| |
| |||||||
Log-Analyse und Auswertung: Interpol Trojaner, jetzt hat es mich auch erwischtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.02.2014, 11:13
| #1 |
| |  Interpol Trojaner, jetzt hat es mich auch erwischt wie oben Beschrieben habe ich den nun auch, habe bisher nur die Scans mit OTL und FRST laufen lassen. Mein System ist Win7 64bit, habe mir vor einiger zeit schon ein Notfall Konto eingerichtet damit ich darüber arbeiten kann. Hier die Scans; OTL.Txt OTL logfile created on: 05.02.2014 10:27:59 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maik\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16428) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 16,00 Gb Total Physical Memory | 12,27 Gb Available Physical Memory | 76,68% Memory free 32,00 Gb Paging File | 28,03 Gb Available in Paging File | 87,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 244,14 Gb Total Space | 74,97 Gb Free Space | 30,71% Space Free | Partition Type: NTFS Drive D: | 244,14 Gb Total Space | 65,32 Gb Free Space | 26,76% Space Free | Partition Type: NTFS Drive E: | 244,14 Gb Total Space | 72,17 Gb Free Space | 29,56% Space Free | Partition Type: NTFS Drive F: | 199,09 Gb Total Space | 81,87 Gb Free Space | 41,12% Space Free | Partition Type: NTFS Drive G: | 4,61 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive H: | 298,09 Gb Total Space | 281,81 Gb Free Space | 94,54% Space Free | Partition Type: NTFS Drive I: | 298,08 Gb Total Space | 187,74 Gb Free Space | 62,98% Space Free | Partition Type: NTFS Computer Name: MAIK-PC | User Name: Maik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Maik\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe () PRC - C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe (Logitech Inc.) PRC - C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe (Logitech Inc.) PRC - C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe (Logitech Inc.) PRC - C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Logitech Inc.) PRC - C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\astropulse_6.06_windows_intelx86__opencl_ati_100.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe (Adobe Systems Incorporated) PRC - C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\setiathome_7.00_windows_intelx86.exe (Space Sciences Laboratory) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - E:\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.) PRC - C:\Program Files (x86)\eGalaxTouch\xTouchMon.exe () PRC - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE () PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll () MOD - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\astropulse_6.06_windows_intelx86__opencl_ati_100.exe () MOD - C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll () MOD - C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\libfftw3f-3-3_upx.dll () MOD - C:\ProgramData\BOINC\projects\setiathome.berkeley.edu\libfftw3f-3.dll () MOD - C:\Program Files (x86)\eGalaxTouch\xtkutility.dll () MOD - C:\Program Files (x86)\eGalaxTouch\xTouchMon.exe () MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll () ========== Services (SafeList) ========== SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV:64bit: - (MsDepSvc) -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (DymoPnpService) -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeActiveFileMonitor11.0) -- E:\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE () SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (jswpsapi) -- C:\Program Files (x86)\D-Link\DWA-547 revA\jswpsapi.exe (Atheros Communications, Inc.) SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE () ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH) DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH) DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.) DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech) DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech) DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Corel Corporation) DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\LVUVC64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (CompFilter64) -- C:\Windows\SysNative\drivers\lvbflt64.sys (Logitech Inc.) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGPBTDD) -- C:\Windows\SysNative\drivers\LGPBTDD.sys (Logitech Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (EGXFilter) -- C:\Windows\SysNative\drivers\EGXFilter.sys () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (JSWPSLWF) -- C:\Windows\SysNative\drivers\jswpslwfx.sys (Atheros Communications, Inc.) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2261905991-2524039796-917383326-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-2261905991-2524039796-917383326-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKU\S-1-5-21-2261905991-2524039796-917383326-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2261905991-2524039796-917383326-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2261905991-2524039796-917383326-1001\..\SearchScopes,DefaultScope = {FB09A9BC-03A2-43a7-87B4-2CA32852A030} IE - HKU\S-1-5-21-2261905991-2524039796-917383326-1001\..\SearchScopes\{01652542-5B7A-4ace-B963-CB89648DEA41}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF %3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKU\S-1-5-21-2261905991-2524039796-917383326-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-21-2261905991-2524039796-917383326-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=EBBC4A8958A909701B3EAB5140AF8B90&q={searchTerms} IE - HKU\S-1-5-21-2261905991-2524039796-917383326-1001\..\SearchScopes\{FB09A9BC-03A2-43a7-87B4-2CA32852A030}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD IE - HKU\S-1-5-21-2261905991-2524039796-917383326-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2261905991-2524039796-917383326-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: amazon-icon%40giga.de:1.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Maik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.21 09:47:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maik\AppData\Roaming\mozilla\Extensions [2013.04.21 09:47:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maik\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.11.10 13:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maik\AppData\Roaming\mozilla\Firefox\Profiles\n8xrktp5.default\extensions [2013.11.10 13:26:18 | 000,000,000 | ---D | M] (Amazon-Icon) -- C:\Users\Maik\AppData\Roaming\mozilla\Firefox\Profiles\n8xrktp5.default\extensions\amazon-icon@giga.de [2013.03.13 17:56:19 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Maik\AppData\Roaming\mozilla\Firefox\Profiles\n8xrktp5.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013.12.26 17:13:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.12.26 17:13:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.03.13 17:55:57 | 000,000,628 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml O1 HOSTS File: ([2012.05.08 15:35:42 | 000,001,302 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKU\S-1-5-21-2261905991-2524039796-917383326-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2261905991-2524039796-917383326-1001\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Program Files (x86)\BittorrentBar_DE\prxtbBitt.