Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Oracle America Inc. (jucheck.exe)

Oracle America Inc. (jucheck.exe)


Log-Analyse und Auswertung: Oracle America Inc. (jucheck.exe)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 02.10.2013, 08:38   #1
Chuckim
 
Oracle America Inc. (jucheck.exe) - Standard

Oracle America Inc. (jucheck.exe)


Ich habe das gleiche Problem wie

http://www.trojaner-board.de/126046-...eck-exe.htmlIn Task-leiste erscheint regelmäßig: jucheck.exe erfordert Berechtigung

des weiteren befinden sich in der Quarantäne meines Anitvirenprogramms (Avira Free Antivirus) folgende Dateien:
JAVA/Lamar.dlk.28
JAVA/Lamar.rso.8
TR/Crypt.ZPACK.9324
TR/PSW.Fareit.1871
TR/Crypt.ZPACK.147
TR/Crypt.EPACK.759
TR/Zusy.60675
TR/Crypt.XPACK.Gen

mich nach dem anderen Link richtend, habe ich OTL Oldtimer runtergeladen und den Inhalt der Textbox von markusg wie beschrieben kopiert und OTL scanen lassen.
Das Ergebnis vom Quick Scan hier:


OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.10.2013 08:56:43 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kuno\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,27 Gb Available Physical Memory | 78,59% Memory free
15,96 Gb Paging File | 14,20 Gb Available in Paging File | 88,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 42,21 Gb Free Space | 43,27% Space Free | Partition Type: NTFS
Drive D: | 488,28 Gb Total Space | 481,77 Gb Free Space | 98,67% Space Free | Partition Type: NTFS
Drive E: | 345,57 Gb Total Space | 253,40 Gb Free Space | 73,33% Space Free | Partition Type: NTFS
 
Computer Name: U-TOWER | User Name: Kuno | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.10.02 08:52:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kuno\Downloads\OTL.exe
PRC - [2013.09.04 12:58:40 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.09.04 12:57:30 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.09.04 12:57:29 | 000,347,192 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Kuno\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.01.18 09:30:09 | 000,298,673 | ---- | M] (Official site, includes a presentation, a blog, a newsletter and information on devices) -- C:\Users\Kuno\AppData\Roaming\Nane\tiubu.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.01.31 11:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2012.01.04 18:05:04 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.01.21 13:33:32 | 000,214,360 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Pmsb.exe
PRC - [2010.07.29 11:59:36 | 000,116,632 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.03.11 10:47:52 | 000,151,040 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ScanModule.dll
MOD - [2011.01.21 15:05:44 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMScnSet.dll
MOD - [2010.12.29 18:32:32 | 000,614,400 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDB_N.dll
MOD - [2010.12.29 17:52:08 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMCommon.dll
MOD - [2010.12.23 13:17:32 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMISM.dll
MOD - [2010.12.20 16:21:06 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\CategoryManager.dll
MOD - [2010.11.30 16:42:22 | 000,352,256 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMTree.dll
MOD - [2010.11.26 10:45:10 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImageSplitter.dll
MOD - [2010.11.26 10:33:20 | 004,583,424 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMView.dll
MOD - [2010.10.22 10:22:34 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSave.dll
MOD - [2010.10.22 10:01:46 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSet.dll
MOD - [2010.09.26 11:13:24 | 000,430,080 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPageVW.dll
MOD - [2010.09.26 11:13:02 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImgVW.dll
MOD - [2010.09.09 18:00:40 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMINSO.dll
MOD - [2010.09.08 17:10:10 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\OutlookVBA.dll
MOD - [2010.09.08 10:52:26 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPDFView.dll
MOD - [2010.08.03 10:51:10 | 001,036,288 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\SlideBarDLL.dll
MOD - [2010.08.03 10:44:44 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMOffice.dll
MOD - [2010.07.13 10:48:18 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMProp.dll
MOD - [2010.05.07 11:46:38 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PerformOcr.dll
MOD - [2010.04.27 15:20:18 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMStatus.dll
MOD - [2010.03.02 15:09:08 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDocVW.dll
MOD - [2009.12.04 17:20:52 | 000,323,584 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAnoSet.dll
MOD - [2009.11.27 17:38:52 | 000,331,776 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAppBar.dll
MOD - [2009.11.26 17:49:38 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NetFun2k.dll
MOD - [2009.09.09 14:44:26 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMANO.dll
MOD - [2009.08.06 10:22:18 | 000,421,888 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\FT.dll
MOD - [2009.06.26 09:03:42 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMApSet.dll
MOD - [2008.11.17 14:56:24 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\nsSign.dll
MOD - [2008.08.25 17:19:34 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PHooKDlg.dll
MOD - [2008.08.25 16:16:44 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMIEVW.dll
MOD - [2007.12.20 14:37:00 | 000,176,128 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\DocCate.dll
MOD - [2007.08.31 17:51:04 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMVoice.dll
MOD - [2007.03.30 10:24:12 | 000,104,528 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Qem.dll
MOD - [2007.03.30 10:01:28 | 000,038,992 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NsOEMKey.dll
MOD - [2007.03.30 09:57:04 | 000,034,896 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Import.dll
MOD - [2007.03.30 09:49:38 | 000,104,528 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ComClass.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.12.12 00:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.09.15 12:49:48 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.09.04 12:58:40 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.09.04 12:57:30 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.03.01 20:19:29 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.02.27 07:01:02 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE -- (EPSON_PM_RPCV4_05)
SRV - [2012.01.31 11:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2012.01.04 18:05:04 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.08.01 18:24:00 | 003,889,424 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.09.04 12:59:03 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.09.04 12:59:03 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.06.02 10:38:55 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.26 21:00:52 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.12.26 21:00:51 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.09.21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.24 11:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.02.24 11:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.10.01 21:41:00 | 001,349,232 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.05.20 09:30:58 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.07.17 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.07.26 16:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008.07.26 16:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2008.01.17 17:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.01 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyStart by IncrediBar.com
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb178/?search={searchTerms}&loc=IB_DS&a=6OyLvwzsva&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Kuno\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Kuno\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
 
