![]() |
Log-Analyse und Auswertung: Malsign.Dailytools.3A7Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
![]() | #31 |
![]() | ![]() Malsign.Dailytools.3A7 --- Geändert von Gast1234 (29.08.2014 um 13:53 Uhr) |
![]() | #32 |
![]() | ![]() Malsign.Dailytools.3A7 ---
__________________Geändert von Gast1234 (29.08.2014 um 13:53 Uhr) |
![]() | #33 |
![]() | ![]() Malsign.Dailytools.3A7Code:
ATTFilter OTL Extras logfile created on: 29.08.2014 13:34:59 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Lara\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,09 Mb Total Physical Memory | 386,70 Mb Available Physical Memory | 38,17% Memory free 1,99 Gb Paging File | 1,00 Gb Available in Paging File | 50,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215,79 Gb Total Space | 132,11 Gb Free Space | 61,22% Space Free | Partition Type: NTFS Drive D: | 4,00 Gb Total Space | 3,94 Gb Free Space | 98,58% Space Free | Partition Type: NTFS Computer Name: LARASACER | User Name: Lara | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1" [HKEY_USERS\S-1-5-21-1908887682-808319941-1047621281-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{7D54838F-8BA7-4C0C-B876-DF0D8B3226E1}" = lport=2869 | protocol=6 | dir=in | app=system | "{F4B09290-BD1E-4831-BBBF-1F416AE63412}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{179AD27C-D9DF-4596-8781-A35F930B0145}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{181EE725-0B6E-4C8C-8B2F-AED79EEB8403}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe | "{1B60B4C1-D625-4B8A-B1AA-9EC7AB64AFA2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | "{1D316047-0DCD-42DF-AE9F-C0B3F32888E9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe | "{27CFEA0A-C17B-44E1-BC94-55F8EB285F3B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{2A2664EB-0BA5-4FFB-9C84-0C6A0FEA5DFC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | "{39B14AFD-7EB9-41D5-8B45-2A3E7FCF3F53}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{3AA57530-DC3F-4165-8FB3-C8E25D7C698E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{45F93211-A0F0-4504-9BE2-C35B993E0D00}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{517880C9-A4F2-4DED-A056-61AAA0275E7C}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe | "{5255AAED-F3CB-4976-AC09-FA408E38C607}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{717DAE25-0D17-45FE-9E1D-4CD59FDEAFEE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{7BDF5F47-3F22-42C0-829C-5DEEF0E747ED}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{831B0F2B-A208-4BAC-917C-B648A25D409E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe | "{8B0570E0-A335-4607-9602-6B0C79833E91}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe | "{98CE9485-A44E-438C-AB34-2374A81D1954}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{9ED9F2A3-28EE-4205-A52D-C33EAC858965}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{A03FFFEF-2E2C-4272-A35C-B792FDB30FA6}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{A89D6AC9-042D-43E3-BEB1-5321A8BF56BE}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{AB5ECF61-4AD7-4187-9C1D-143F831EC5AF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe | "{CB11B9DA-238E-424A-8B15-5116163912F6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe | "{CB41D34C-E3EE-4C53-9362-27502015D338}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{D007A2E8-8C45-4DE7-8E5B-ABDF3103D2A8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{D5E45B96-DA84-468B-9158-283F8AC6161F}" = dir=in | app=c:\program files\jeak.de\qip 2012 jeak-edition\qip.exe | "{E30CD09C-ABCB-460E-856C-937564C4FC95}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{E646210E-59E2-40C2-8190-55EB24E87DC5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{F503BC85-AE8D-40A9-8AEA-DBA8CA09CEB7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{F54402A7-6EF2-4630-9DCD-BE1886A87DEE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{F97692D2-3096-4D66-A91C-5580303F9270}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "TCP Query User{2A909A04-3300-4B7D-A563-B648929C63BB}C:\program files\jeak.de\qip 2010\qip.exe" = protocol=6 | dir=in | app=c:\program files\jeak.de\qip 2010\qip.exe | "TCP Query User{694529D2-B2AA-443B-97B7-A1529CCC8127}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{7E9BC53B-A2AB-4A2A-A397-4EA931E65507}C:\program files\jeak.de\qip 2010\qip.exe" = protocol=6 | dir=in | app=c:\program files\jeak.de\qip 2010\qip.exe | "TCP Query User{9D1E17FE-AE70-435E-8A95-ECF49D4E8818}C:\program files\jeak.de\qip 2012 jeak-edition\qip.exe" = protocol=6 | dir=in | app=c:\program files\jeak.de\qip 2012 jeak-edition\qip.exe | "TCP Query User{AAB8A1CA-3CFA-49F2-9CFF-9F258E77A45E}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{1A4A8A21-47EC-4AE1-90EE-0AF0F19894F3}C:\program files\jeak.de\qip 2010\qip.exe" = protocol=17 | dir=in | app=c:\program files\jeak.de\qip 2010\qip.exe | "UDP Query User{34BA33AC-3057-4768-8072-EFD419A1E1CB}C:\program files\jeak.de\qip 2012 jeak-edition\qip.exe" = protocol=17 | dir=in | app=c:\program files\jeak.de\qip 2012 jeak-edition\qip.exe | "UDP Query User{6946C119-8581-4CB4-863D-0A1C87850865}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{D34FF93D-39BE-45DC-8D4D-245290AF30A7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{EE0CE719-1224-405F-A053-8CD4D4355B75}C:\program files\jeak.de\qip 2010\qip.exe" = protocol=17 | dir=in | app=c:\program files\jeak.de\qip 2010\qip.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 65 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2FBC78B6-125F-4E8C-8B18-2D7A3C2FD306}" = QIP 2012 7221 Jeak-Edition "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup "{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{59C51498-BEDE-4033-BBEE-16908F1EFB47}" = AVG 2014 "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam "{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14 "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.6.0 "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch) "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E871D09-064D-3BC9-963B-3AB8ABE1273D}" = Microsoft .NET Framework 4.5.1 (DEU) "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.08) - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E62AFEB8-BF5A-4287-A19B-198BB17F6276}" = AVG 2014 "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin "AVG" = AVG 2014 "EPSON Printer and Utilities" = EPSON-Drucker-Software "ESET Online Scanner" = ESET Online Scanner v3 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version "HDMI" = Intel(R) Graphics Media Accelerator Driver "Identity Card" = Identity Card "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "LManager" = Launch Manager "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version "Mozilla Firefox 31.0 (x86 de)" = Mozilla Firefox 31.0 (x86 de) "Mozilla Thunderbird 24.6.0 (x86 de)" = Mozilla Thunderbird 24.6.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "QIP 2012 7221 Jeak-Edition 4.0.7221" = QIP 2012 7221 Jeak-Edition "StarterBackgroundChanger" = StarterBackgroundChanger "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 1.1.9 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1908887682-808319941-1047621281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.18 ========== Last 20 Event Log Errors ========== [ System Events ] Error - 27.08.2014 13:02:50 | Computer Name = larasacer | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 27.08.2014 16:07:02 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht. Error - 28.08.2014 02:43:17 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht. Error - 28.08.2014 06:43:25 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht. Error - 28.08.2014 07:54:47 | Computer Name = larasacer | Source = Service Control Manager | ID = 7034 Description = Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 28.08.2014 08:16:38 | Computer Name = larasacer | Source = DCOM | ID = 10010 Description = Error - 28.08.2014 16:36:33 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht. Error - 28.08.2014 21:25:47 | Computer Name = larasacer | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 28.08.2014 21:31:23 | Computer Name = larasacer | Source = DCOM | ID = 10010 Description = Error - 29.08.2014 08:17:59 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. < End of report > So hab die Doppelposts rausgenommen |