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [ClearTKHandle] C:\Program Files (x86)\eGalaxTouch\ClearTKHandle.exe () O4 - HKLM..\Run: [DLSService] C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2261905991-2524039796-917383326-1001..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2261905991-2524039796-917383326-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2261905991-2524039796-917383326-1001\..Trusted Domains: dhl.de ([www] https in Trusted sites) O15 - HKU\S-1-5-21-2261905991-2524039796-917383326-1001\..Trusted Domains: orion-grosshandel-shop.com ([www] https in Trusted sites) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {85C86CCC-2158-4123-9C7D-785190CED875} https://lernboerse.arbeitsagentur.de/exklusiv/ilias/data/balihob/lm_data/httppath/dpLaunchPlugin.cab (dp Launcher Plugin) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC1B2A3D-76A9-4E25-9E7A-7B8B406A49CF}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.10.10 15:54:08 | 002,290,144 | R--- | M] () - G:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2011.10.09 16:23:34 | 000,224,630 | R--- | M] () - G:\autorun.ico -- [ UDF ] O32 - AutoRun File - [2011.10.09 16:23:34 | 000,000,047 | R--- | M] () - G:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2011.06.07 08:55:18 | 000,000,000 | RH-D | M] - H:\autorun -- [ NTFS ] O32 - AutoRun File - [2002.10.16 13:56:50 | 000,000,036 | RH-- | M] () - H:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2009.01.07 21:18:32 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{55aa6b62-2014-11e1-95d9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{55aa6b62-2014-11e1-95d9-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2011.10.10 15:54:08 | 002,290,144 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AML Device Install.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk - C:\PROGRA~2\D-Link\DWA-54~1\WIRELE~1.EXE - (D-Link Corp.) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk - C:\PROGRA~2\WISO\STEUER~2\MSHAKT~1.EXE - () MsConfig:64bit - StartUpReg: Ad-Aware Browsing Protection - hkey= - key= - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found MsConfig:64bit - StartUpReg: AMD AVT - hkey= - key= - C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: BCU - hkey= - key= - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) MsConfig:64bit - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) MsConfig:64bit - StartUpReg: DLSService - hkey= - key= - C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe (Sanford, L.P.) MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - File not found MsConfig:64bit - StartUpReg: LexwareInfoService - hkey= - key= - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) MsConfig:64bit - StartUpReg: LWS - hkey= - key= - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) MsConfig:64bit - StartUpReg: SearchProtection - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) MsConfig:64bit - StartUpReg: WSManMigrationPlugin - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {41E1F6C1-5365-483E-9630-8DEF6FF61B8D} - msiexec /fus {41E1F6C1-5365-483E-9630-8DEF6FF61B8D} /quiet ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () Drivers32: vidc.i420 - C:\Windows\SysWow64\LVCodec2.dll (Logitech Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2014.02.05 10:09:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Maik\Desktop\OTL.exe [2014.02.04 13:29:31 | 000,000,000 | ---D | C] -- C:\Users\Maik\Desktop\Office2007PIARedist [2014.01.18 09:45:30 | 000,000,000 | ---D | C] -- C:\Users\Maik\Documents\ANNO 2070 [2014.01.17 18:27:09 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Local\Ubisoft Game Launcher [2014.01.17 18:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2014.01.17 18:04:19 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Roaming\Ubisoft [2014.01.15 17:18:42 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2014.01.15 17:18:42 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2014.01.15 17:18:40 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2014.01.11 15:56:52 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Roaming\Guild Wars 2 [2014.01.10 16:50:47 | 000,000,000 | ---D | C] -- C:\Users\Maik\AppData\Roaming\Awesomium [2014.01.08 18:47:58 | 000,000,000 | ---D | C] -- C:\Users\Maik\Documents\Elder Scrolls Online [2014.01.08 18:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Elder Scrolls Online [2014.01.08 17:24:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\_ [2014.01.08 17:19:27 | 000,035,892 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysWow64\SER9PL.sys [2014.01.08 17:12:47 | 000,074,496 | R--- | C] (eGalax_eMPIA Technology Inc.) -- C:\Windows\SysNative\drivers\combus.sys [2014.01.08 17:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eGalaxTouch [2014.01.08 17:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eGalaxTouch [2014.01.08 16:59:14 | 000,504,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml.dll [2014.01.08 16:59:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fleet navigator 4 [2014.01.08 16:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fleet navigator 4 [2014.01.07 20:29:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online Beta ========== Files - Modified Within 30 Days ========== [2014.02.05 10:10:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maik\Desktop\OTL.exe [2014.02.05 09:26:58 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.02.05 09:26:58 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.02.05 09:21:42 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys [2014.02.05 09:21:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.02.05 09:21:07 | 4293,779,454 | -HS- | M] () -- C:\hiberfil.sys [2014.02.04 13:16:07 | 000,024,346 | ---- | M] () -- C:\Users\Maik\Desktop\PB_Umsatzauskunft_KtoNr0855285437_04-02-2014_1315.pdf [2014.02.04 12:03:34 | 001,523,472 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.02.04 12:03:34 | 000,663,070 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.02.04 12:03:34 | 000,623,536 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.02.04 12:03:34 | 000,134,316 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.02.04 12:03:34 | 000,109,948 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.02.02 10:28:47 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014.02.02 10:28:47 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.02.02 10:28:46 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014.01.27 17:38:40 | 000,025,122 | ---- | M] () -- C:\Users\Maik\Desktop\PB_Überweisung_KtoNr0855285437_ 27-01-2014_1741.pdf [2014.01.25 19:34:14 | 639,551,378 | ---- | M] () -- C:\Windows\MEMORY.DMP [2014.01.17 18:05:29 | 000,000,372 | ---- | M] () -- C:\Users\Maik\Desktop\ANNO 2070 - Verknüpfung.lnk [2014.01.16 04:48:03 | 006,745,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.01.08 17:13:02 | 000,001,902 