[2012.12.29 16:06:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kuno\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Kuno\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Kuno\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\npbrowserext.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Kuno\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Grooveshark Germany unlocker = C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\
CHR - Extension: Grooveshark Germany unlocker = C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\.orig
CHR - Extension: Google Mail = C:\Users\Kuno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.EXE (NewSoft Technology Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Kuno\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Faduhudiex] C:\Users\Kuno\AppData\Roaming\Baahuv\haeb.exe ( )
O4 - HKCU..\Run: [homkido] rundll32 ",homkido File not found
O4 - HKCU..\Run: [Kikas] C:\Users\Kuno\AppData\Roaming\Atre\wado.exe (SoftVector Solutions )
O4 - HKCU..\Run: [Poeqp] C:\Users\Kuno\AppData\Roaming\Waucu\qiux.exe ()
O4 - HKCU..\Run: [Quyse] C:\Users\Kuno\AppData\Roaming\Nane\tiubu.exe (Official site, includes a presentation, a blog, a newsletter and information on devices)
O4 - HKCU..\Run: [Scan Buttons] C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSB.EXE (NewSoft Technology Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18EFE0C8-8408-4419-9A7D-C2734186F75E}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6eeb004f-2f9b-11e1-ad02-14dae92ea81a}\Shell - "" = AutoRun
O33 - MountPoints2\{6eeb004f-2f9b-11e1-ad02-14dae92ea81a}\Shell\AutoRun\command - "" = K:\AUTOSTARTER.EXE
O33 - MountPoints2\{6eeb005f-2f9b-11e1-ad02-14dae92ea81a}\Shell - "" = AutoRun
O33 - MountPoints2\{6eeb005f-2f9b-11e1-ad02-14dae92ea81a}\Shell\AutoRun\command - "" = L:\AUTOSTARTER.EXE
O33 - MountPoints2\{d5f30bc6-4753-11e1-ab67-14dae92ea81a}\Shell - "" = AutoRun
O33 - MountPoints2\{d5f30bc6-4753-11e1-ab67-14dae92ea81a}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2EACD91F-B1C4-0780-9EDD-F30A46B11BC5} - Browser Customizations
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {8A37D346-EEBC-B3EC-AC6B-413742F5C911} - Browser Customizations
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {B940A9DC-FDB6-0805-F3C1-FDC63A70B803} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {D1B3CE77-6847-945D-9BC9-B3C023564174} - Microsoft Windows Media Player
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F02C093C-B01B-65FF-A9EC-57E89C8D0D57} - Microsoft Windows Media Player
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Aeria Ignite - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Steam - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.09.28 06:38:37 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Vuwo
[2013.09.28 06:38:37 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Selas
[2013.09.28 06:38:37 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Dees
[2013.09.22 17:39:23 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Usbi
[2013.09.22 17:39:23 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Lina
[2013.09.22 17:39:23 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Ituf
[2013.09.22 17:39:13 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Yknoho
[2013.09.22 17:39:13 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Vyegvu
[2013.09.22 17:39:13 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Anbar
[2013.09.19 16:16:37 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Ywash
[2013.09.19 16:16:37 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Cowe
[2013.09.19 16:16:36 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Cesagi
[2013.09.18 14:21:52 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Okivn
[2013.09.18 14:21:52 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Ixdoh
[2013.09.18 14:21:52 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Ibhyz
[2013.09.15 11:56:45 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Zasig
[2013.09.15 11:56:45 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Nane
[2013.09.15 11:56:45 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Kamey
[2013.09.10 17:14:19 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Zuki
[2013.09.10 17:14:19 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Ovwuvy
[2013.09.10 17:14:19 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Meyc
[2013.09.10 16:13:55 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Nycymi