![]() | #34 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Malsign.Dailytools.3A7Fixen mit OTL
ATTFilter :OTL IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;www.joosoft.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;https= IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;www.joosoft.com IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;https= IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;www.joosoft.com FF - prefs.js..network.proxy.type: 4 FF - user.js - File not found :reg [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] "Update-Service-Installer-Service"=- "DailytoolsInstallerService"=- "DailytoolsUpdateService"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com]
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #35 |
![]() | ![]() Malsign.Dailytools.3A7Code:
ATTFilter ========== OTL ========== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKU\S-1-5-21-1908887682-808319941-1047621281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! Prefs.js: 4 removed from network.proxy.type ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\\Update-Service-Installer-Service deleted successfully. Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\\DailytoolsInstallerService deleted successfully. Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\\DailytoolsUpdateService deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com\ deleted successfully. OTL by OldTimer - Version log created on 09022014_125305 |
![]() | #36 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Malsign.Dailytools.3A7 Ok, die restlichen Joosoft/dailytools Einträge sollten damit erlegt sein. Zur Sicherheit nochmal ein eines Kontrollog bitte posten. Zuerst aber bitte das hier auf den Desktop runterladen => http://download.bleepingcomputer.com...7/Dnscache.reg und per Doppelklick ausführen, Abfrage mit ja bestätigen. Das sollte den Dienst "dnscache" reparieren. Starte Windows neu, dann OTL: Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
ATTFilter HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com %SystemRoot%\system32\*.tsp C:\Windows\system32\*.dll /800 CREATERESTOREPOINT
__________________ --> Malsign.Dailytools.3A7 |
![]() | #37 |
![]() | ![]() Malsign.Dailytools.3A7 Alles erledigt. Code:
ATTFilter OTL logfile created on: 02.09.2014 13:19:23 - Run 2 OTL by OldTimer - Version Folder = C:\Users\Lara\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,09 Mb Total Physical Memory | 258,62 Mb Available Physical Memory | 25,53% Memory free 2,20 Gb Paging File | 0,97 Gb Available in Paging File | 44,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215,79 Gb Total Space | 132,44 Gb Free Space | 61,38% Space Free | Partition Type: NTFS Drive D: | 4,00 Gb Total Space | 3,94 Gb Free Space | 98,58% Space Free | Partition Type: NTFS Computer Name: LARASACER | User Name: Lara | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014.08.29 20:32:49 | 007,141,120 | ---- | M] (Igor Pavlov) -- C:\Programme\AVG\AVG2014\Notification\Launcher.exe PRC - [2014.08.28 20:09:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lara\Desktop\OTL.exe PRC - [2014.08.12 18:10:35 | 002,775,576 | ---- | M] () -- C:\Windows\Temp\7zS8F75.tmp\AVG-Secure-Search-Update.exe PRC - [2014.08.11 14:51:00 | 003,244,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2014\avgidsagent.exe PRC - [2014.08.11 14:49:02 | 000,846,864 | ---- | M] (AVG Technologies CZ, s.r.o.) -- c:\Programme\AVG\AVG2014\avgrsx.exe PRC - [2014.08.11 14:45:50 | 000,643,088 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2014\avgcsrvx.exe PRC - [2014.08.11 14:42:36 | 000,838,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2014\avgnsx.exe PRC - [2014.08.11 14:42:34 | 005,187,088 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2014\avgui.exe PRC - [2014.08.11 14:41:40 | 000,657,936 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2014\avgemcx.exe PRC - [2014.08.11 14:36:28 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2014\avgwdsvc.exe PRC - [2014.02.06 13:39:33 | 000,022,040 | ---- | M] () -- C:\Windows\Temp\7zS8F75.tmp\Setup.exe PRC - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.06.26 19:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2013.06.26 19:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe PRC - [2013.04.22 10:02:06 | 000,822,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.08.10 11:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\dsiwmis.exe PRC - [2010.08.10 11:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LMworker.exe PRC - [2010.06.11 15:28:06 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerTray.exe PRC - [2010.06.11 15:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe PRC - [2010.06.11 15:27:54 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe PRC - [2010.06.09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2010.06.08 19:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Registration\GREGsvc.exe ========== Modules (No Company Name) ========== MOD - [2010.06.09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Programme\Launch Manager\CdDirIo.dll ========== Services (SafeList) ========== SRV - [2014.08.20 14:11:21 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014.08.11 14:51:00 | 003,244,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent) SRV - [2014.08.11 14:36:28 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2014\avgwdsvc.exe -- (avgwd) SRV - [2014.07.30 14:26:18 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.06.26 19:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2013.06.26 19:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013.04.22 10:02:06 | 000,822,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.06.11 15:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.06.08 19:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Registration\GREGsvc.exe -- (GREGService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\L1C62x86.sys -- (L1C) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Lara\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2014.06.30 12:43:12 | 000,121,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx) DRV - [2014.06.17 16:22:02 | 000,188,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2014.06.17 16:21:22 | 000,197,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2014.06.17 16:18:00 | 000,241,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx) DRV - [2014.06.17 16:17:58 | 000,147,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2014.06.17 16:06:40 | 000,199,960 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2014.06.17 16:06:24 | 000,098,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2014.06.17 16:06:22 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2014.06.17 16:06:20 | 000,021,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2014.01.23 05:20:56 | 000,153,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2014.01.23 05:20:56 | 000,136,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2014.01.23 05:20:56 | 000,130,248 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) DRV - [2014.01.23 05:20:56 | 000,017,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2013.10.02 02:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2013.06.26 19:23:04 | 000,020,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2013.06.26 19:23:00 | 000,197,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2013.06.26 19:23:00 | 000,024,232 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2013.06.26 19:22:58 | 000,583,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.07.15 23:57:36 | 001,906,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.06.17 08:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.06.03 04:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2009.06.03 04:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2009.06.03 04:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\..\SearchScopes\{891675E3-89A4-4910-A5B8-2EF8AECF6854}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Lara\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.08.02 23:08:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lara\AppData\Roaming\mozilla\Extensions [2014.07.24 19:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lara\AppData\Roaming\mozilla\Firefox\Profiles\pjgxkiv3.default-1384465885983\extensions [2014.07.24 19:48:27 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Lara\AppData\Roaming\mozilla\firefox\profiles\pjgxkiv3.default-1384465885983\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014.07.30 14:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2014.07.30 14:26:25 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - plugin: Error reading preferences file CHR - Extension: YouTube = C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\ CHR - Extension: Google Mail = C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lara\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE95E6C1-AB67-4F53-ADCB-E41A5DB92394}: DhcpNameServer = O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2014.09.02 12:53:05 | 000,000,000 | ---D | C] -- C:\_OTL [2014.09.01 20:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2014.09.01 20:44:28 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2014.09.01 20:43:33 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2014.09.01 20:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2014.09.01 20:43:32 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2014.09.01 20:43:32 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2014.08.29 20:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg_Update_0814av [2014.08.29 14:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2014.08.28 20:09:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lara\Desktop\OTL.exe [2014.08.28 14:49:36 | 002,352,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2014.08.25 21:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2014.08.25 19:53:03 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014.08.25 19:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2014.08.25 19:52:16 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys [2014.08.25 19:52:16 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys [2014.08.25 19:52:16 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2014.08.25 19:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\ Malwarebytes Anti-Malware [2014.08.25 19:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014.08.25 19:50:24 | 000,000,000 | ---D | C] -- C:\Users\Lara\AppData\Local\Programs [2014.08.25 13:05:29 | 000,000,000 | ---D | C] -- C:\Users\Lara\AppData\Local\Adobe [2014.08.22 21:08:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2014.08.22 20:43:18 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll [2014.08.22 20:38:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014.08.22 14:11:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2014.08.22 13:28:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2014.08.22 13:28:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2014.08.22 13:28:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2014.08.22 13:26:18 | 000,000,000 | ---D | C] -- C:\Qoobox [2014.08.22 13:25:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2014.08.21 15:18:20 | 000,000,000 | ---D | C] -- C:\FRST [2014.08.20 14:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2014.08.15 13:00:37 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll [2014.08.15 13:00:32 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll [2014.08.15 13:00:18 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe [2014.08.15 13:00:08 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe [2014.08.13 14:00:22 | 000,219,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2014.08.13 14:00:22 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2014.08.13 14:00:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2014.08.13 13:59:42 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2014.08.13 13:59:42 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll [2014.08.13 13:59:42 | 000,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe [2014.08.13 13:59:16 | 001,810,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2014.08.13 13:59:16 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2014.08.13 13:59:15 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2014.08.13 13:59:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2014.08.13 13:59:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2014.08.13 13:59:00 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2014.08.13 13:58:59 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2014.08.13 13:58:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2014.08.13 13:58:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2014.08.13 13:58:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2014.08.13 13:58:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2014.08.13 13:58:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2014.08.13 13:58:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAT.DLL [2014.08.13 13:58:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDRU.DLL [2014.08.13 13:58:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDYAK.DLL [2014.08.13 13:58:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDRU1.DLL [2014.08.13 13:58:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL ========== Files - Modified Within 30 Days ========== [2014.09.02 13:17:07 | 000,006,748 | ---- | M] () -- C:\Users\Lara\Desktop\Dnscache.reg [2014.09.02 13:16:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.09.02 12:52:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.09.01 20:42:57 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2014.09.01 20:42:54 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2014.09.01 