Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 10.11.2011, 13:21   #1
Antestor
 
Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles - Standard

Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles



Gestern schlug Antivir bei mir Alarm. Auf 3 Partitionen wurde jeweils die Datei

pcwelt.scr

gefunden, die angeblich den Trojaner TR/Gendal.2.4609 enthält. Im selben Verzeichnis war eine autorun.inf, die die Dateien starten sollte (was unter Windows 7 ja nicht passiert). 2 der Partitionen waren mit Truecrypt verschlüsselt und der Alarm schlug an, als die Platten gemounted wurden. Ich habe die scr-Datei bei einem Online-Checker hochgeladen, die hälfte der Programme identifizierte ihn als Malware (allerdings immer eine andere), die andere Hälfte sagte, die Datei sei sauber. Ich hab die Dateien gelöscht und sie sind auch nach einem Neustart nicht wieder gekommen. Auf der Systempartiotion waren keine infizierten Dateien.

Ich habe mein System nun gescannt (während alle verschlüsselten Partitionen offen waren). Hier die Logfiles:

Defogger_disable:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:38 on 10/11/2011 (Antestor)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
OTL-File:
Code:
ATTFilter
OTL logfile created on: 10.11.2011 12:49:09 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Antestor\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 65,88% Memory free
8,00 Gb Paging File | 6,26 Gb Available in Paging File | 78,23% Paging File free
Paging file location(s): o:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69,23 Gb Total Space | 3,99 Gb Free Space | 5,77% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 19,51 Gb Free Space | 9,76% Space Free | Partition Type: NTFS
Drive E: | 600,00 Gb Total Space | 176,94 Gb Free Space | 29,49% Space Free | Partition Type: NTFS
Drive M: | 1000,00 Gb Total Space | 6,60 Gb Free Space | 0,66% Space Free | Partition Type: NTFS
Drive O: | 31,51 Gb Total Space | 5,47 Gb Free Space | 17,35% Space Free | Partition Type: NTFS
Drive S: | 7,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive W: | 100,00 Gb Total Space | 5,59 Gb Free Space | 5,59% Space Free | Partition Type: NTFS
Drive Y: | 397,26 Gb Total Space | 372,87 Gb Free Space | 93,86% Space Free | Partition Type: NTFS
 
