dll
[2013.04.01 01:57:18 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\UIAnimation.dll
[2013.04.01 02:00:06 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\url.dll
[2013.04.01 02:00:07 | 001,129,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
[2012.11.22 06:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
[2013.04.01 02:00:07 | 000,523,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vbscript.dll
[2012.07.26 19:08:06 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vccorlib110.dll
[2012.07.26 19:08:06 | 000,115,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vcomp110.dll
[2013.04.01 02:00:07 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webcheck.dll
[2012.11.09 06:43:04 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\win32spl.dll
[2013.03.15 20:45:28 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
[2013.04.01 01:57:18 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
[2013.04.01 01:57:18 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecsExt.dll
[2013.04.01 02:00:07 | 001,766,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
[2012.08.24 18:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
[2013.04.01 01:57:18 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WMPhoto.dll
[2013.01.04 06:51:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wow32.dll
[2012.12.07 14:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wpc.dll
[2013.04.01 01:57:18 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\XpsGdiConverter.dll
[2013.04.01 01:57:18 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\XpsPrint.dll
[2012.07.05 14:21:30 | 000,107,212 | ---- | M] () -- C:\Windows\SysWOW64\zlib1.dll
< End of report >
|
|
01.04.2013, 21:47
| #15 |
| /// Malwareteam | Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) Das sieht schon besser aus. Wir entfernen jetzt noch ein paar Reste und dann will ich noch was nachschauen: Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
[2012.06.23 03:27:05 | 000,304,128 | ---- | C] () -- C:\Users\aläx\AppData\Local\bardydeab.exe
[2011.11.17 08:41:18 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\L
[2013.03.31 21:40:51 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U
[2012.06.02 13:01:02 | 000,002,048 | -HS- | M] () -- C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\L
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2013.03.24 17:00:06 | 000,000,000 | ---D | M] -- C:\4gEJsVyiA73
Schritt 2 Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Schritt 3 Starte bitte die OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Bitte poste in deiner nächsten Antwort
__________________ Keep Jazzing! DerJazzer Imperare sibi maximum imperium est. ©Seneca Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/ |
|
| Themen zu Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) |
| adobe, antivir, appdata, autorun, avira, bho, converter, encrypt, excel, firefox, format, home, logfile, mp3, ntdll.dll, origin, plug-in, problem, programm, realtek, recycle.bin, registry, rundll, scan, search the web, software, stick, teamspeak, temp, trojaner, virus, wallpapers, windows |
WARNUNG an die MITLESER: 
Textbox.
Linear-Darstellung