20:42:54 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2014.09.01 20:42:54 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2014.08.29 14:58:10 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2014.08.29 03:33:52 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.08.29 03:33:52 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.08.29 03:24:40 | 000,287,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2014.08.29 03:22:26 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys [2014.08.28 20:09:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lara\Desktop\OTL.exe [2014.08.28 14:03:09 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014.08.23 02:42:53 | 002,352,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2014.08.20 14:11:21 | 000,699,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2014.08.20 14:11:21 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2014.09.02 13:16:58 | 000,006,748 | ---- | C] () -- C:\Users\Lara\Desktop\Dnscache.reg [2014.08.29 14:58:10 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk [2014.08.22 13:28:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2014.08.22 13:28:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2014.08.22 13:28:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2014.08.22 13:28:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2014.08.22 13:28:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.18 19:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2013.04.18 19:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2013.04.18 19:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2013.04.18 19:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2013.04.18 19:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.01.11 13:33:20 | 000,006,144 | ---- | C] () -- C:\Users\Lara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.17 09:19:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers > "ProviderID0" = 1 "ProviderID1" = 2 "ProviderID2" = 3 "ProviderID3" = 4 "NextProviderID" = 7 "ProviderFileName0" = unimdm.tsp -- [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) "ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) "ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) "ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) "NumProviders" = 5 "ProviderID4" = 6 "ProviderFilename4" = incvclor0.tsp < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S > "DisplayName" = @%systemroot%\system32\wkssvc.dll,-100 "Group" = NetworkProvider "ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) "Description" = @%systemroot%\system32\wkssvc.dll,-101 "ObjectName" = NT AUTHORITY\NetworkService "ErrorControl" = 1 "Start" = 2 "Type" = 32 "DependOnService" = BowserMRxSmb10MRxSmb20NSI [binary data] "ServiceSidType" = 1 "RequiredPrivileges" = SeChangeNotifyPrivilegeSeImperson [Binary data over 200 bytes] "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage] "Bind" = \Device\Smb_Tcpip_{BC61CEF9-6D33-4 [Binary data over 200 bytes] "Route" = "Smb" "Tcpip" "{BC61CEF9-6D33-4CF9 [Binary data over 200 bytes] "Export" = \Device\LanmanWorkstation_Smb_Tcpi [Binary data over 200 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\NetworkProvider] "DeviceName" = \Device\LanmanRedirector "Name" = Microsoft Windows Network "DisplayName" = @%systemroot%\system32\wkssvc.dll,-102 "ProviderPath" = %SystemRoot%\System32\ntlanman.dll -- [2010.11.20 14:20:46 | 000,069,120 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters] "ServiceDll" = %SystemRoot%\System32\wkssvc.dll -- [2010.11.20 14:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) "ServiceDllUnloadOnStop" = 1 "EnablePlainTextPassword" = 0 "EnableSecuritySignature" = 1 "RequireSecuritySignature" = 0 "OtherDomains" = [binary data] < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S > "DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101 "Group" = TDI "ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) "Description" = @%SystemRoot%\System32\dnsapi.dll,-102 "ObjectName" = NT AUTHORITY\NetworkService "ErrorControl" = 1 "Start" = 2 "Type" = 32 "DependOnService" = Tdxnsi [binary data] "ServiceSidType" = 1 "RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data] "FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00 [binary data] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters] "ServiceDll" = %SystemRoot%\System32\dnsrslvr.dll -- [2011.03.03 07:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) "ServiceDllUnloadOnStop" = 1 "extension" = %SystemRoot%\System32\dnsext.dll -- [2009.07.14 03:15:12 | 000,006,656 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache] "ShutdownOnIdle" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security] "Security" = 01 00 14 80 F8 00 00 00 04 01 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 C8 00 08 00 00 00 00 02 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 02 28 00 CD 01 02 00 01 06 00 00 00 00 00 05 50 00 00 00 04 C9 44 AF 94 D9 D3 E5 2B E1 B7 1C 17 84 87 13 6E 1A FA 65 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 [Binary data over 200 bytes] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0] "Type" = 4 "Action" = 1 "GUID" = 07 9E 56 B7 21 84 E0 4E AD 10 86 91 5A FD AD 09 [binary data] "Data0" = 5355UDP [binary data] "DataType0" = 2 < HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost > "RPCSS" = RpcEptMapperRpcSs [binary data] "defragsvc" = defragsvc [binary data] -- [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) "LocalSystemNetworkRestricted" = UxSmsWdiSystemHostNetmantrkwks [Binary data over 200 bytes] "LocalService" = nsiWdiServiceHostw32timeEventSy [Binary data over 200 bytes] "netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes] "WerSvcGroup" = wersvc [binary data] -- [2009.07.14 03:16:18 | 000,065,024 | ---- | M] (Microsoft Corporation) "LocalServiceNoNetwork" = DPSPLABFEmpssvcWwanSvc [binary data] "termsvcs" = TermService [binary data] "swprv" = swprv [binary data] -- [2009.07.14 03:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) "LocalServiceNetworkRestricted" = DHCPeventlogAudioSrvBthHFSrvLm [Binary data over 200 bytes] "LocalServicePeerNet" = PNRPSvcp2pimsvcp2psvcPnrpAutoReg [binary data] "NetworkServiceAndNoImpersonation" = KtmRm [binary data] "regsvc" = RemoteRegistry [binary data] "LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSfdre [Binary data over 200 bytes] "DcomLaunch" = PowerPlugPlayDcomLaunch [binary data] "NetworkServiceNetworkRestricted" = PolicyAgent [binary data] "NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes] "sdrsvc" = sdrsvc [binary data] -- [2010.11.20 14:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) "WbioSvcGroup" = WbioSrvc [binary data] -- [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) "imgsvc" = StiSvc [binary data] "wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) "AxInstSVGroup" = AxInstSV [binary data] -- [2010.11.20 14:18:06 | 000,088,064 | ---- | M] (Microsoft Corporation) "secsvcs" = WinDefend [binary data] "bthsvcs" = bthserv [binary data] -- [2009.07.14 03:15:00 | 000,064,512 | ---- | M] (Microsoft Corporation) "GPSvcGroup" = GPSvc [binary data] -- [2010.11.20 14:19:09 | 000,593,408 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\AxInstSVGroup] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\defragsvc] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\GPSvcGroup] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport] < HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com > < %SystemRoot%\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp < C:\Windows\system32\*.dll /800 > [2014.03.04 11:17:05 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\adprovider.dll [2013.08.29 03:48:17 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\advapi32.dll [2014.05.09 09:04:12 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aeinv.dll [2014.05.09 09:06:23 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aepdu.dll [2013.08.02 03:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll [2013.08.02 03:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll [2013.08.02 03:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll [2013.08.02 03:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll [2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll [2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll [2013.08.02 03:48:15 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll [2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll [2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll [2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll [2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll [2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll [2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll [2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll [2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll [2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll [2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll [2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll [2013.08.02 03:48:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll [2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll [2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll [2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll [2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll [2013.08.02 02:43:05 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll [2013.08.02 02:43:05 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll [2013.08.02 02:43:05 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll [2013.01.13 23:16:42 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.01.13 23:12:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.01.13 23:17:02 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.01.13 23:11:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.01.13 23:17:03 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.01.13 23:11:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.01.13 23:11:21 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll [2013.08.02 02:43:05 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll [2013.02.27 06:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\appinfo.dll [2013.09.11 22:21:54 | 000,028,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aspnet_counters.dll [2012.11.06 01:20:50 | 000,168,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\atl110.dll [2013.06.06 05:01:38 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll [2013.06.06 05:01:26 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll [2014.06.03 11:29:40 | 001,805,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\authui.dll [2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll [2012.07.04 23:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browser.dll [2014.03.04 11:17:06 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\capiprovider.dll [2014.06.16 03:40:20 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdd.dll [2013.05.13 05:08:06 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\certenc.dll [2013.04.18 19:06:46 | 000,974,848 | ---- | M] () -- C:\Windows\system32\cis-2.4.dll [2014.03.04 11:17:07 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngprovider.dll [2013.07.04 13:50:56 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\comctl32.dll [2014.05.30 09:52:30 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\credssp.dll [2013.10.04 03:56:25 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\credui.dll [2013.10.05 21:57:25 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll [2013.05.10 05:20:54 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptdlg.dll [2013.07.09 06:46:31 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll [2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll [2013.03.19 06:48:45 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\csrsrv.dll [2013.11.26 10:16:50 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d2d1.dll [2013.01.13 21:46:25 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10.dll [2013.01.13 22:08:43 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10core.dll [2013.01.13 21:54:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll [2013.12.25 01:09:41 | 001,987,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10warp.dll [2013.01.13 21:48:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1.dll [2013.01.13 22:09:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1core.dll [2013.04.26 01:30:32 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d11.dll [2013.07.04 13:51:04 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\davclnt.dll [2013.06.06 06:50:56 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dciman32.dll [2013.04.18 19:06:08 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\system32\dgderapi.dll [2012.10.09 19:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcore6.dll [2012.10.09 19:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcsvc6.dll [2014.03.04 11:17:08 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dimsroam.dll [2014.03.04 11:17:08 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpapiprovider.dll [2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll [2013.04.10 01:34:01 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll [2013.01.13 22:20:31 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxgi.dll [2014.07.24 19:48:57 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll [2014.07.24 19:48:51 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll [2013.01.13 22:30:34 | 000,906,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\FntCache.dll [2013.06.06 06:51:29 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\fontsub.dll [2013.10.12 04:01:25 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\FWPUCLNT.DLL [2012.12.07 14:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gameux.dll [2014.08.23 03:46:55 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gdi32.dll [2014.07.01 00:14:53 | 000,008,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardres.dll [2014.07.24 19:57:19 | 009,739,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll [2014.07.24 19:49:37 | 001,802,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll [2014.07.24 19:47:53 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll [2013.10.12 04:01:41 | 000,679,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IKEEXT.DLL [2013.10.19 03:36:59 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll [2014.03.09 23:47:43 | 000,099,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\infocardapi.dll [2014.02.04 04:00:39 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iologmsg.dll [2012.10.03 18:40:35 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iphlpsvc.dll [2013.04.18 