[2013.09.10 16:13:55 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Nosepo
[2013.09.10 16:13:55 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Fuegi
[2013.09.08 11:01:23 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Uwgei
[2013.09.08 11:01:23 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Kuagze
[2013.09.08 11:01:23 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Dywui
[2013.09.03 21:58:30 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Yqidu
[2013.09.03 21:58:30 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Epupuf
[2013.09.03 21:58:30 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Biuk
[2013.09.03 21:56:32 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Qikok
[2013.09.03 21:56:32 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Ehfuxi
[2013.09.03 21:56:32 | 000,000,000 | ---D | C] -- C:\Users\Kuno\AppData\Roaming\Baahuv
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.10.02 08:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.10.02 08:38:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000UA.job
[2013.10.02 08:35:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.10.02 08:35:21 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.10.02 08:25:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.10.02 08:25:11 | 2133,417,983 | -HS- | M] () -- C:\hiberfil.sys
[2013.09.24 21:38:01 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000Core.job
[2013.09.19 19:09:31 | 001,553,992 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.09.19 19:09:31 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.09.19 19:09:31 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.09.19 19:09:31 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.09.19 19:09:31 | 000,090,258 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.09.16 18:01:58 | 004,930,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.09.04 12:59:03 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.09.04 12:59:03 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.09.04 12:59:03 | 000,081,112 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.01 20:19:46 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013.03.01 18:24:59 | 001,530,950 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.08.30 17:43:31 | 000,000,017 | ---- | C] () -- C:\Users\Kuno\AppData\Local\resmon.resmoncfg
[2012.01.07 16:05:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.12.21 18:33:49 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.21 18:33:48 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.08 02:55:57 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.12.08 02:55:57 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.12.08 02:52:19 | 000,042,370 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.12.08 02:51:36 | 000,033,165 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.01 14:39:50 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\.minecraft
[2013.10.02 08:25:38 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\.oit
[2012.06.01 23:39:39 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Aeria Games & Entertainment
[2013.09.22 17:39:13 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Anbar
[2013.08.30 13:43:09 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Atre
[2012.08.30 22:37:58 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Audacity
[2013.03.01 20:40:56 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Autodesk
[2013.09.03 21:56:32 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Baahuv
[2013.08.29 20:54:35 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Bihad
[2013.09.03 21:58:30 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Biuk
[2013.09.19 16:16:37 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Cesagi
[2011.12.29 16:24:23 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.09.19 16:16:37 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Cowe
[2011.12.26 20:55:37 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\DAEMON Tools Lite
[2013.09.28 06:38:37 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Dees
[2012.12.29 15:34:55 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\DeviceVm
[2013.09.08 11:01:23 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Dywui
[2013.09.15 13:35:44 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Ehfuxi
[2013.09.03 21:58:30 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Epupuf
[2013.09.10 16:13:55 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Fuegi