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LaunchTouchMon.lnk [2014.01.07 20:29:05 | 000,000,673 | ---- | M] () -- C:\Users\Maik\Desktop\The Elder Scrolls Online Beta.lnk ========== Files Created - No Company Name ========== [2014.02.04 13:29:31 | 002,983,936 | ---- | C] () -- C:\Users\Maik\Desktop\EPortoInstaller2007_v2.3.msi [2014.02.04 13:29:31 | 000,548,352 | ---- | C] () -- C:\Users\Maik\Desktop\setup.exe [2014.02.04 13:16:07 | 000,024,346 | ---- | C] () -- C:\Users\Maik\Desktop\PB_Umsatzauskunft_KtoNr0855285437_04-02-2014_1315.pdf [2014.01.27 17:38:40 | 000,025,122 | ---- | C] () -- C:\Users\Maik\Desktop\PB_Überweisung_KtoNr0855285437_ 27-01-2014_1741.pdf [2014.01.17 18:05:29 | 000,000,372 | ---- | C] () -- C:\Users\Maik\Desktop\ANNO 2070 - Verknüpfung.lnk [2014.01.08 17:24:10 | 000,000,870 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPS Information.lnk [2014.01.08 17:19:27 | 000,026,719 | ---- | C] () -- C:\Windows\SysWow64\SERSPL.VXD [2014.01.08 17:13:02 | 000,001,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LaunchTouchMon.lnk [2014.01.08 17:12:47 | 000,161,280 | R--- | C] () -- C:\Windows\SysNative\drivers\EGXFilter.sys [2014.01.08 17:12:47 | 000,148,992 | R--- | C] () -- C:\Windows\SysNative\drivers\SerTouch.sys [2014.01.08 17:12:47 | 000,145,408 | R--- | C] () -- C:\Windows\SysNative\drivers\xTouch.sys [2014.01.08 17:12:45 | 000,001,380 | R--- | C] () -- C:\Windows\SysWow64\eGalaxTouch_reg.ini [2014.01.07 20:29:05 | 000,000,673 | ---- | C] () -- C:\Users\Maik\Desktop\The Elder Scrolls Online Beta.lnk [2013.09.20 13:37:41 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2013.08.10 21:20:56 | 001,084,786 | ---- | C] () -- C:\Users\Maik\AppData\Roaming\2433f433 [2013.08.10 21:20:56 | 001,084,751 | ---- | C] () -- C:\ProgramData\2433f433 [2013.08.10 21:20:56 | 001,084,744 | ---- | C] () -- C:\Users\Maik\AppData\Local\2433f433 [2013.03.29 15:38:23 | 012,238,234 | ---- | C] () -- C:\Users\Maik\Datensicherung Mein Büro 20130329153823.mfb [2013.03.02 23:02:02 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2013.01.01 13:28:50 | 005,650,771 | ---- | C] () -- C:\Users\Maik\Datensicherung Mein Büro_1.mfb [2013.01.01 13:20:45 | 005,650,474 | ---- | C] () -- C:\Users\Maik\Datensicherung Mein Büro.mfb [2012.06.03 20:32:40 | 000,000,092 | ---- | C] () -- C:\Users\Maik\AppData\Local\fusioncache.dat [2012.05.27 16:11:26 | 000,000,132 | ---- | C] () -- C:\Users\Maik\AppData\Roaming\Adobe PNG Format CS5 Prefs [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.03 09:18:03 | 001,540,420 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.08 20:56:20 | 000,002,082 | ---- | C] () -- C:\Users\Maik\.recently-used.xbel [2012.03.08 15:25:35 | 000,001,456 | ---- | C] () -- C:\Users\Maik\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.02.19 12:55:52 | 000,182,304 | ---- | C] () -- C:\Windows\SysWow64\BpShellEx.dll [2012.02.15 03:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 03:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.13 15:18:12 | 000,003,584 | ---- | C] () -- C:\Users\Maik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.06 22:09:17 | 000,007,597 | ---- | C] () -- C:\Users\Maik\AppData\Local\Resmon.ResmonCfg [2011.12.06 19:00:32 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.12.06 18:57:21 | 000,000,285 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.15 14:31:52 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Avery [2014.01.12 18:34:22 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Awesomium [2013.08.11 15:03:46 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\BitTorrent [2011.12.27 09:32:44 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Buhl Data Service [2012.05.30 20:01:36 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Buhl Data Service GmbH [2012.12.15 17:24:41 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Canneverbe Limited [2013.12.03 16:37:58 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Canon [2012.01.29 13:50:10 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.01.29 11:55:19 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.11.25 19:25:43 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\DVDVideoSoft [2013.08.09 11:59:57 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Faup [2013.11.02 15:40:22 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\FileZilla [2012.04.03 09:40:51 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Free Monitor for Google [2012.03.08 20:56:20 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\gtk-2.0 [2014.01.11 15:56:54 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Guild Wars 2 [2012.09.15 21:20:46 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\hellomoto [2011.12.06 16:40:23 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Leadertech [2012.02.17 09:38:39 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Lexware [2012.04.11 13:05:40 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\MAGIX [2012.08.20 11:13:44 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\MAX DaisyPlayer [2013.11.25 19:24:54 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\OpenCandy [2013.03.28 10:37:15 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\PDAppFlex [2013.09.20 13:06:02 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\ProtectDISC [2011.12.10 10:45:24 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Software Informer [2012.01.29 13:42:53 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.01.01 11:09:29 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\TeamViewer [2013.04.21 09:47:44 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\TomTom [2014.01.26 21:35:17 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\TS3Client [2013.05.11 17:52:30 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\TuneUp Software [2014.01.17 18:04:19 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Ubisoft [2013.06.02 15:20:06 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Ufzyz [2013.06.02 15:30:21 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Wise Registry Cleaner [2013.09.22 10:27:57 | 000,000,000 | ---D | M] -- C:\Users\Notfall konto\AppData\Roaming\ProtectDISC ========== Purity Check ========== ========== Custom Scans ========== < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: LSASS.EXE > [2009.07.14 02:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe [2011.11.17 07:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe [2013.09.25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\SysNative\lsass.exe [2013.09.25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=4D71227301DD8D09097B9E4CC6527E5A -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe [2012.06.04 08:51:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe [2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe [2011.11.17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe [2013.09.25 02:08:17 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=F021DAFB1F87616FCEBA159C2ED7042F -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe < MD5 for: SVCHOST.EXE > [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*.exe /s > [2011.06.03 16:50:06 | 002,300,272 | ---- | M] (Avery Dennison Corporation. Envel Informationssysteme GmbH.) -- C:\Users\Maik\AppData\Roaming\Avery\Avery Wizard 4.0\AZWizard.exe [2012.06.04 10:43:07 | 009,543,632 | ---- | M] (Buhl Data Service GmbH) -- C:\Users\Maik\AppData\Roaming\Buhl Data Service GmbH\WISO Mein Geld 2012 Professional\Updates\LT2Update2012-05-22.exe [2013.03.18 09:52:41 | 000,054,776 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Maik\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.12.16 13:30:23 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Maik\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2013.06.13 08:22:00 | 000,333,424 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Maik\AppData\Roaming\Microsoft\Installer\{68D2AC29-B594-466A-8D6F-238FA2135BB5}\ARPPRODUCTICON.exe [2013.06.13 08:22:00 | 000,333,424 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Maik\AppData\Roaming\Microsoft\Installer\{68D2AC29-B594-466A-8D6F-238FA2135BB5}\BOINCManagerShortc_A93DE976FB764046A81032A4C7BB0936.exe [2012.11.15 14:23:15 | 000,053,248 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Maik\AppData\Roaming\Microsoft\Installer\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}\ARPPRODUCTICON.exe [2012.03.13 06:56:16 | 000,010,134 | R--- | M] () -- C:\Users\Maik\AppData\Roaming\Microsoft\Installer\{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}\ARPPRODUCTICON.exe [2013.11.25 19:24:55 | 000,303,400 | ---- | M] (OpenCandy) -- C:\Users\Maik\AppData\Roaming\OpenCandy\33382C0F0EC84B18A6F2932BE798AAF0\LatestDLMgr.exe [2013.11.25 19:25:13 | 000,000,000 | ---- | M] () -- C:\Users\Maik\AppData\Roaming\OpenCandy\33382C0F0EC84B18A6F2932BE798AAF0\Setup1004732_DE-1.exe [2013.02.15 03:04:26 | 028,181,408 | ---- | M] (TuneUp Software) -- C:\Users\Maik\AppData\Roaming\OpenCandy\52E02A58CEF945898B8420188E3758B0\TuneUpUtilities2013-2200218_de-DE.exe [2013.11.25 19:25:01 | 000,303,400 | ---- | M] (OpenCandy) -- C:\Users\Maik\AppData\Roaming\OpenCandy\BF9E0A7249FE47939F05261C65922BE0\LatestDLMgr.exe < %APPDATA%\Adobe\Update\*.* > < %APPDATA%\Update\*.* > < %APPDATA%\Microsoft\*.* > [2011.12.29 16:42:09 | 000,001,702 | -HS- | M] () -- C:\Users\Maik\AppData\Roaming\Microsoft\LastFlashConfig.wfc < %ALLUSERSPROFILE%\Favorites\*.* > < %ALLUSERSPROFILE%\*.* > [2013.11.04 17:32:43 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib [2013.08.10 21:20:56 | 001,084,751 | ---- | M] () -- C:\ProgramData\2433f433 [2011.12.06 19:07:02 | 000,000,285 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc < %SYSTEMDRIVE%\*.* > [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2010.11.20 13:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr [2011.12.06 15:11:39 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2006.09.18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2011.12.06 20:30:26 | 000,000,010 | ---- | M] () -- C:\csb.log [2014.02.05 09:21:07 | 4293,779,454 | -HS- | M] () -- C:\hiberfil.sys [2011.12.06 20:30:15 | 000,000,190 | ---- | M] () -- C:\Install.log [2013.05.03 09:27:24 | 000,000,398 | ---- | M] () -- C:\InstallHelper.log [2014.02.05 09:21:15 | 4293,386,237 | -HS- | M] () -- C:\pagefile.sys [2011.12.06 20:24:35 | 000,003,176 | ---- | M] () -- C:\RHDSetup.log [2014.02.05 09:22:28 | 000,000,144 | ---- | M] () -- C:\service.log [2011.03.21 21:08:33 | 000,002,261 | ---- | M] () -- C:\tracert.txt [2011.12.06 15:53:56 | 000,171,136 | RHS- | M] () -- C:\w7ldr < %PROGRAMFILES%\*.* > [2009.07.14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini [2013.11.21 09:51:09 | 000,075,918 | RHS- | M] () -- C:\Program Files (x86)\DLS8Uninstall.log < %PROGRAMFILES%\Internet Explorer\*.* > [2013.12.14 00:29:37 | 003,451,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\D3DCompiler_47.dll [2013.12.14 00:29:38 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\DiagnosticsTap.dll [2013.12.14 00:29:37 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ExtExport.exe [2013.11.26 09:10:54 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\F12Tools.dll [2013.05.31 14:02:56 | 000,002,843 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\ie9props.propdesc [2013.12.14 00:29:38 | 000,696,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iedvtool.dll [2013.11.26 08:55:03 | 000,469,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieinstal.exe [2013.12.14 00:29:38 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe [2013.11.26 07:22:29 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll [2013.11.26 07:41:48 | 000,251,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll [2013.12.14 00:29:38 | 000,806,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013.12.14 00:29:37 | 000,438,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll [2013.12.14 00:29:37 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll [2013.12.14 00:29:38 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll [2013.12.14 00:29:37 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll [2013.12.14 00:29:37 | 000,312,392 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\msdbg2.dll [2013.12.14 00:29:38 | 000,999,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\networkinspection.dll [2013.12.14 00:29:37 | 000,410,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdm.dll [2013.12.14 00:29:37 | 000,097,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdmproxy100.dll [2013.11.27 01:20:01 | 000,235,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\sqmapi.dll < %USERPROFILE%\*.* > [2012.03.08 20:56:20 | 000,002,082 | ---- | M] () -- C:\Users\Maik\.recently-used.xbel [2013.03.29 15:38:43 | 012,238,234 | ---- | M] () -- C:\Users\Maik\Datensicherung Mein Büro 20130329153823.mfb [2013.01.01 13:20:51 | 005,650,474 | ---- | M] () -- C:\Users\Maik\Datensicherung Mein Büro.mfb [2013.01.01 13:28:56 | 005,650,771 | ---- | M] () -- C:\Users\Maik\Datensicherung Mein Büro_1.mfb [2014.02.05 10:30:53 | 006,815,744 | -HS- | M] () -- C:\Users\Maik\ntuser.dat [2014.02.05 10:30:53 | 000,262,144 | -HS- | M] () -- C:\Users\Maik\ntuser.dat.LOG1 [2011.12.06 15:56:20 | 000,000,000 | -HS- | M] () -- C:\Users\Maik\ntuser.dat.LOG2 [2013.05.22 08:22:01 | 000,000,000 | -HS- | M] () -- C:\Users\Maik\NTUSER.DAT_tureg_new.LOG1 [2013.05.22 08:22:01 | 000,000,000 | -HS- | M] () -- C:\Users\Maik\NTUSER.DAT_tureg_new.LOG2 [2013.05.21 21:41:07 | 005,767,168 | -HS- | M] () -- C:\Users\Maik\NTUSER.DAT_tureg_old [2011.12.06 16:31:36 | 000,065,536 | -HS- | M] () -- C:\Users\Maik\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.12.06 16:31:36 | 000,524,288 | -HS- | M] () -- C:\Users\Maik\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.12.06 16:31:36 | 000,524,288 | -HS- | M] () -- C:\Users\Maik\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.07.08 20:32:54 | 000,065,536 | -HS- | M] () -- C:\Users\Maik\ntuser.dat{59d2231c-20f7-11e1-bb87-fc25fa70b199}.TM.blf [2012.07.08 20:32:54 | 000,524,288 | -HS- | M] () -- C:\Users\Maik\ntuser.dat{59d2231c-20f7-11e1-bb87-fc25fa70b199}.TMContainer00000000000000000001.regtrans-ms [2011.12.07 18:46:46 | 000,524,288 | -HS- | M] () -- C:\Users\Maik\ntuser.dat{59d2231c-20f7-11e1-bb87-fc25fa70b199}.TMContainer00000000000000000002.regtrans-ms [2011.12.07 18:09:11 | 000,065,536 | -HS- | M] () -- C:\Users\Maik\ntuser.dat{635a8b88-20f5-11e1-9838-87d05d8bfa99}.TM.blf [2011.12.07 18:09:11 | 000,524,288 | -HS- | M] () -- C:\Users\Maik\ntuser.dat{635a8b88-20f5-11e1-9838-87d05d8bfa99}.TMContainer00000000000000000001.regtrans-ms [2011.12.07 18:09:12 | 000,524,288 | -HS- | M] () -- C:\Users\Maik\ntuser.dat{635a8b88-20f5-11e1-9838-87d05d8bfa99}.TMContainer00000000000000000002.regtrans-ms [2013.05.22 08:23:15 | 000,065,536 | -HS- | M] () -- C:\Users\Maik\ntuser.dat{c949f241-c2af-11e2-8058-806e6f6e6963}.TM.blf [2013.05.22 08:23:15 | 000,524,288 | -HS- | M] () -- C:\Users\Maik\ntuser.dat{c949f241-c2af-11e2-8058-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2013.05.22 08:23:16 | 000,524,288 | -HS- | M] () -- C:\Users\Maik\ntuser.dat{c949f241-c2af-11e2-8058-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2011.12.06 15:56:21 | 000,000,020 | -HS- | M] () -- C:\Users\Maik\ntuser.ini [2011.12.14 09:41:05 | 000,000,000 | ---- | M] () -- C:\Users\Maik\Sti_Trace.log < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\*.exe /90 > < %systemroot%\system32\*.dll /lockedfiles > [2013.12.14 00:29:38 | 000,367,104 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2013.12.14 00:29:38 | 000,244,736 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2013.11.26 08:26:42 | 011,221,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll [2013.05.10 05:56:08 | 011,410,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll < %systemroot%\system32\*.dll /90 > [2013.12.14 00:29:38 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll [2013.12.14 00:29:38 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll [2013.12.14 00:29:41 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\elshyph.dll [2013.12.14 00:29:38 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardie.dll [2013.12.14 00:29:37 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IEAdvpack.dll [2013.11.26 07:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll [2013.12.14 00:29:38 | 000,238,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll [2013.12.14 00:29:37 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieetwproxystub.dll [2013.11.26 08:26:42 | 011,221,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll [2013.12.14 00:29:37 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll [2013.12.14 00:29:38 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll [2013.11.26 09:38:54 | 002,166,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll [2013.12.14 00:29:38 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll [2013.12.14 00:29:37 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll [2013.11.26 09:32:08 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll [2013.12.14 00:29:37 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imgutil.dll [2013.12.14 00:29:38 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inseng.dll [2013.12.14 00:29:38 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\JavaScriptCollectionAgent.dll [2013.12.14 00:29:37 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll [2013.11.26 09:16:12 | 004,243,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll [2013.11.26 09:28:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9diag.dll [2013.12.14 00:29:38 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsIntl.dll [2013.11.26 09:38:07 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll [2013.12.14 00:29:38 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll [2013.12.14 00:29:38 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll [2013.12.14 00:29:37 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll [2013.11.26 11:11:50 | 017,112,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll [2013.12.14 00:29:37 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MshtmlDac.dll [2013.12.14 00:29:38 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll [2013.12.14 00:29:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmler.dll [2013.12.14 00:29:38 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmlmedia.dll [2013.12.14 00:29:38 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msls31.dll [2013.12.14 00:29:38 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msrating.dll [2013.12.14 00:29:37 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll [2013.12.14 00:29:37 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pngfilt.dll [2013.11.12 03:07:29 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll [2013.12.14 00:29:38 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll [2013.11.26 07:27:32 | 001,157,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll [2013.12.14 00:29:38 | 000,454,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll [2013.12.14 00:29:38 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webcheck.dll [2013.11.26 07:33:33 | 001,820,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll [2013.11.23 19:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMPhoto.dll < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\drivers\*.sys /90 > < %systemroot%\system32\*.exe /90 > [2014.02.02 10:28:47 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe [2013.12.14 00:29:37 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieUnatt.exe [2013.12.14 00:29:38 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iexpress.exe [2013.12.14 00:29:37 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedssync.exe [2013.12.14 00:29:37 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshta.exe [2013.12.14 00:29:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\RegisterIEPKEYs.exe [2013.12.14 00:29:37 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\SetIEInstalledDate.exe [2013.12.14 00:29:38 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wextract.exe < %systemroot%\system32\config\*.sav > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\assembly\tmp\*.* /S /MD5 > < %systemroot%\assembly\GAC_32\*.* /S /MD5 > [2009.07.14 02:19:59 | 000,004,608 | ---- | M] () MD5=2CBEAFED3233C20DF11B88DF909CD74F -- C:\Windows\assembly\GAC_32\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\AuditPolicyGPManagedStubs.Interop.dll [2010.11.20 13:32:20 | 000,238,080 | ---- | M] () MD5=D6D26A698BCCD17AB0761E6221C5F3C4 -- C:\Windows\assembly\GAC_32\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll [2012.01.31 13:45:56 | 000,015,720 | ---- | M] () MD5=952C22690DAFE551E8B686252BBFD400 -- C:\Windows\assembly\GAC_32\Corel.VstaMarshaler\15.0.0.486__e4835428e22ad6f9\Corel.VstaMarshaler.dll [2010.11.05 02:57:39 | 000,069,120 | ---- | M] () MD5=C80DA476BFBAD97D874A0EFE037D7113 -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll [2009.07.14 02:22:13 | 000,139,264 | ---- | M] () MD5=3723B29BBFE648380ED9B70B164E33A2 -- C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe [2009.07.13 22:04:37 | 000,002,274 | ---- | M] () MD5=C343B566A3B8DA7743C30796BE0A54D7 -- C:\Windows\assembly\GAC_32\ehexthost32\6.1.0.0__31bf3856ad364e35\ehexthost32.exe.config [2010.11.05 02:57:43 | 000,072,192 | ---- | M] () MD5=D58D4E4AA8D6146D838BE02500F50B27 -- C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll [2010.11.20 13:32:22 | 000,134,656 | ---- | M] () MD5=7D8676EC6A6ABCF57E1F6CA5372E56EE -- C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll [2009.07.14 18:58:26 | 000,090,112 | ---- | M] () MD5=3994CBC9EC487E167992FC1D169A32AC -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.Resources.dll [2010.11.20 13:35:58 | 000,189,952 | ---- | M] () MD5=38D88B9F15909C5EB12543B9ADD60665 -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.dll [2010.11.20 13:35:58 | 000,145,920 | ---- | M] () MD5=7473DCFFD01F73BA2B2621555B02E09A -- C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.Interop.dll [2009.07.14 02:24:14 | 000,507,904 | ---- | M] () MD5=269691AFEE6C44C52CDCA23C24BDBB0C -- C:\Windows\assembly\GAC_32\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll [2009.07.14 02:24:28 | 000,077,824 | ---- | M] () MD5=BB2BB7BFE455562249E922A7AA4493A5 -- C:\Windows\assembly\GAC_32\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll [2013.01.16 06:56:10 | 000,136,624 | ---- | M] () MD5=F8330DA53EA42B4080EBBA5D20E40F66 -- C:\Windows\assembly\GAC_32\Microsoft.Office.Access.BusinessDataCatalog\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Access.BusinessDataCatalog.DLL [2013.09.20 18:27:37 | 000,965,432 | ---- | M] () MD5=2DE34D2775C1D94F2596C5F3015CA96E -- C:\Windows\assembly\GAC_32\Microsoft.Office.BusinessData\14.0.0.0__71e9bce111e9429c\microsoft.office.businessdata.dll [2013.09.20 18:27:46 | 000,121,480 | ---- | M] () MD5=9343F5AE56A7FF0621759642D678A818 -- C:\Windows\assembly\GAC_32\Microsoft.Office.InfoPath.Client.Internal.Host.Interop\14.0.0.0__71e9bce111e9429c\Microsoft.Office.Infopath.Client.Internal .Host.Interop.dll [2009.07.14 02:23:55 | 000,008,192 | ---- | M] () MD5=79D7E7A3CB56C91FE9030C5EFE2DC13C -- C:\Windows\assembly\GAC_32\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.Appl icationId.PolicyManagement.PolicyEngineApi.Interop.dll [2013.09.20 18:27:37 | 000,518,968 | ---- | M] () MD5=6F952AB3B29AC729C8762632E507B350 -- C:\Windows\assembly\GAC_32\Microsoft.SharePoint.BusinessData.Administration.Client\14.0.0.0__71e9bce111e9429c\Microsoft.SharePoint.BusinessData.Admini stration.Client.dll [2012.04.03 09:33:15 | 000,370,528 | ---- | M] () MD5=D33DAC4E03945F180306E618C9505C6E -- C:\Windows\assembly\GAC_32\Microsoft.SqlServer.BatchParser\10.0.0.0__89845dcd8080cc91\microsoft.sqlserver.batchparser.dll [2010.11.05 02:52:36 | 000,163,840 | ---- | M] () MD5=059B857CCA35C20F06B5DEBD51C4FB38 -- C:\Windows\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll [2012.01.31 13:48:42 | 000,595,456 | ---- | M] () MD5=50B0D148581773FF8A09A60764503728 -- C:\Windows\assembly\GAC_32\Microsoft.VisualStudio.Modeling.Sdk.Diagrams.GraphObject\9.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Modeling.Sdk.Diag rams.GraphObject.dll [2013.01.16 06:56:48 | 000,370,608 | ---- | M] () MD5=99D8B5B9A5D631608242BAA23249B2E1 -- C:\Windows\assembly\GAC_32\Microsoft.VisualStudio.Tools.Applications.InteropAdapter\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Tools.Application s.InteropAdapter.dll [2009.07.14 02:26:31 | 000,008,192 | ---- | M] () MD5=FA44A672F1C12791984D9ECAB7DC3177 -- C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll [2009.06.10 22:14:52 | 000,087,888 | ---- | M] () MD5=2E5F1CF69F92392F8829FC9C9263AE9B -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe [2009.06.10 22:14:53 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_32\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config [2012.01.31 13:48:53 | 001,712,128 | ---- | M] () MD5=775BC6EF79E6D5D1852D6419C2B3011A -- C:\Windows\assembly\GAC_32\mscorcfg\3.5.0.0__b03f5f7f11d50a3a\mscorcfg.dll [2009.06.10 22:22:47 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp [2009.06.10 22:22:47 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp [2009.06.10 22:22:58 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp [2013.04.23 23:57:26 | 004,554,752 | ---- | M] () MD5=F90B255442B7DF136ABE99D15036ACAB -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll [2009.06.10 22:23:13 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp [2009.06.10 22:23:13 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp [2009.06.10 22:23:13 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp [2009.06.10 22:23:13 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp [2009.06.10 22:23:13 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp [2009.06.10 22:23:14 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp [2009.06.10 22:23:14 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp [2009.06.10 22:23:17 | 000,262,148 | ---- | M] () MD5=FB59D247F7143C3B9683A547E808A88B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp [2009.06.10 22:23:17 | 000,020,320 | ---- | M] () MD5=FF13BA175F0013D2311827E0D438C60B -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp [2009.06.10 22:23:23 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp [2010.11.20 13:36:00 | 000,046,080 | ---- | M] () MD5=93C4029DABC19166076BE347283AB969 -- C:\Windows\assembly\GAC_32\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL [2010.11.20 13:36:00 | 000,107,008 | ---- | M] () MD5=E9CFC1884D1E579E82073103827FA62B -- C:\Windows\assembly\GAC_32\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL [2009.07.13 23:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.config [2009.07.14 02:25:25 | 000,005,632 | ---- | M] () MD5=608232474C33C71F863B0866E5165C1C -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.0.Microsoft.Ink.dll [2009.06.10 22:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config [2009.07.14 02:26:15 | 000,005,632 | ---- | M] () MD5=2641880E8C12BEE37DDC2813908A2A0F -- C:\Windows\assembly\GAC_32\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRole s.dll [2009.06.10 22:32:22 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRole s.config [2009.07.14 02:23:30 | 000,005,632 | ---- | M] () MD5=D6C077082EAA747911C212A9EB64A813 -- C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRole s.dll [2009.07.13 23:04:07 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.config [2009.07.14 02:22:54 | 000,005,632 | ---- | M] () MD5=331021DA8B00A9ADCDD54B5782943204 -- C:\Windows\assembly\GAC_32\Policy.1.7.