19:06:46 | 000,081,920 | ---- | M] () -- C:\Windows\system32\issacapi_bs-2.3.dll [2013.04.18 19:06:46 | 000,065,536 | ---- | M] () -- C:\Windows\system32\issacapi_pe-2.3.dll [2013.04.18 19:06:46 | 000,057,344 | ---- | M] () -- C:\Windows\system32\issacapi_se-2.3.dll [2014.07.24 19:49:29 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll [2014.07.24 19:58:33 | 001,810,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll [2014.07.24 19:50:10 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll [2014.07.09 03:29:31 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KBDBASH.DLL [2014.07.09 03:29:32 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KBDRU.DLL [2014.07.09 03:29:32 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KBDRU1.DLL [2014.07.09 03:29:32 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KBDTAT.DLL [2014.07.09 03:29:32 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KBDYAK.DLL [2014.05.30 09:52:36 | 000,550,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll [2014.03.04 11:17:13 | 000,868,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll [2014.03.04 11:17:13 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll [2013.06.06 06:52:14 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\lpk.dll [2014.06.05 16:26:50 | 001,059,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\lsasrv.dll [2013.04.18 19:06:46 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MACXMLProto.dll [2013.04.18 19:06:46 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\system32\MaDRM.dll [2013.04.18 19:06:46 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaJGUILib.dll [2013.04.18 19:06:46 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\system32\MAMACExtract.dll [2013.04.18 19:06:46 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaXMLProto.dll [2012.11.06 01:20:52 | 004,421,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110.dll [2012.11.06 01:20:52 | 004,456,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110u.dll [2012.11.06 01:20:52 | 000,092,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfcm110.dll [2012.11.06 01:20:52 | 000,092,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfcm110u.dll [2013.04.18 19:06:46 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\system32\MK_Lyric.dll [2013.04.18 19:06:46 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSCLib.dll [2013.12.04 04:02:06 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msdrm.dll [2014.07.24 19:49:18 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll [2014.07.24 19:48:53 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll [2013.04.18 19:06:46 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSFLib.dll [2014.07.24 20:07:38 | 012,356,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll [2014.07.24 19:48:36 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll [2014.06.03 11:29:50 | 002,363,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll [2013.10.30 04:19:52 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msieftp.dll [2014.06.03 11:29:50 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msihnd.dll [2013.04.18 19:06:46 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\system32\MSLUR71.dll [2013.01.04 08:11:21 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msmpeg2vdec.dll [2013.10.02 02:14:58 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MsRdpWebAccess.dll [2014.01.09 04:22:42 | 005,694,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll [2014.05.30 09:52:40 | 000,259,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msv1_0.dll [2012.11.06 01:20:52 | 000,535,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp110.dll [2013.09.11 22:21:54 | 000,501,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp110_clr0400.dll [2013.09.11 22:21:54 | 000,018,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr100_clr0400.dll [2012.11.06 01:20:52 | 000,875,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr110.dll [2013.09.11 22:21:54 | 000,863,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr110_clr0400.dll [2013.09.08 04:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mswsock.dll [2014.03.26 16:27:50 | 001,237,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll [2014.03.26 16:25:14 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3r.dll [2014.03.26 16:27:50 | 001,389,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll [2014.03.26 16:25:14 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6r.dll [2013.04.18 19:06:46 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\system32\MTTELECHIP.dll [2013.04.18 19:06:46 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\system32\MTXSYNCICON.dll [2013.04.18 19:06:46 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzaf1.dll [2013.04.18 19:06:46 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzapp.dll [2013.04.18 19:06:46 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\system32\muzwmts.dll [2014.05.30 09:52:41 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll [2012.10.03 18:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncsi.dll [2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll [2012.10.03 18:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netcorehc.dll [2012.10.03 18:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netevent.dll [2012.10.03 18:42:26 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nlaapi.dll [2012.10.03 18:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nlasvc.dll [2013.10.12 04:03:08 | 000,656,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nshwfp.dll [2013.08.29 03:50:30 | 001,289,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll [2014.03.04 11:17:19 | 000,538,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\objsel.dll [2013.07.20 12:33:12 | 000,102,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll [2014.06.06 11:44:17 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qedit.dll [2014.05.08 11:06:54 | 002,742,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcorets.dll [2012.08.23 13:12:17 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpendp_winip.dll [2014.05.08 11:06:54 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\RdpGroupPolicyExtension.dll [2012.08.23 16:48:14 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpudd.dll [2013.10.02 01:08:10 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdvidcrl.dll [2013.04.18 19:08:14 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\system32\Redemption.dll [2014.07.14 03:42:02 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rpcrt4.dll [2013.08.28 02:57:20 | 000,434,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scavengeui.dll [2014.05.30 09:52:45 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll [2013.10.12 04:03:31 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scrrun.dll [2013.12.04 04:03:08 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secproc.dll [2013.12.04 04:03:20 | 000,423,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secproc_isv.dll [2013.12.04 04:03:20 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secproc_ssp.dll [2013.12.04 04:03:20 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secproc_ssp_isv.dll [2014.04.12 04:12:06 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll [2013.06.26 19:23:00 | 001,084,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sftldr.dll [2013.07.26 03:55:59 