[2013.08.28 13:08:13 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Hiigit
[2013.09.18 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Ibhyz
[2013.09.03 21:56:26 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Ikry
[2013.09.22 17:39:23 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Ituf
[2013.09.18 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Ixdoh
[2013.10.02 08:29:16 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Kamey
[2013.09.08 11:01:23 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Kuagze
[2012.02.10 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\LaunchPad
[2013.09.22 17:39:23 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Lina
[2011.12.17 00:51:42 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\LolClient
[2012.05.24 15:03:57 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\LolClient2
[2013.09.10 17:14:19 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Meyc
[2013.09.15 11:56:45 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Nane
[2013.07.19 23:04:04 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\NewSoft
[2013.09.10 16:13:55 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Nycymi
[2013.09.18 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Okivn
[2012.01.25 21:19:33 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\OpenOffice.org
[2013.03.01 12:53:51 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Opera
[2013.08.27 20:51:53 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Oqgi
[2012.08.25 22:26:21 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Origin
[2013.09.15 12:11:31 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Ovwuvy
[2013.08.30 13:43:09 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Qewe
[2013.09.03 21:56:32 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Qikok
[2013.08.28 13:08:13 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Ryuhr
[2013.09.28 06:38:37 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Selas
[2012.07.09 23:19:51 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\six-zsync
[2013.08.29 20:54:35 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Soxer
[2013.08.28 13:08:14 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Tagi
[2012.02.07 14:28:57 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\TeamViewer
[2012.12.29 14:39:22 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\TS3Client
[2013.09.22 17:39:23 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Usbi
[2013.09.08 11:01:23 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Uwgei
[2013.09.28 06:38:37 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Vuwo
[2013.09.22 17:39:13 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Vyegvu
[2013.08.27 20:48:09 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Waucu
[2012.02.08 19:40:07 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\X-Chat 2
[2013.08.27 20:48:09 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Xuomav
[2013.08.29 20:54:35 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Ykexnu
[2013.09.22 17:39:13 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Yknoho
[2013.09.03 21:58:30 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Yqidu
[2013.09.19 16:16:37 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Ywash
[2013.09.15 11:56:45 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Zasig
[2013.09.10 17:55:00 | 000,000,000 | ---D | M] -- C:\Users\Kuno\AppData\Roaming\Zuki
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.12.08 02:47:21 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.12.08 02:46:56 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.12.15 22:20:00 | 000,000,000 | -HSD | M] -- C:\found.000
[2012.01.09 14:59:31 | 000,000,000 | -HSD | M] -- C:\found.001
[2012.01.13 15:00:24 | 000,000,000 | -HSD | M] -- C:\found.002
[2012.03.10 16:03:12 | 000,000,000 | -HSD | M] -- C:\found.003
[2012.07.17 14:33:44 | 000,000,000 | -HSD | M] -- C:\found.004
[2012.12.31 13:07:54 | 000,000,000 | ---D | M] -- C:\Games
[2011.12.08 03:10:33 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.03.01 20:17:01 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.07.22 11:05:20 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.07.22 11:04:26 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.12.08 02:46:56 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.12.31 12:31:40 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.10.02 08:58:58 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.08 03:11:42 | 000,000,000 | R--D | M] -- C:\Users