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.1.7.Microsoft.Ink.dll [2009.07.13 23:04:08 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config [2009.07.14 02:23:04 | 000,005,632 | ---- | M] () MD5=B3DB67C90DBBB75BFE110A86E951C2EC -- C:\Windows\assembly\GAC_32\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll [2013.04.15 23:56:15 | 004,218,880 | ---- | M] () MD5=8DFB5078508924FA725C203CE179B10C -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll [2009.06.10 22:14:51 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config [2013.04.19 23:55:09 | 001,737,376 | ---- | M] () MD5=E0E5BB58A4C43F7DBB83352785F32DEF -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll [2010.11.05 02:58:05 | 000,486,400 | ---- | M] () MD5=ED40D020A6A82748394F1653CE324CE4 -- C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () MD5=35CAB7CF3754C41AEB69DCE1D5ACA5A4 -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll [2010.11.05 02:58:08 | 000,258,048 | ---- | M] () MD5=6DB969DF540BC71722848940D180AC08 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll [2010.11.20 05:12:59 | 000,113,664 | ---- | M] () MD5=C865DC05ADE0B41A9E14DD585E0CDF94 -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll [2013.04.15 23:56:16 | 000,372,736 | ---- | M] () MD5=962108F1B42E442AF55588CC14F4794F -- C:\Windows\assembly\GAC_32\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () MD5=5F3F1BF5F5B43293953FC915845910C4 -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll [2013.07.03 00:09:05 | 005,283,840 | ---- | M] () MD5=4CB76BD09983C37FE13CE9E525BEADC8 -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll < %systemroot%\assembly\GAC_64\*.* /S /MD5 > [2009.07.14 02:46:07 | 000,004,608 | ---- | M] () MD5=72A9C3F3B78CA92C93E78A46B3D73A7B -- C:\Windows\assembly\GAC_64\AuditPolicyGPManagedStubs.Interop\6.1.0.0__31bf3856ad364e35\AuditPolicyGPManagedStubs.Interop.dll [2010.11.20 14:39:41 | 000,249,344 | ---- | M] () MD5=0EB9F2F8649FC0DE0DB55AFF18093E1C -- C:\Windows\assembly\GAC_64\BDATunePIA\6.1.0.0__31bf3856ad364e35\BDATunePIA.dll [2010.11.05 02:56:37 | 000,080,896 | ---- | M] () MD5=28D0AAEB2F5D05629B287E3534FCAFB3 -- C:\Windows\assembly\GAC_64\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll [2010.11.05 02:56:43 | 000,089,600 | ---- | M] () MD5=8658D501224F8EAA18BCF8104F07AA29 -- C:\Windows\assembly\GAC_64\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll [2010.11.20 14:44:11 | 000,139,264 | ---- | M] () MD5=D32088C67317F5B64C13352E6EB5FFB1 -- C:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll [2010.11.20 14:44:11 | 000,198,656 | ---- | M] () MD5=073C37CEFEB4D5CD86646171C5D999F2 -- C:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe [2010.11.20 14:44:11 | 000,133,120 | ---- | M] () MD5=948ECE6043513473FF26B6A43DCD67C8 -- C:\Windows\assembly\GAC_64\Mcx2Dvcs\6.1.0.0__31bf3856ad364e35\Mcx2Dvcs.dll [2009.07.14 18:58:26 | 000,090,112 | ---- | M] () MD5=4BB5C3949D6BFBD257B78AD5F35AB91A -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\6.1.0.0_de_31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.Resources.dll [2010.11.20 14:44:11 | 000,196,096 | ---- | M] () MD5=6E1F814CEEFC54E14DDBA66415823CFE -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\6.1.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.AdmTmplEditor.dll [2010.11.20 14:44:11 | 000,151,040 | ---- | M] () MD5=63A87E4AEF8F906BABEF2612C2A00586 -- C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.Interop\2.0.0.0__31bf3856ad364e35\Microsoft.GroupPolicy.Interop.dll [2009.07.14 02:51:37 | 000,507,904 | ---- | M] () MD5=80BC35C4CA953CCACFECEE0EDBA14F5A -- C:\Windows\assembly\GAC_64\Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Microsoft.Ink.dll [2009.07.14 02:51:13 | 000,077,824 | ---- | M] () MD5=ADE7BDD9DFFFB5A965DF204114F36951 -- C:\Windows\assembly\GAC_64\Microsoft.Interop.Security.AzRoles\2.0.0.0__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.dll [2011.08.17 06:28:23 | 000,315,392 | ---- | M] () MD5=063FDD306A93B988CBEC9C6987EB2960 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Interop.dll [2010.11.20 14:44:11 | 000,147,968 | ---- | M] () MD5=9453A71711D51C31DD607EC19CA604B0 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.iTV.Media\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.iTV.Media.dll [2010.11.20 14:44:11 | 000,056,320 | ---- | M] () MD5=6B365422C9E1417C9C99FD1234C42F48 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Mheg\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Mheg.dll [2010.11.20 14:44:11 | 000,114,688 | ---- | M] () MD5=2920CBCE0700F34AC9E27423CBD87798 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.Playback\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.Playback.dll [2010.11.20 14:44:12 | 000,327,168 | ---- | M] () MD5=2288CBDEBF5D78E0CB9158D251DE4016 -- C:\Windows\assembly\GAC_64\Microsoft.MediaCenter.TV.Tuners.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.MediaCenter.TV.Tuners.Interop.dll [2009.07.14 02:48:19 | 000,008,192 | ---- | M] () MD5=0B61293239545BDB5CF2EF7208F225DA -- C:\Windows\assembly\GAC_64\Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop\6.1.0.0__31bf3856ad364e35\Microsoft.Security.Appl icationId.PolicyManagement.PolicyEngineApi.Interop.dll [2010.11.05 02:52:15 | 000,163,840 | ---- | M] () MD5=DAC8353CA6D1919C7FF87C00672FBF2E -- C:\Windows\assembly\GAC_64\Microsoft.Transactions.Bridge.Dtc\3.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll [2009.07.14 02:49:27 | 000,008,192 | ---- | M] () MD5=6790FBD2C832CBB26A694E1046F7F2BA -- C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll [2010.11.20 14:39:46 | 000,019,968 | ---- | M] () MD5=DBE659C5CE6689D009D9414CB27FD110 -- C:\Windows\assembly\GAC_64\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop\6.1.0.0__31bf3856ad364e35\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll [2010.11.05 02:53:34 | 000,083,792 | ---- | M] () MD5=15885A86E87CC4291EF628E4F8A9BD6D -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\MSBuild.exe [2009.06.10 21:31:02 | 000,001,581 | ---- | M] () MD5=1EA3E30080C0E256C2EF0C621E91C345 -- C:\Windows\assembly\GAC_64\MSBuild\3.5.0.0__b03f5f7f11d50a3a\msbuild.exe.config [2009.06.10 21:39:44 | 000,066,728 | ---- | M] () MD5=C01B81BB10AD14DBC5C4ECD350638096 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\big5.nlp [2009.06.10 21:39:44 | 000,082,172 | ---- | M] () MD5=EE1F60F8774D74BED8B13498F3FE737A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\bopomofo.nlp [2009.06.10 21:39:54 | 000,116,756 | ---- | M] () MD5=F6DFDA5A31162D848634504565F6D321 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\ksc.nlp [2013.04.23 23:56:10 | 004,567,040 | ---- | M] () MD5=32B844F1DAA7912FBBB119047303E73F -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll [2009.06.10 21:40:01 | 000,059,342 | ---- | M] () MD5=DA5748A89E22A3932387E65694B25BBB -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normidna.nlp [2009.06.10 21:40:01 | 000,045,794 | ---- | M] () MD5=3831A5E217D6FA828CCE1011DA26E677 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfc.nlp [2009.06.10 21:40:01 | 000,039,284 | ---- | M] () MD5=DBDE664E0BA4BACD0A6A04AE2232B205 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfd.nlp [2009.06.10 21:40:01 | 000,066,384 | ---- | M] () MD5=C9B88B759FE81D59CE8EBF5A0A8EB75A -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkc.nlp [2009.06.10 21:40:01 | 000,060,294 | ---- | M] () MD5=3CAB6AB66759FCDF73B61EE262C9ACF4 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\normnfkd.nlp [2009.06.10 21:40:01 | 000,083,748 | ---- | M] () MD5=54144F43EDF5AA8F504A30E7C1D1A7B5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prc.nlp [2009.06.10 21:40:01 | 000,083,748 | ---- | M] () MD5=901863C68E6523336CAC602FE9320ABC -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\prcp.nlp [2009.06.10 21:40:02 | 000,262,148 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp [2009.06.10 21:40:02 | 000,020,320 | ---- | M] () Unable to obtain MD5 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp [2009.06.10 21:40:10 | 000,028,288 | ---- | M] () MD5=09E420F90A329BDA68477FA4AF43CB28 -- C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\xjis.nlp [2010.11.20 14:44:12 | 000,050,176 | ---- | M] () MD5=E0773633E4193B183FB396192581BD86 -- C:\Windows\assembly\GAC_64\napcrypt\6.1.0.0__31bf3856ad364e35\NAPCRYPT.DLL [2010.11.20 14:44:13 | 000,133,632 | ---- | M] () MD5=A302DA1404664CEF1D416ED4DE49EA2B -- C:\Windows\assembly\GAC_64\naphlpr\6.1.0.0__31bf3856ad364e35\NAPHLPR.DLL [2009.06.10 21:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config [2009.07.14 02:52:10 | 000,005,120 | ---- | M] () MD5=C3554C9F9650380CD6A292CD5E7F02C6 -- C:\Windows\assembly\GAC_64\Policy.1.0.