Computer Name: GRAMHEIM-PC | User Name: Antestor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.10 12:32:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Antestor\Downloads\OTL.exe
PRC - [2011.09.19 18:13:53 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\Antestor\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2011.08.25 15:35:06 | 000,095,640 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\AppHookx86.exe
PRC - [2011.01.27 16:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.12.11 18:05:10 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2010.10.29 13:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010.04.28 22:28:18 | 003,727,411 | ---- | M] (FreeDownloadManager.ORG) -- C:\PROGRA~2\FREEDO~1\fdm.exe
PRC - [2010.03.26 08:40:46 | 005,805,216 | ---- | M] (Salfeld Computer) -- C:\Windows\tray\wintmr.exe
PRC - [2010.03.26 08:40:44 | 005,558,432 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cc32\webtmr.exe
PRC - [2010.01.27 17:00:16 | 001,595,032 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cchservice.exe
PRC - [2010.01.22 20:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010.01.22 20:56:46 | 000,064,048 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2010.01.22 20:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010.01.22 20:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010.01.22 20:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009.12.15 09:33:28 | 000,370,688 | ---- | M] (BAUM Retec AG) -- C:\Program Files (x86)\Common Files\BAUM Retec\BrailleServer\1.0\BralMiniServer.exe
PRC - [2009.11.12 05:42:56 | 000,362,032 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009.11.12 05:42:20 | 005,140,960 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009.11.07 23:26:50 | 001,412,552 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt.exe
PRC - [2009.10.15 13:33:02 | 000,136,520 | ---- | M] (BAUM Retec AG) -- C:\Program Files (x86)\BAUM Retec\COBRA\9.0\CobraProxy.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.12.19 11:18:42 | 000,405,504 | ---- | M] (BAUM Retec AG) -- C:\Program Files (x86)\Common Files\BAUM Retec\BrailleServer\1.0\BralMiniSrv_Service.exe
PRC - [2007.04.24 19:19:54 | 003,581,680 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
PRC - [2007.03.08 18:48:16 | 001,081,344 | ---- | M] (Pantone & X-Rite) -- C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe
PRC - [2003.06.30 17:30:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.01.22 20:57:04 | 000,970,288 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2010.01.22 20:56:46 | 000,068,656 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2008.12.30 01:03:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\iefdm2.dll
MOD - [2007.04.24 15:22:12 | 000,112,400 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll
MOD - [2007.04.23 00:19:28 | 000,026,392 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\Docklets\Calendar\Calendar.dll
MOD - [2007.04.21 13:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\zlib.dll
MOD - [2007.04.19 14:23:48 | 000,095,944 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\CrashRpt.dll
MOD - [2004.07.26 19:03:50 | 000,249,856 | ---- | M] () -- C:\Program Files (x86)\ScanWizard 5\SFRes.dll
MOD - [2003.06.30 17:30:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
MOD - [2002.11.19 14:11:40 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Common Files\Stardock\ODImg.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.09.23 23:28:02 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.07.15 16:28:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.01.27 16:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.27 17:00:16 | 001,595,032 | ---- | M] (Salfeld Computer) [Auto | Running] -- C:\Windows\SysWOW64\cchservice.exe -- (Windows-CCHook-Service)
SRV - [2010.01.22 20:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010.01.22 20:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010.01.22 20:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010.01.22 20:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.01.08 11:33:12 | 002,480,048 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009.11.12 05:43:16 | 000,894,544 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.10.12 13:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.14 00:15:34 | 000,730,264 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\ksupmgr.exe -- (ksupmgr)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.12.19 11:18:42 | 000,405,504 | ---- | M] (BAUM Retec AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\BAUM Retec\BrailleServer\1.0\BralMiniSrv_Service.exe -- (BralMiniServer Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.29 20:09:14 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2010.09.29 20:09:14 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2010.02.08 00:41:48 | 000,038,512 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFEHashRIPEMD.sys -- (FreeOTFEHashRIPEMD)
DRV:64bit: - [2010.02.08 00:41:48 | 000,035,440 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherTwofish_ltc.sys -- (FreeOTFECypherTwofish_ltc)
DRV:64bit: - [2010.02.08 00:41:48 | 000,034,928 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFEHashWhirlpool.sys -- (FreeOTFEHashWhirlpool)
DRV:64bit: - [2010.02.08 00:41:48 | 000,029,296 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFEHashSHA.sys -- (FreeOTFEHashSHA)
DRV:64bit: - [2010.02.08 00:41:48 | 000,026,224 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFEHashTiger.sys -- (FreeOTFEHashTiger)
DRV:64bit: - [2010.02.08 00:41:48 | 000,022,640 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFEHashMD.sys -- (FreeOTFEHashMD)
DRV:64bit: - [2010.02.08 00:41:46 | 000,060,016 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherDES.sys -- (FreeOTFECypherDES)
DRV:64bit: - [2010.02.08 00:41:46 | 000,035,952 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherSerpent_Gladman.sys -- (FreeOTFECypherSerpent_Gladman)
DRV:64bit: - [2010.02.08 00:41:46 | 000,034,928 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherCAST6_Gladman.sys -- (FreeOTFECypherCAST6_Gladman)
DRV:64bit: - [2010.02.08 00:41:46 | 000,030,832 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherMARS_Gladman.sys -- (FreeOTFECypherMARS_Gladman)
DRV:64bit: - [2010.02.08 00:41:46 | 000,029,296 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherRC6_ltc.sys -- (FreeOTFECypherRC6_ltc)
DRV:64bit: - [2010.02.08 00:41:44 | 000,050,800 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherAES_ltc.sys -- (FreeOTFECypherAES_ltc)
DRV:64bit: - [2010.02.08 00:41:44 | 000,038,512 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFE.sys -- (FreeOTFE)
DRV:64bit: - [2010.02.08 00:41:44 | 000,034,928 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherCAST5.sys -- (FreeOTFECypherCAST5)
DRV:64bit: - [2010.02.08 00:41:44 | 000,027,760 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherBlowfish.sys -- (FreeOTFECypherBlowfish)
DRV:64bit: - [2010.01.22 20:58:24 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2010.01.22 20:58:22 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010.01.22 20:58:20 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010.01.22 20:58:16 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010.01.22 20:58:16 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010.01.22 20:00:44 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010.01.22 16:13:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010.01.22 16:12:58 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010.01.22 16:12:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010.01.20 00:12:00 | 000,045,648 | ---- | M] (BAUM RETEC AG) [Kernel | System | Running] -- C:\Windows\SysNative\CbrVidA.sys -- (CbrVidA)
DRV:64bit: - [2010.01.08 11:33:13 | 000,251,488 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010.01.08 11:33:11 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV:64bit: - [2010.01.08 11:33:10 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010.01.08 11:33:01 | 000,257,120 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2009.12.08 22:23:57 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.10.23 12:19:20 | 000,043,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JulaWDM.sys -- (JulaWDM.sys)
DRV:64bit: - [2009.10.23 12:19:18 | 000,058,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Jula.sys -- (Jula.sys)
DRV:64bit: - [2009.10.07 19:26:24 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.09.24 00:01:24 | 006,175,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.09.17 14:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2008.05.16 10:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 10:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic)
DRV:64bit: - [2008.05.16 10:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.05.16 10:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 10:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5)
DRV:64bit: - [2008.05.16 10:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 10:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus)
DRV:64bit: - [2007.07.24 03:53:04 | 000,125,992 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PnP680r.sys -- (Pnp680r)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.10.12 13:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.03.19 16:14:52 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\BurnInTest\DirectIo.sys -- (DIRECTIO)
DRV - [2006.01.13 14:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\vd_filedisk.sys -- (VD_FileDisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 39 96 E8 B5 8D F7 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {ca8b7b3d-b6e6-438f-b935-601b3de48d66}:1.1.6
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.5
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.1.3
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:3.2
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Antestor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.10 12:22:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.10 12:22:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.10.17 21:18:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.12.11 18:05:28 | 000,000,000 | ---D | M]
 