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shdocvw.dll [2014.06.25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll [2013.10.04 03:58:50 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\SmartcardCredentialProvider.dll [2014.04.12 04:12:09 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll [2014.04.12 04:12:09 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspisrv.dll [2012.09.26 00:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll [2013.08.29 03:50:16 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tdh.dll [2013.10.02 01:58:48 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tsgqec.dll [2014.05.30 09:52:49 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\TSpkg.dll [2013.10.02 01:45:04 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\TsUsbGDCoInstaller.dll [2013.10.02 02:30:38 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll [2013.09.25 03:57:53 | 000,792,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\TSWorkspace.dll [2014.07.16 04:46:02 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll [2013.01.13 21:53:14 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\UIAnimation.dll [2014.07.24 19:50:29 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll [2014.07.24 19:52:27 | 001,137,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll [2014.04.25 04:06:17 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\usp10.dll [2014.07.24 19:49:38 | 000,421,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll [2012.11.06 01:20:52 | 000,252,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vccorlib110.dll [2012.11.06 01:20:52 | 000,125,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vcomp110.dll [2012.07.26 04:46:47 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wdfres.dll [2014.05.30 09:52:51 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wdigest.dll [2013.07.04 13:57:28 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WebClnt.dll [2014.01.29 04:06:47 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wer.dll [2013.04.26 06:55:21 | 000,492,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll [2014.03.04 11:17:38 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wincredprovider.dll [2014.09.01 20:42:57 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\WindowsAccessBridge.dll [2014.02.04 04:04:22 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecs.dll [2013.01.13 21:53:58 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecsExt.dll [2014.07.24 19:51:52 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll [2013.08.02 03:50:36 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winsrv.dll [2013.07.09 06:52:10 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll [2013.10.02 02:14:20 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wksprtPS.dll [2013.05.10 06:56:08 | 011,410,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmp.dll [2013.11.23 20:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMPhoto.dll [2013.05.10 06:56:15 | 012,625,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmploc.DLL [2013.07.25 10:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMVDECOD.DLL [2012.12.07 14:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wpc.dll [2014.05.14 18:23:38 | 000,581,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuapi.dll [2014.05.14 18:23:32 | 001,973,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuaueng.dll [2014.05.14 18:17:15 | 002,425,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wucltux.dll [2012.07.26 05:20:40 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFCoinstaller.dll [2012.07.26 05:20:40 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFPlatform.dll [2012.07.26 05:20:40 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFSvc.dll [2012.07.26 05:20:40 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFx.dll [2014.05.14 18:17:10 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wudriver.dll [2014.05.14 18:23:42 | 000,036,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups.dll [2014.05.14 18:23:42 | 000,045,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups2.dll [2014.05.14 09:23:04 | 000,179,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuwebv.dll [2013.03.19 05:33:33 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wwanprotdim.dll [2014.01.28 04:07:07 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wwansvc.dll [2013.01.13 20:34:58 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsGdiConverter.dll [2013.01.13 19:26:42 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsPrint.dll < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.09.2014 13:19:24 - Run 2 OTL by OldTimer - Version Folder = C:\Users\Lara\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,09 Mb Total Physical Memory | 258,62 Mb Available Physical Memory | 25,53% Memory free 2,20 Gb Paging File | 0,97 Gb Available in Paging File | 44,12% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215,79 Gb Total Space | 132,44 Gb Free Space | 61,38% Space Free | Partition Type: NTFS Drive D: | 4,00 Gb Total Space | 3,94 Gb Free Space | 98,58% Space Free | Partition Type: NTFS Computer Name: LARASACER | User Name: Lara | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1" [HKEY_USERS\S-1-5-21-1908887682-808319941-1047621281-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{7D54838F-8BA7-4C0C-B876-DF0D8B3226E1}" = lport=2869 | protocol=6 | dir=in | app=system | "{F4B09290-BD1E-4831-BBBF-1F416AE63412}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{179AD27C-D9DF-4596-8781-A35F930B0145}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{181EE725-0B6E-4C8C-8B2F-AED79EEB8403}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe | "{1B60B4C1-D625-4B8A-B1AA-9EC7AB64AFA2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | "{1D316047-0DCD-42DF-AE9F-C0B3F32888E9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe | "{27CFEA0A-C17B-44E1-BC94-55F8EB285F3B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{2A2664EB-0BA5-4FFB-9C84-0C6A0FEA5DFC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | "{39B14AFD-7EB9-41D5-8B45-2A3E7FCF3F53}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{3AA57530-DC3F-4165-8FB3-C8E25D7C698E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{45F93211-A0F0-4504-9BE2-C35B993E0D00}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{517880C9-A4F2-4DED-A056-61AAA0275E7C}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe | "{5255AAED-F3CB-4976-AC09-FA408E38C607}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{717DAE25-0D17-45FE-9E1D-4CD59FDEAFEE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{7BDF5F47-3F22-42C0-829C-5DEEF0E747ED}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{831B0F2B-A208-4BAC-917C-B648A25D409E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe | "{8B0570E0-A335-4607-9602-6B0C79833E91}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe | "{98CE9485-A44E-438C-AB34-2374A81D1954}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{9ED9F2A3-28EE-4205-A52D-C33EAC858965}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{A03FFFEF-2E2C-4272-A35C-B792FDB30FA6}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{A89D6AC9-042D-43E3-BEB1-5321A8BF56BE}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{AB5ECF61-4AD7-4187-9C1D-143F831EC5AF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe | "{CB11B9DA-238E-424A-8B15-5116163912F6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe | "{CB41D34C-E3EE-4C53-9362-27502015D338}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | "{D007A2E8-8C45-4DE7-8E5B-ABDF3103D2A8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{D5E45B96-DA84-468B-9158-283F8AC6161F}" = dir=in | app=c:\program files\jeak.de\qip 2012 jeak-edition\qip.exe | "{E30CD09C-ABCB-460E-856C-937564C4FC95}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{E646210E-59E2-40C2-8190-55EB24E87DC5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{F503BC85-AE8D-40A9-8AEA-DBA8CA09CEB7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{F54402A7-6EF2-4630-9DCD-BE1886A87DEE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{F97692D2-3096-4D66-A91C-5580303F9270}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | "TCP Query User{2A909A04-3300-4B7D-A563-B648929C63BB}C:\program files\jeak.de\qip 2010\qip.exe" = protocol=6 | dir=in | app=c:\program files\jeak.de\qip 2010\qip.exe | "TCP Query User{694529D2-B2AA-443B-97B7-A1529CCC8127}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{7E9BC53B-A2AB-4A2A-A397-4EA931E65507}C:\program files\jeak.de\qip 2010\qip.exe" = protocol=6 | dir=in | app=c:\program files\jeak.de\qip 2010\qip.exe | "TCP Query User{9D1E17FE-AE70-435E-8A95-ECF49D4E8818}C:\program files\jeak.de\qip 2012 jeak-edition\qip.exe" = protocol=6 | dir=in | app=c:\program files\jeak.de\qip 2012 jeak-edition\qip.exe | "TCP Query User{AAB8A1CA-3CFA-49F2-9CFF-9F258E77A45E}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{1A4A8A21-47EC-4AE1-90EE-0AF0F19894F3}C:\program files\jeak.de\qip 2010\qip.exe" = protocol=17 | dir=in | app=c:\program files\jeak.de\qip 2010\qip.exe | "UDP Query User{34BA33AC-3057-4768-8072-EFD419A1E1CB}C:\program files\jeak.de\qip 2012 jeak-edition\qip.exe" = protocol=17 | dir=in | app=c:\program files\jeak.de\qip 2012 jeak-edition\qip.exe | "UDP Query User{6946C119-8581-4CB4-863D-0A1C87850865}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{D34FF93D-39BE-45DC-8D4D-245290AF30A7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{EE0CE719-1224-405F-A053-8CD4D4355B75}C:\program files\jeak.de\qip 2010\qip.exe" = protocol=17 | dir=in | app=c:\program files\jeak.de\qip 2010\qip.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2FBC78B6-125F-4E8C-8B18-2D7A3C2FD306}" = QIP 2012 7221 Jeak-Edition "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup "{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{59C51498-BEDE-4033-BBEE-16908F1EFB47}" = AVG 2014 "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam "{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14 "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.6.0 "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch) "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E871D09-064D-3BC9-963B-3AB8ABE1273D}" = Microsoft .NET Framework 4.5.1 (DEU) "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.08) - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E62AFEB8-BF5A-4287-A19B-198BB17F6276}" = AVG 2014 "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin "AVG" = AVG 2014 "Defraggler" = Defraggler "EPSON Printer and Utilities" = EPSON-Drucker-Software "ESET Online Scanner" = ESET Online Scanner v3 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version "HDMI" = Intel(R) Graphics Media Accelerator Driver "Identity Card" = Identity Card "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "LManager" = Launch Manager "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version "Mozilla Firefox 31.0 (x86 de)" = Mozilla Firefox 31.0 (x86 de) "Mozilla Thunderbird 24.6.0 (x86 de)" = Mozilla Thunderbird 24.6.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "QIP 2012 7221 Jeak-Edition 4.0.7221" = QIP 2012 7221 Jeak-Edition "StarterBackgroundChanger" = StarterBackgroundChanger "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 1.1.9 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1908887682-808319941-1047621281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.18 ========== Last 20 Event Log Errors ========== [ System Events ] Error - 28.08.2014 08:16:38 | Computer Name = larasacer | Source = DCOM | ID = 10010 Description = Error - 28.08.2014 16:36:33 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht. Error - 28.08.2014 21:25:47 | Computer Name = larasacer | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 28.08.2014 21:31:23 | Computer Name = larasacer | Source = DCOM | ID = 10010 Description = Error - 29.08.2014 08:17:59 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 29.08.2014 14:26:41 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht. Error - 30.08.2014 03:10:19 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht. Error - 31.08.2014 09:46:54 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht. Error - 31.08.2014 13:14:37 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 01.09.2014 14:30:55 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. < End of report > |
![]() | #38 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Malsign.Dailytools.3A7 Sieht gut aus. Rechner wieder ok?
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #39 |
![]() | ![]() Malsign.Dailytools.3A7 Bis jetzt läuft alles gut =) Tausend Dank! |
![]() | #40 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Malsign.Dailytools.3A7 Dann wären wir durch! ![]() Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen. Helfen kann dir dabei delfix: Die Reihenfolge ist hier entscheidend.
Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #41 |
![]() | ![]() Malsign.Dailytools.3A7Code:
ATTFilter # DelFix v10.8 - Datei am 02/09/2014 um 20:53:17 erstellt # Aktualisiert am 29/07/2014 von Xplode # Benutzer : Lara - LARASACER # Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits) ~ Aktiviere die Benutzerkontensteuerung ... OK ~ Entferne die Bereinigungsprogramme ... Gelöscht : C:\Qoobox Gelöscht : C:\_OTL Gelöscht : C:\FRST Gelöscht : C:\AdwCleaner Gelöscht : C:\ComboFix.txt Gelöscht : C:\Windows\grep.exe Gelöscht : C:\Windows\PEV.exe Gelöscht : C:\Windows\NIRCMD.exe Gelöscht : C:\Windows\MBR.exe Gelöscht : C:\Windows\SED.exe Gelöscht : C:\Windows\SWREG.exe Gelöscht : C:\Windows\SWSC.exe Gelöscht : C:\Windows\SWXCACLS.exe Gelöscht : C:\Windows\Zip.exe Gelöscht : HKLM\SOFTWARE\OldTimer Tools Gelöscht : HKLM\SOFTWARE\AdwCleaner Gelöscht : HKLM\SOFTWARE\Swearware Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe ~ Erstelle ein Backup der Registrierungsdatenbank ... OK ~ Lösche die Wiederherstellungspunkte ... Gelöscht : RP #287 [Entfernt Atheros Communications Inc.(R) AR81Family Gigabit/Fast ¨±ûv | 08/28/2014 12:16:57] Gelöscht : RP #288 [Windows Update | 08/29/2014 01:01:10] Gelöscht : RP #289 [OTL Restore Point - 29.08.2014 13:41:27 | 08/29/2014 11:41:39] Gelöscht : RP #290 [Installed Java 7 Update 67 | 09/01/2014 18:38:09] Gelöscht : RP #291 [OTL Restore Point - 02.09.2014 13:28:31 | 09/02/2014 11:28:33] Ein neuer Wiederherstellungspunkt wurde erstellt ! ~ Stelle die Systemeinstellungen wieder her ... OK ########## - EOF - ########## |
![]() |
Themen zu Malsign.Dailytools.3A7 |
andauernd, anderen, bedrohung, bezüglich, dailytools, dauernd, entferne, erscheint, hochfahren, malsign.dailytools.3a7, pcs, tagen, taucht, textdatei, thread, win32/bundled.toolbar.ask, win32/bundled.toolbar.ask.g, win32/installcore.qh, win32/startpage.oie, win32/toolbar.conduit |