[2013.07.22 10:43:27 | 000,000,000 | ---D | M] -- C:\Windows
[2012.12.31 13:09:17 | 000,000,000 | ---D | M] -- C:\Windows.old
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.07.02 16:36:25 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.10.06 19:48:23 | 000,001,064 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000Core.job
[2012.10.06 19:48:24 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1580838269-803925450-3109837126-1000UA.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] () MD5=F7D5FF3A6429ABDD5C0199698D9DE033 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.10.02 09:14:03 | 002,621,440 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat
[2013.10.02 09:14:03 | 000,262,144 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat.LOG1
[2011.12.08 02:47:08 | 000,000,000 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat.LOG2
[2011.12.08 02:59:36 | 000,065,536 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.12.08 02:59:36 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.12.08 02:59:36 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.12.22 12:05:33 | 000,065,536 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{6125d53c-2c84-11e1-9a86-14dae92ea81a}.TM.blf
[2011.12.22 12:05:33 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{6125d53c-2c84-11e1-9a86-14dae92ea81a}.TMContainer00000000000000000001.regtrans-ms
[2011.12.22 12:05:33 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{6125d53c-2c84-11e1-9a86-14dae92ea81a}.TMContainer00000000000000000002.regtrans-ms
[2012.12.29 14:37:50 | 000,065,536 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat{629baeb8-51b0-11e2-ac9a-14dae92ea81a}.TM.blf
[2012.12.29 14:37:50 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat{629baeb8-51b0-11e2-ac9a-14dae92ea81a}.TMContainer00000000000000000001.regtrans-ms
[2012.12.29 14:37:50 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat{629baeb8-51b0-11e2-ac9a-14dae92ea81a}.TMContainer00000000000000000002.regtrans-ms
[2011.12.22 11:58:45 | 000,065,536 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{6a627238-2c83-11e1-820a-14dae92ea81a}.TM.blf
[2011.12.22 11:58:45 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{6a627238-2c83-11e1-820a-14dae92ea81a}.TMContainer00000000000000000001.regtrans-ms
[2011.12.22 11:58:45 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{6a627238-2c83-11e1-820a-14dae92ea81a}.TMContainer00000000000000000002.regtrans-ms
[2011.12.22 12:01:17 | 000,065,536 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{c7f6beba-2c83-11e1-84c2-14dae92ea81a}.TM.blf
[2011.12.22 12:01:17 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{c7f6beba-2c83-11e1-84c2-14dae92ea81a}.TMContainer00000000000000000001.regtrans-ms
[2011.12.22 12:01:17 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{c7f6beba-2c83-11e1-84c2-14dae92ea81a}.TMContainer00000000000000000002.regtrans-ms
[2011.12.22 12:08:47 | 000,065,536 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{d7c2d2be-2c84-11e1-9060-14dae92ea81a}.TM.blf
[2011.12.22 12:08:47 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{d7c2d2be-2c84-11e1-9060-14dae92ea81a}.TMContainer00000000000000000001.regtrans-ms
[2011.12.22 12:08:47 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\NTUSER.DAT{d7c2d2be-2c84-11e1-9060-14dae92ea81a}.TMContainer00000000000000000002.regtrans-ms
[2013.05.26 20:54:00 | 000,065,536 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat{e0c7f0aa-c621-11e2-bba9-14dae92ea81a}.TM.blf
[2013.05.26 20:54:00 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat{e0c7f0aa-c621-11e2-bba9-14dae92ea81a}.TMContainer00000000000000000001.regtrans-ms
[2013.05.26 20:54:00 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat{e0c7f0aa-c621-11e2-bba9-14dae92ea81a}.TMContainer00000000000000000002.regtrans-ms
[2012.12.29 14:45:02 | 000,065,536 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat{e6519d5c-51a8-11e2-a997-14dae92ea81a}.TM.blf
[2012.12.29 14:45:02 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat{e6519d5c-51a8-11e2-a997-14dae92ea81a}.TMContainer00000000000000000001.regtrans-ms
[2012.12.29 14:45:02 | 000,524,288 | -HS- | M] () -- C:\Users\Kuno\ntuser.dat{e6519d5c-51a8-11e2-a997-14dae92ea81a}.TMContainer00000000000000000002.regtrans-ms
[2011.12.08 02:47:08 | 000,000,020 | -HS- | M] () -- C:\Users\Kuno\ntuser.ini
[2013.07.23 14:28:57 | 000,000,000 | ---- | M] () -- C:\Users\Kuno\Sti_Trace.log
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
--- --- ---