[2010.01.19 22:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antestor\AppData\Roaming\mozilla\Extensions
[2010.01.19 22:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antestor\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.11.10 12:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions
[2011.04.04 20:13:21 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.06 19:34:33 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011.09.02 17:57:53 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.03.20 12:21:56 | 000,000,000 | ---D | M] (Firefox Throttle) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}
[2010.05.07 17:00:07 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011.06.24 20:12:41 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\firebug@software.joehewitt.com
[2011.01.29 15:23:56 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\firefox@tvunetworks.com
[2011.09.11 10:42:09 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\foxyproxy@eric.h.jung
[2010.12.11 18:22:47 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\vshare@toolbar
[2010.01.16 14:01:19 | 000,001,340 | ---- | M] () -- C:\Users\Antestor\AppData\Roaming\Mozilla\Firefox\Profiles\yu5646sy.default\searchplugins\wikipedia-en.xml
[2009.11.08 15:16:44 | 000,004,153 | ---- | M] () -- C:\Users\Antestor\AppData\Roaming\Mozilla\Firefox\Profiles\yu5646sy.default\searchplugins\youtube.xml
[2011.11.09 22:28:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.08 19:47:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.20 17:13:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.24 15:19:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.11 19:17:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.07.07 14:19:09 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES (X86)\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
[2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.11.08 16:49:41 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.08.17 17:54:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.17 17:54:06 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.26 18:51:58 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.08.17 17:54:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.17 17:54:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.17 17:54:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Cobra_chkRDP] C:\Program Files (x86)\BAUM Retec\COBRA\9.0\RegSetCobraRDP.exe (BAUM Retec AG)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [JulaPAN.exe] C:\Windows\SysNative\JulaPAN.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ati\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKCU..\Run: [SansaDispatch] C:\Users\Antestor\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - Startup: C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( )
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( )
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2579BE8-B389-4030-9D62-31B2CEDC2CE7}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {6979AAD7-86EE-481F-B591-152A33E86ECB} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {6979AAD7-86EE-481F-B591-152A33E86ECB} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.07.02 10:39:37 | 000,000,000 | ---D | M] - E:\auto -- [ NTFS ]
O32 - AutoRun File - [2008.08.22 06:57:52 | 000,230,728 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - S:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.05.30 07:54:04 | 000,000,047 | R--- | M] () - S:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{461de88b-cbf0-11de-bb5b-001d60763add}\Shell - "" = AutoRun
O33 - MountPoints2\{461de88b-cbf0-11de-bb5b-001d60763add}\Shell\AutoRun\command - "" = S:\autorun.exe -- [2008.08.22 06:57:52 | 000,230,728 | R--- | M] (Konami Digital Entertainment Co., Ltd.)
O33 - MountPoints2\{7bcf7ce0-cbe8-11de-8ba3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7bcf7ce0-cbe8-11de-8ba3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\Assetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1E41233D-FEC5-F818-6F11-87D34A06FBA2} - Browser Customizations
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2DA739F5-B89A-4961-E003-578BE113FBDF} - Browser Customizations
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8E2CC5F7-DD51-14A1-A16F-FF3624BFA4CA} - Browser Customizations
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.04 18:42:13 | 000,000,000 | ---D | C] -- C:\Users\Antestor\AppData\Local\Unity
[2011.10.12 19:09:58 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.10.12 19:09:58 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.10.12 19:09:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.10.12 19:09:57 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.10.12 19:09:57 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.10.12 19:09:57 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.10.12 19:09:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.10.12 19:09:32 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011.10.12 19:09:32 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011.10.12 19:09:32 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011.10.12 19:09:31 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011.10.12 19:09:20 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.10.12 19:09:20 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011.06.20 20:04:11 | 000,925,696 | ---- | C] (GSpot Appliance Corp, a unit of GSp0t Heavy Industries) -- C:\Program Files (x86)\GSpot.exe
[2009.11.07 23:26:50 | 003,358,808 | ---- | C] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt Setup.exe
[2009.11.07 23:26:50 | 001,559,496 | ---- | C] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt Format.exe
[2009.11.07 23:26:50 | 001,412,552 | ---- | C] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt.exe
[2009.11.07 23:26:50 | 000,223,432 | ---- | C] (TrueCrypt Foundation) -- C:\Program Files (x86)\truecrypt.sys
[2009.11.07 23:26:50 | 000,222,152 | ---- | C] (TrueCrypt Foundation) -- C:\Program Files (x86)\truecrypt-x64.sys
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.10 12:52:34 | 000,003,862 | -H-- | M] () -- C:\NET.INI
[2011.11.10 12:41:07 | 001,506,860 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.10 12:41:07 | 000,658,728 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.10 12:41:07 | 000,619,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.10 12:41:07 | 000,131,886 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.10 12:41:07 | 000,108,180 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.10 12:33:39 | 000,000,000 | ---- | M] () -- C:\Users\Antestor\defogger_reenable
[2011.11.10 12:25:38 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.10 12:25:38 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.10 12:19:46 | 000,000,146 | ---- | M] () -- C:\Windows\SysWow64\swctl.dll
[2011.11.10 12:18:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.10 12:18:14 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.09 19:55:36 | 003,234,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.03 19:16:45 | 000,002,034 | -H-- | M] () -- C:\Users\Antestor\Documents\Default.rdp
[2011.11.03 19:12:49 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\DisplayFusion.lnk
[2011.10.20 18:35:43 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.10 12:33:39 | 000,000,000 | ---- | C] () -- C:\Users\Antestor\defogger_reenable
[2011.10.17 21:18:04 | 000,002,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011.07.17 10:44:49 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.07.17 10:44:14 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe
[2011.07.17 10:43:16 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.07.17 10:43:16 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.01.15 22:37:27 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2011.01.15 22:37:27 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010.11.21 13:54:32 | 000,695,642 | ---- | C] () -- C:\Windows\unins000.exe
[2010.11.21 13:54:32 | 000,011,205 | ---- | C] () -- C:\Windows\unins000.dat
[2010.07.09 21:26:52 | 000,017,408 | ---- | C] () -- C:\Users\Antestor\AppData\Local\WebpageIcons.db
[2010.06.05 01:46:32 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.04.10 19:29:47 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2010.04.10 19:27:45 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2010.04.10 19:27:44 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2010.03.29 22:22:23 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010.03.26 20:55:32 | 000,730,264 | ---- | C] () -- C:\Windows\SysWow64\ksupmgr.exe
[2010.03.26 20:55:28 | 000,041,912 | ---- | C] () -- C:\Windows\SysWow64\drivers\ccinj64.sys
[2010.03.26 20:55:28 | 000,009,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\mchccinj.sys
[2010.01.30 19:59:58 | 001,048,576 | ---- | C] () -- C:\Windows\SysWow64\BCLIENT.DLL
[2010.01.29 19:13:58 | 000,000,480 | ---- | C] () -- C:\Windows\SysWow64\setup.dat
[2010.01.29 19:13:58 | 000,000,092 | ---- | C] () -- C:\Windows\SysWow64\lock.dat
[2010.01.29 19:11:56 | 000,227,840 | R--- | C] () -- C:\Windows\SysWow64\SVTOOLS.DLL
[2009.12.16 20:25:29 | 000,009,216 | ---- | C] () -- C:\Users\Antestor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.16 20:18:24 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009.11.27 22:40:58 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009.11.13 20:54:32 | 000,285,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsio.sys
[2009.11.13 20:54:32 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsreged.sys
[2009.11.08 17:14:06 | 007,035,645 | ---- | C] () -- C:\Windows\SysWow64\httpsurl.dat
[2009.11.08 17:14:06 | 000,059,671 | ---- | C] () -- C:\Windows\SysWow64\httpuurl.dat
[2009.11.08 17:14:06 | 000,001,548 | ---- | C] () -- C:\Windows\SysWow64\nogoapp.dat
[2009.11.08 17:14:06 | 000,000,146 | ---- | C] () -- C:\Windows\SysWow64\swctl.dll
[2009.11.08 17:14:06 | 000,000,145 | -H-- | C] () -- C:\Windows\SysWow64\CTLSW.INI
[2009.11.08 17:14:04 | 000,000,050 | ---- | C] () -- C:\Windows\SysWow64\ccwt64.dat
[2009.11.08 17:14:03 | 000,000,590 | ---- | C] () -- C:\Windows\SysWow64\nochook.ini
[2009.11.08 15:02:18 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.11.08 14:44:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.11.08 00:48:50 | 000,092,704 | ---- | C] () -- C:\Windows\SysWow64\JulaASIO32.dll
[2009.11.07 23:26:50 | 001,066,371 | ---- | C] () -- C:\Program Files (x86)\TrueCrypt User Guide.pdf
[2009.11.07 22:59:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006.10.11 04:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2002.06.11 10:23:34 | 000,046,080 | R--- | C] () -- C:\Windows\SysWow64\BSYSTEM.DLL
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.11.07 23:06:45 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.11.08 17:49:29 | 000,000,000 | ---D | M] -- C:\ATI
[2011.02.26 13:41:35 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.11.28 17:06:31 | 000,000,000 | ---D | M] -- C:\BurnInTest test files
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.11.07 23:06:29 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.08.28 20:38:54 | 000,000,000 | ---D | M] -- C:\Downloads
[2011.03.22 22:02:52 | 000,000,000 | ---D | M] -- C:\HP Universal Print Driver
[2009.11.27 23:08:26 | 000,000,000 | ---D | M] -- C:\Intel
[2009.11.13 20:54:31 | 000,000,000 | ---D | M] -- C:\Kpcms
[2011.01.09 22:28:43 | 000,000,000 | ---D | M] -- C:\OptiPNG-UI_TEMP
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.05.24 07:32:17 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.08.29 21:31:08 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.08.27 20:11:40 | 000,000,000 | ---D | M] -- C:\ProgramData
[2009.11.07 23:06:29 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.11.08 00:08:36 | 000,000,000 | ---D | M] -- C:\RaidTool
[2009.11.07 23:06:29 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.11.10 12:51:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.08.29 21:35:18 | 000,000,000 | ---D | M] -- C:\temp
[2009.11.07 23:06:35 | 000,000,000 | R--D | M] -- C:\Users
[2011.10.26 18:08:53 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
[2007.02.22 20:08:08 | 000,925,696 | ---- | M] (GSpot Appliance Corp, a unit of GSp0t Heavy Industries) -- C:\Program Files (x86)\GSpot.exe
[2009.11.07 23:26:50 | 001,559,496 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt Format.exe
[2009.11.07 20:46:04 | 003,358,808 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt Setup.exe
[2009.11.07 23:26:50 | 001,412,552 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt.exe
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
         
Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 10.11.2011 12:49:09 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Antestor\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 65,88% Memory free
8,00 Gb Paging File | 6,26 Gb Available in Paging File | 78,23% Paging File free
Paging file location(s): o:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69,23 Gb Total Space | 3,99 Gb Free Space | 5,77% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 19,51 Gb Free Space | 9,76% Space Free | Partition Type: NTFS
Drive E: | 600,00 Gb Total Space | 176,94 Gb Free Space | 29,49% Space Free | Partition Type: NTFS
Drive M: | 1000,00 Gb Total Space | 6,60 Gb Free Space | 0,66% Space Free | Partition Type: NTFS
Drive O: | 31,51 Gb Total Space | 5,47 Gb Free Space | 17,35% Space Free | Partition Type: NTFS
Drive S: | 7,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive W: | 100,00 Gb Total Space | 5,59 Gb Free Space | 5,59% Space Free | Partition Type: NTFS
Drive Y: | 397,26 Gb Total Space | 372,87 Gb Free Space | 93,86% Space Free | Partition Type: NTFS
 
Computer Name: GRAMHEIM-PC | User Name: Antestor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{5324EDAC-DED3-3A65-6881-84B4B8A8A7F9}" = ATI Catalyst Install Manager
"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
"{B71779A7-9931-A01C-FE36-26D30133B3A1}" = ccc-utility64
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CAF01FE2-3E7D-4EEA-B04C-6561D64BB3D0}" = Independence Pro Software Suite 3.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"2BEB1D72D273FA04AF79FA3C4E0B1BD7C0B1F627" = Windows-Treiberpaket - BAUM Retec AG USB Driver Package - V7 (02/17/2009 2.04.16)
"CCleaner" = CCleaner
"CFB93035BA5D9AEFE8B947832E4FB4996B507C7C" = Windows-Treiberpaket - BAUM Retec AG USB Driver Package - V7 (02/17/2009 2.04.16)
"CobraSetup_is1" = BAUM Retec COBRA 9.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Recuva" = Recuva
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0978A841-2E44-4A85-922B-36D96F0BAE0E}_is1" = 3GP Player 2009
"{0F52FBBC-D076-9A9A-5A0F-FFC6D46361B0}" = Catalyst Control Center Graphics Previews Common
"{147567F0-8575-4BE0-B5B3-62706C67FA5A}" = EZXCocktail
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{186FC6A7-3E47-67AB-BF01-B2D86A1FA34B}" = CCC Help Thai
"{1E132C9D-042E-E68D-9A85-5273085FBF75}" = Catalyst Control Center Graphics Full Existing
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{269FC1B2-92D3-1AA7-CC2E-E3BFB141ED08}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E094936-B6D2-67FC-9680-7D83FD9722EA}" = CCC Help Chinese Standard
"{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}" = ABBYY FineReader OCR Engine
"{36C1B8B9-35CE-4B2A-B598-5FA16B795949}" = buzzroom KeyMaker
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3ACFF226-3D86-422D-A151-1582DA1231C5}" = Samplitude 11 Silver
"{3D8D8094-9789-402E-BD28-337343F1DE6F}" = Samplitude Music Studio 17 Download-Version
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41F1BC2D-182A-706D-B48D-F88B097CAA3C}" = CCC Help Chinese Traditional
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3E4DFA-6AC2-8E80-AF5C-DF34CC97FEA5}" = Catalyst Control Center HydraVision Full
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{50C78780-1A54-4A5C-B3A7-FF828C62C5C2}" = Steinberg Cubase LE 5
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5866520C-8857-4986-833A-039F4584C3F7}" = Toontrack solo
"{5F837C12-F45A-ADC7-DF59-3CF43C228226}" = ccc-core-static
"{6559654F-2F38-491F-8411-211517C3E635}" = SampleTank FREE
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{77082BFF-AFC4-CDFD-26C1-79AD8CCC9452}" = CCC Help Korean
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{785740DF-DC05-F730-4309-09DDC7848A40}" = Catalyst Control Center Graphics Full New
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{86925C00-AB04-17B3-D9FB-373943F39DE0}" = Catalyst Control Center Core Implementation
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{95B47464-20BD-4450-BF0F-8F1773EF3F2D}" = MAGIX Speed burnR (MSI)
"{96173BCD-08AC-57B1-FCE3-E7A9018BE585}" = Catalyst Control Center Localization All
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B582947F-F34D-4081-A5B9-24CBF09F8C15}" = Adobe Setup
"{B6FE6F0D-688B-458B-9E12-0F55E4009561}" = Samplitude Music Studio 17 Content Pack
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C04D5974-F528-4347-A494-EAF56124CC1A}" = Steinberg HALionOne Essential Set
"{C162E1F7-56C6-49DC-8DA6-216CF651A502}" = MAGIX Screenshare
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D222C5F9-C8A4-A32F-8A58-EFAF7178F5ED}" = CCC Help Japanese
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D42E3F13-E45C-33A1-7FBF-FB84419858E1}" = Catalyst Control Center Graphics Previews Vista
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DCEBE43A-834D-67B5-306E-E95E9180D5B7}" = CCC Help English
"{DCED01E8-8BFA-4E36-BEC7-25DE676D833C}" = AM Track SE
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E80B34EE-F3E5-4F60-AE89-FF0D717554A2}" = EZdrummer Lite Installer
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EAA14B41-B8FC-4B0B-934E-B9A3D46E885D}" = FindInMidi
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F4F365AB-BD66-4775-A36A-E3D8055873FD}" = EZXMetalHeads
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"1489-3350-5074-6281" = JDownloader 0.9
"1489-3350-5074-6281-1" = JDownloader 0.9