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.0.Microsoft.Interop.Security.AzRole s.dll [2009.06.10 21:51:13 | 000,000,494 | ---- | M] () MD5=453626B1A59F62F9A141AC62F4E44E75 -- C:\Windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRole s.config [2009.07.14 02:50:32 | 000,005,120 | ---- | M] () MD5=265830B968EC5512E923C5482A5F5EEB -- C:\Windows\assembly\GAC_64\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.1.7600.16385__31bf3856ad364e35\Policy.1.2.Microsoft.Interop.Security.AzRole s.dll [2009.07.13 22:54:48 | 000,000,442 | ---- | M] () MD5=13E4BF7A255D57592EEDBD04A500C09B -- C:\Windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.config [2009.07.14 02:50:49 | 000,005,120 | ---- | M] () MD5=6162FCE93CE4C29318C179E457CFE656 -- C:\Windows\assembly\GAC_64\Policy.6.0.Microsoft.Ink\6.1.0.0__31bf3856ad364e35\Policy.6.0.Microsoft.Ink.dll [2013.04.15 23:55:18 | 003,998,208 | ---- | M] () MD5=AE098D9D3BD83440C59A0C3386F4F5DD -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll [2009.06.10 21:30:59 | 000,000,161 | ---- | M] () MD5=C0856EC51C8C75B8FDF02C1BBCFE7B93 -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationFontCache.exe.config [2013.04.19 23:54:21 | 002,256,032 | ---- | M] () MD5=6E656C325A5519A3A9D951709958CF6F -- C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\wpfgfx_v0300.dll [2010.11.05 02:56:58 | 000,502,272 | ---- | M] () MD5=2D8090F04B14059E23FE68F9FF3E318C -- C:\Windows\assembly\GAC_64\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll [2010.11.05 02:56:58 | 003,095,552 | ---- | M] () MD5=98D53BB2DB8E11762D30C3CF41FA140B -- C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll [2010.11.05 02:57:00 | 000,245,760 | ---- | M] () MD5=B395F8BE6E578FAB80A1D568911857D7 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll [2010.11.05 02:57:02 | 000,133,120 | ---- | M] () MD5=D9C192B9CD25DC5C9C05DF98C945E3F1 -- C:\Windows\assembly\GAC_64\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll [2013.04.15 23:55:19 | 000,358,912 | ---- | M] () MD5=D5B9510CA085D4E04BEBD2C47CD50925 -- C:\Windows\assembly\GAC_64\System.Printing\3.0.0.0__31bf3856ad364e35\System.Printing.dll [2009.06.10 21:40:06 | 000,283,136 | ---- | M] () MD5=E4806AC8BE2D890193252D4BEE7EA95C -- C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll [2013.07.01 23:53:34 | 005,292,032 | ---- | M] () MD5=DFBF21C7DD33BF6374417E54C433AF8D -- C:\Windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll < HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections > "DefaultConnectionSettings" = 46 00 00 00 3B 12 00 00 09 00 00 00 00 00 00 00 07 00 00 00 2A 2E 6C 6F 63 61 6C 00 00 00 00 04 00 00 00 00 00 00 00 B3 2C D8 14 CC 5D CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 02 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 90 D7 30 DF 3B 79 43 9F 7D 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes] "SavedLegacySettings" = 46 00 00 00 85 3F 00 00 09 00 00 00 00 00 00 00 07 00 00 00 2A 2E 6C 6F 63 61 6C 00 00 00 00 04 00 00 00 00 00 00 00 B3 2C D8 14 CC 5D CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 02 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 90 D7 30 DF 3B 79 43 9F 7D 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [Binary data over 200 bytes] < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Files - Unicode (All) ========== [2013.12.10 21:29:45 | 004,917,637 | ---- | M] ()(C:\Users\Maik\Desktop\?The Dragonborn Comes - Skyrim Bard Song and Main Theme Female Cover?.mp3) -- C:\Users\Maik\Desktop\The Dragonborn Comes - Skyrim Bard Song and Main Theme Female Cover.mp3 [2013.12.10 20:57:52 | 004,917,637 | ---- | C] ()(C:\Users\Maik\Desktop\?The Dragonborn Comes - Skyrim Bard Song and Main Theme Female Cover?.mp3) -- C:\Users\Maik\Desktop\The Dragonborn Comes - Skyrim Bard Song and Main Theme Female Cover.mp3 [2013.10.12 10:55:21 | 100,615,351 | ---- | M] ()(C:\Windows\SysWow64\???¥) -- C:\Windows\SysWow64\摚㿛¥ [2013.10.12 08:54:57 | 100,615,351 | ---- | C] ()(C:\Windows\SysWow64\???¥) -- C:\Windows\SysWow64\摚㿛¥ [2013.09.17 04:31:46 | 097,922,994 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\�댊ž [2013.09.16 16:31:31 | 097,922,994 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\�댊ž < End of report > |
|
05.02.2014, 11:40
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Interpol Trojaner, jetzt hat es mich auch erwischtZitat:
 Diese Einträge in der Hosts dienen dazu, raubkopierte (gecrackte) Software lauffähig zu machen  Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ |
|
05.02.2014, 13:48
| #3 |
| | Interpol Trojaner, jetzt hat es mich auch erwischt ich weiß zwar nicht wie diese auf meinen Rechner kommen, außer den Adobe Acrobat Reader habe ich noch Photoshop Elements auf dem Rechner und das ist gekauft. Kann dir gern die Rechnung zeigen.
__________________Über das was sonst noch auf dem Rechner ist kann ich dir nicht sagen, nutze den nicht alleine. Was sollen denn das für Programme sein die Illegal sind? |
|
05.02.2014, 14:04
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Interpol Trojaner, jetzt hat es mich auch erwischt Kommerzielle Adobe-Software. CS5, CS6 etc. Wer nutzt den Rechner denn noch? Ist das ein gewerblich genutztes System?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.02.2014, 14:15
| #5 |
| | Interpol Trojaner, jetzt hat es mich auch erwischt eigentlich nutze nur ich oder meine Frau hin und wieder den PC, da ich im Fernverkehr unterwegs bin, bin ich nicht immer zuhause. was allerdings sein kann ich das mein Bruder wie der noch hier gewohnt hat bedient hat. könnte sein. aufjeden fall werde ich mal schauen ob außer meinem Elements noch etwas von Adobe auf dem Rechner ist. Und das kann nur etwas mit Adobe sein? |
|
05.02.2014, 15:12
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Interpol Trojaner, jetzt hat es mich auch erwischtZitat:
__________________ --> Interpol Trojaner, jetzt hat es mich auch erwischt |
|
| Themen zu Interpol Trojaner, jetzt hat es mich auch erwischt |
| 4d36e972-e325-11ce-bfc1-08002be10318, ad-aware, amazon-icon, antivir, autorun, avira, bho, bonjour, browser, canon, diagnostics, error, firefox, flash player, format, geld, giga.de, helper.exe, logfile, lws.exe, mozilla, msiexec, realtek, registry, rundll, server, software, svchost.exe, system, trojaner, usb, windows, wiso, wrapper |
Linear-Darstellung