im Anhang ist die Extras.Txt

Danke für euer Bemühen im Vorraus
Geändert von Chuckim (02.10.2013 um 08:47 Uhr)

 

Themen zu Oracle America Inc. (jucheck.exe)
adblock, java/lamar.dlk.28, java/lamar.rso.8, launch, plug-in, registry, required, software, tr/crypt.epack.759, tr/crypt.xpack.gen, tr/crypt.zpack.147, tr/crypt.zpack.9324, tr/psw.fareit.1871, tr/zusy.60675, trojan.agent.fsa76, win32/injector.alxk, win32/injector.ambd, win32/injector.amla, win32/injector.ampg, win32/injector.anar, win32/injector.andj, win32/injector.anfm, win32/injector.anij, win32/injector.anip, win32/spy.zbot.aao, windows, winlogon.exe


« SweetIm & www_getwindowinfo | WIN XP - BKA Trojaner - Extras und OTL erstellt - Wie geht es weiter? »


Ähnliche Themen: Oracle America Inc. (jucheck.exe)


  1. Problem mit Antivir und Oracle America inc
    Log-Analyse und Auswertung - 20.04.2014 (5)
  2. Trojaner: Java Auto Updater von Oracle America, inc. und SoftwareUpdater.ui
    Log-Analyse und Auswertung - 13.04.2014 (3)
  3. Oracle schließt 144 Lücken
    Nachrichten - 15.01.2014 (0)
  4. Oracel America inc - mit Blauen Screen -.-
    Log-Analyse und Auswertung - 05.11.2013 (15)
  5. Oracle America
    Plagegeister aller Art und deren Bekämpfung - 03.07.2013 (2)
  6. bank of america Spam: Your CashPro Online Digital Certificate
    Diskussionsforum - 22.05.2013 (0)
  7. Trojaner jucheck.exe oder ADWARE/InstallCore.Gen bei Online Banking ?
    Log-Analyse und Auswertung - 22.03.2013 (8)
  8. oracle america jucheck virus?
    Log-Analyse und Auswertung - 27.01.2013 (3)
  9. oracle america.inc zerstört meinen Computer!
    Log-Analyse und Auswertung - 18.01.2013 (10)
  10. Oracle kündigt 86 Patches an
    Nachrichten - 12.01.2013 (0)
  11. Oracle America Inc. (jucheck.exe)
    Log-Analyse und Auswertung - 23.10.2012 (7)
  12. Oracle Java was tun?
    Log-Analyse und Auswertung - 19.10.2012 (4)
  13. Neue Oracle-Hacks
    Nachrichten - 04.10.2012 (0)
  14. jucheck.exe = Virus?
    Plagegeister aller Art und deren Bekämpfung - 11.09.2012 (11)
  15. Oracle patcht 66 Schwachstellen
    Nachrichten - 19.01.2011 (0)
  16. jucheck.exe,jusched.exe,Kaspersky Fehlermeldung nach Neuinstallation
    Plagegeister aller Art und deren Bekämpfung - 10.12.2010 (9)
  17. jucheck.exe in windows/system32-ordner : Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 01.09.2010 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Oracle America Inc. (jucheck.exe) - Ich habe das gleiche Problem wie http://www.trojaner-board.de/126046-...eck-exe.htmlIn Task-leiste erscheint regelmäßig: jucheck.exe erfordert Berechtigung des weiteren befinden sich in der Quarantäne meines Anitvirenprogramms (Avira Free Antivirus) folgende Dateien: JAVA/Lamar.dlk.28 JAVA/Lamar.rso.8 TR/Crypt.ZPACK.9324 - Oracle America Inc. (jucheck.exe)...
Archiv
Du betrachtest: Oracle America Inc. (jucheck.exe) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131