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"ADUSB Treiber Pre-Installation_is1" = ADUSB Treiber Pre-Installation 1.0
"Allway Sync_is1" = Allway Sync version 9.4.11
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Artisteer 2" = Artisteer 2
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"ASIO4ALL" = ASIO4ALL
"Avi2Dvd" = Avi2Dvd 0.6.2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"B076073A-5527-4f4f-B46B-B10692277DA2_is1" = DisplayFusion 3.4.0
"BrailleServerSetup_is1" = BAUM Retec Braille Server 1.0
"Briz Video Joiner_is1" = Briz Video Joiner
"BurnInTest_is1" = BurnInTest v6.0 Standard
"CDex" = CDex extraction audio
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"DVS Guitar_is1" = DVS Guitar v1.04
"eLicenser Control" = eLicenser Control
"energyXT 2.5.4 Beat Edition_is1" = energyXT 2.5.4
"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
"Filter Forge 2_is1" = Filter Forge 2.009
"Filter Forge_is1" = Filter Forge 1.021
"FLV Player" = FLV Player 2.0 (build 25)
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Download Manager_is1" = Free Download Manager 3.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"FreeOTFE" = FreeOTFE
"HaaliMkx" = Haali Media Splitter
"Halls Of Fame Free -  Origami Edition 2.5.2" = Halls Of Fame Free -  Origami Edition 2.5.2
"HammerHead Rhythm Station" = HammerHead Rhythm Station
"huey_is1" = hueyPRO 1.5.0
"Hydrogen" = Hydrogen
"Independence Pro Software Suite 3.0" = Independence Pro Software Suite 3.0
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"International TTS" = International TTS
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.16
"Kindersicherung_is1" = Kindersicherung 2010
"LastFM_is1" = Last.fm 1.5.4.27091
"lgx4.lgx.server" = G DATA Logox 4 Speechengine
"LogiEdit" = LogiEdit (remove only)
"MAGIX_MSI_AMTrackSE" = AM Track SE
"MAGIX_MSI_ms17dlx" = Samplitude Music Studio 17 Download-Version
"MAGIX_MSI_sam11silver" = Samplitude 11 Silver
"Miranda IM" = Miranda IM 0.9.17
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"Notepad++" = Notepad++
"ObjectDock Plus" = ObjectDock Plus
"OpenAL" = OpenAL
"Opera 11.10.2092" = Opera 11.10
"OptiPNG-UI1.0.0.2" = OptiPNG-UI
"Organ One v. 2.10" = Organ One v. 2.10
"PPLive" = PPLive 1.9
"RealPlayer 12.0" = RealPlayer
"REAPER" = REAPER
"rgc:audio sfz VSTi_is1" = rgc:audio sfz VSTi v1.96
"SopCast" = SopCast 3.2.9
"SpeechServerSetup_is1" = BAUM Retec Speech Server 3.0
"Steinberg Cubase LE" = Steinberg Cubase LE
"Studio Devil BVC_is1" = Studio Devil BVC 1.1
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"TC UP" = Total Commander Ultima Prime 5.0.0.0
"TeamViewer 6" = TeamViewer 6
"TFSETTOP_is1" = Top Set 2.00
"TmNationsForever_is1" = TmNationsForever
"Totalcmd" = Total Commander (Remove or Repair)
"TrueCrypt" = TrueCrypt
"TVUPlayer" = TVUPlayer 2.5.3.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.0.3
"VMware_Player" = VMware Player
"WaveLabLE7" = WaveLab LE 7
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"WinUAE" = WinUAE 2.3.0
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.4
"ws4.webspeech" = G DATA WebSpeech 4
"Xvid_is1" = Xvid 1.2.2 final uninstall
"yellow tools Independence Free 2.5.3 32bit" = yellow tools Independence Free 2.5.3 32bit
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 1.9
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Magical Glass" = Magical Glass
"Sansa Updater" = Sansa Updater
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.11.2011 16:08:01 | Computer Name = Gramheim-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Real\RealPlayer\plugins\rmxrend.dll".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.11.2011 17:28:23 | Computer Name = Gramheim-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\baum retec\COBRA\9.0\Srv.exe".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.11.2011 17:29:57 | Computer Name = Gramheim-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\TC UP\PLUGINS\Media\SiMail\DelphiZip.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\TC UP\PLUGINS\Media\SiMail\DelphiZip.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 06.11.2011 16:38:36 | Computer Name = Gramheim-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Real\RealPlayer\plugins\rmxrend.dll".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.11.2011 15:35:08 | Computer Name = Gramheim-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\baum retec\COBRA\9.0\Srv.exe".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.11.2011 15:36:33 | Computer Name = Gramheim-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\TC UP\PLUGINS\Media\SiMail\DelphiZip.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\TC UP\PLUGINS\Media\SiMail\DelphiZip.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 08.11.2011 16:09:15 | Computer Name = Gramheim-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: javaw.exe, Version: 6.0.240.7, Zeitstempel:
 0x4d4a0b98  Name des fehlerhaften Moduls: java.dll, Version: 6.0.240.7, Zeitstempel:
 0x4d4a3fad  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00004e2f  ID des fehlerhaften Prozesses:
 0x119c  Startzeit der fehlerhaften Anwendung: 0x01cc9e5247d6aa52  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Java\jre6\bin\javaw.exe  Pfad des fehlerhaften 
Moduls: C:\Program Files (x86)\Java\jre6\bin\java.dll  Berichtskennung: 877cd252-0a45-11e1-93a2-005056c00008
 
Error - 09.11.2011 15:28:09 | Computer Name = Gramheim-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\baum retec\COBRA\9.0\Srv.exe".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 09.11.2011 15:29:48 | Computer Name = Gramheim-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\TC UP\PLUGINS\Media\SiMail\DelphiZip.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\TC UP\PLUGINS\Media\SiMail\DelphiZip.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 10.11.2011 07:47:27 | Computer Name = Gramheim-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.31.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ab4    Startzeit: 
01cc9f9d9e6d051b    Endzeit: 29    Anwendungspfad: C:\Users\Antestor\Downloads\OTL.exe    Berichts-ID:
   
 
[ System Events ]
Error - 09.11.2011 14:12:44 | Computer Name = Gramheim-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWOW64\drivers\mchccinj.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 09.11.2011 14:12:48 | Computer Name = Gramheim-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   FreeOTFE  FreeOTFECypherAES_ltc  FreeOTFECypherBlowfish  FreeOTFECypherCAST5  FreeOTFECypherCAST6_Gladman
FreeOTFECypherDES
FreeOTFECypherMARS_Gladman
FreeOTFECypherRC6_ltc
FreeOTFECypherSerpent_Gladman
FreeOTFECypherTwofish_ltc
FreeOTFEHashMD
FreeOTFEHashRIPEMD
FreeOTFEHashSHA
FreeOTFEHashTiger
FreeOTFEHashWhirlpool
VD_FileDisk
 
Error - 09.11.2011 14:54:57 | Computer Name = Gramheim-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\VD_FileDisk.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 09.11.2011 14:55:42 | Computer Name = Gramheim-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "File-/Update Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 09.11.2011 14:55:43 | Computer Name = Gramheim-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWOW64\drivers\mchccinj.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 09.11.2011 14:55:49 | Computer Name = Gramheim-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   FreeOTFE  FreeOTFECypherAES_ltc  FreeOTFECypherBlowfish  FreeOTFECypherCAST5  FreeOTFECypherCAST6_Gladman
FreeOTFECypherDES
FreeOTFECypherMARS_Gladman
FreeOTFECypherRC6_ltc
FreeOTFECypherSerpent_Gladman
FreeOTFECypherTwofish_ltc
FreeOTFEHashMD
FreeOTFEHashRIPEMD
FreeOTFEHashSHA
FreeOTFEHashTiger
FreeOTFEHashWhirlpool
VD_FileDisk
 
Error - 10.11.2011 07:18:00 | Computer Name = Gramheim-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\VD_FileDisk.SYS
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 10.11.2011 07:18:29 | Computer Name = Gramheim-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "File-/Update Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 10.11.2011 07:18:30 | Computer Name = Gramheim-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWOW64\drivers\mchccinj.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 10.11.2011 07:18:34 | Computer Name = Gramheim-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   FreeOTFE  FreeOTFECypherAES_ltc  FreeOTFECypherBlowfish  FreeOTFECypherCAST5  FreeOTFECypherCAST6_Gladman
FreeOTFECypherDES
FreeOTFECypherMARS_Gladman
FreeOTFECypherRC6_ltc
FreeOTFECypherSerpent_Gladman
FreeOTFECypherTwofish_ltc
FreeOTFEHashMD
FreeOTFEHashRIPEMD
FreeOTFEHashSHA
FreeOTFEHashTiger
FreeOTFEHashWhirlpool
VD_FileDisk
 
 
< End of report >
         
Wäre schön, wenn sich das jemand ansehen könnte. Ich bin mir recht unsicher, ob das System nun sauber ist oder nicht!

Vielen Dank!

Alt 10.11.2011, 16:47   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles - Standard

Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 10.11.2011, 16:53   #3
Antestor
 
Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles - Standard

Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles



Danke, werd ich heut abend machen. Muss ich im defogger vorher schon wieder enablen?
__________________

Alt 10.11.2011, 21:27   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles - Standard

Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles



Hallo? Wie kommst du darauf, wir haben noch nichtmal angefangen mit der Analyse. Defogger reaktivieren kommt ganz zum Schluss!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.11.2011, 21:35   #5
Antestor
 
Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles - Standard

Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles



Zitat:
Hallo? Wie kommst du darauf, wir haben noch nichtmal angefangen mit der Analyse. Defogger reaktivieren kommt ganz zum Schluss!
Ok, nichts für ungut!

Hier ist das Malwarebytes Logfile:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8133

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

10.11.2011 21:24:51
mbam-log-2011-11-10 (21-24-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|M:\|O:\|W:\|Y:\|)
Durchsuchte Objekte: 804448
Laufzeit: 1 Stunde(n), 54 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\program files (x86)\windv (Adware.WinDV) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\Users\Antestor\downloads\pantsoff.exe (PUP.PSWFinder) -> Not selected for removal.
m:\Antestor\downloads\pantsoff.exe (PUP.PSWFinder) -> Not selected for removal.
w:\survive\diesdas\survive98\tools\elchtest.exe (Application.Joke) -> Quarantined and deleted successfully.
c:\program files (x86)\windv\Readme.txt (Adware.WinDV) -> Quarantined and deleted successfully.
c:\program files (x86)\windv\WinDV.exe (Adware.WinDV) -> Quarantined and deleted successfully.
         
Das Pantsoff hab ich nicht gelöscht, weil ich es selbst für eigene Zwecke seit Jahren nutze.

Warum er bei WinDV rummeckert, weiß ich auch nicht. Auch dieses Programm benutze ich schon seit fast 10 Jahren um Daten von meiner Kamera zu ziehen.

Was meint ihr?


Alt 11.11.2011, 20:31   #6
Antestor
 
Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles - Standard

Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles



Hier noch der ESET Log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1b5d91a30ea3c846a34c4ca1945b8231
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-11 07:25:10
# local_time=2011-11-11 08:25:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 4290 96535735 62458 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 4133 72653878 0 0
# compatibility_mode=8192 67108863 100 0 3753 3753 0 0
# scanned=647543
# found=7
# cleaned=0
# scan_time=15482
C:\Users\Antestor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\1cc304f-770818d9	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Antestor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\706d619-7dcab737	a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Antestor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\7beb3c22-1a54ed43	a variant of Java/Exploit.Agent.NAC trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Antestor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\21d050c6-43695ebc	Java/TrojanDownloader.Agent.NCJ trojan (unable to clean)	00000000000000000000000000000000	I
M:\Antestor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\1cc304f-770818d9	multiple threats (unable to clean)	00000000000000000000000000000000	I
M:\Antestor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\7beb3c22-1a54ed43	a variant of Java/Exploit.Agent.NAC trojan (unable to clean)	00000000000000000000000000000000	I
M:\Antestor\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\21d050c6-43695ebc	Java/TrojanDownloader.Agent.NCJ trojan (unable to clean)	00000000000000000000000000000000	I
         
Wäre super wenn mir jemand helfen kann!
Vielen Dank!

Alt 11.11.2011, 20:42   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles - Standard

Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles



Mach bitte ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.11.2011, 21:14   #8
Antestor
 
Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles - Standard

Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles



Danke für die schnelle Antwort!

Habe eben den OTL Scan gemacht. Hier ist der Log:

Code:
ATTFilter
OTL logfile created on: 11.11.2011 20:45:05 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Antestor\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 48,81% Memory free
8,00 Gb Paging File | 5,90 Gb Available in Paging File | 73,75% Paging File free
Paging file location(s): o:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69,23 Gb Total Space | 3,49 Gb Free Space | 5,04% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 19,51 Gb Free Space | 9,76% Space Free | Partition Type: NTFS
Drive E: | 600,00 Gb Total Space | 176,94 Gb Free Space | 29,49% Space Free | Partition Type: NTFS
Drive M: | 1000,00 Gb Total Space | 6,60 Gb Free Space | 0,66% Space Free | Partition Type: NTFS
Drive O: | 31,51 Gb Total Space | 5,49 Gb Free Space | 17,42% Space Free | Partition Type: NTFS
Drive S: | 7,38 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive W: | 100,00 Gb Total Space | 7,45 Gb Free Space | 7,45% Space Free | Partition Type: NTFS
Drive Y: | 397,26 Gb Total Space | 372,87 Gb Free Space | 93,86% Space Free | Partition Type: NTFS
 
Computer Name: GRAMHEIM-PC | User Name: Antestor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.10 12:32:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Antestor\Downloads\OTL.exe
PRC - [2011.09.19 18:13:53 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\Antestor\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.25 15:35:06 | 000,095,640 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\AppHookx86.exe
PRC - [2011.01.27 16:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.12.11 18:05:10 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2010.10.29 13:49:28 | 000,505,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2010.10.27 21:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe
PRC - [2010.04.28 22:28:18 | 003,727,411 | ---- | M] (FreeDownloadManager.ORG) -- C:\PROGRA~2\FREEDO~1\fdm.exe
PRC - [2010.03.26 08:40:46 | 005,805,216 | ---- | M] (Salfeld Computer) -- C:\Windows\tray\wintmr.exe
PRC - [2010.03.26 08:40:44 | 005,558,432 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cc32\webtmr.exe
PRC - [2010.01.27 17:00:16 | 001,595,032 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cchservice.exe
PRC - [2010.01.22 20:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010.01.22 20:56:46 | 000,064,048 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2010.01.22 20:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010.01.22 20:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010.01.22 20:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009.12.15 09:33:28 | 000,370,688 | ---- | M] (BAUM Retec AG) -- C:\Program Files (x86)\Common Files\BAUM Retec\BrailleServer\1.0\BralMiniServer.exe
PRC - [2009.11.12 05:42:56 | 000,362,032 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009.11.12 05:42:20 | 005,140,960 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009.11.07 23:26:50 | 001,412,552 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt.exe
PRC - [2009.10.15 13:33:02 | 000,136,520 | ---- | M] (BAUM Retec AG) -- C:\Program Files (x86)\BAUM Retec\COBRA\9.0\CobraProxy.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.12.19 11:18:42 | 000,405,504 | ---- | M] (BAUM Retec AG) -- C:\Program Files (x86)\Common Files\BAUM Retec\BrailleServer\1.0\BralMiniSrv_Service.exe
PRC - [2007.04.24 19:19:54 | 003,581,680 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
PRC - [2007.03.08 18:48:16 | 001,081,344 | ---- | M] (Pantone & X-Rite) -- C:\Program Files (x86)\Pantone\hueyPRO\hueyPROTray.exe
PRC - [2003.06.30 17:30:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.10.27 21:23:04 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_rtaudioplayback.dll
MOD - [2010.10.27 21:22:52 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_messengernotify.dll
MOD - [2010.10.27 21:22:42 | 000,058,880 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_skypenotify.dll
MOD - [2010.10.27 21:22:08 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_madtranscode.dll
MOD - [2010.10.27 21:22:00 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_httpinput.dll
MOD - [2010.10.27 21:19:28 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmFingerprint1.dll
MOD - [2010.10.27 21:19:06 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Last.fm\breakpad.dll
MOD - [2010.10.27 21:18:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Last.fm\Moose1.dll
MOD - [2010.10.27 21:18:34 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmTools1.dll
MOD - [2010.10.27 21:13:52 | 001,382,507 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libfftw3f-3.dll
MOD - [2010.10.27 21:13:52 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\Last.fm\zlibwapi.dll
MOD - [2010.01.22 20:57:04 | 000,970,288 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2010.01.22 20:56:46 | 000,068,656 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2008.12.30 01:03:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\iefdm2.dll
MOD - [2008.04.16 17:42:30 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtNetwork4.dll
MOD - [2008.04.16 17:42:16 | 000,524,288 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtSql4.dll
MOD - [2008.04.16 17:42:02 | 006,701,056 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtGui4.dll
MOD - [2008.04.16 17:36:38 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtXml4.dll
MOD - [2008.04.16 17:36:34 | 001,654,784 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtCore4.dll
MOD - [2008.04.02 14:26:50 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qmng4.dll
MOD - [2008.04.02 14:26:34 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qgif4.dll
MOD - [2008.04.02 14:26:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qjpeg4.dll
MOD - [2007.04.24 15:22:12 | 000,112,400 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll
MOD - [2007.04.23 00:19:28 | 000,026,392 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\Docklets\Calendar\Calendar.dll
MOD - [2007.04.21 13:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\zlib.dll
MOD - [2007.04.19 14:23:48 | 000,095,944 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\CrashRpt.dll
MOD - [2004.07.26 19:03:50 | 000,249,856 | ---- | M] () -- C:\Program Files (x86)\ScanWizard 5\SFRes.dll
MOD - [2003.06.30 17:30:28 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
MOD - [2002.11.19 14:11:40 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Common Files\Stardock\ODImg.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.09.23 23:28:02 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.15 16:28:31 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.01.27 16:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.27 17:00:16 | 001,595,032 | ---- | M] (Salfeld Computer) [Auto | Running] -- C:\Windows\SysWOW64\cchservice.exe -- (Windows-CCHook-Service)
SRV - [2010.01.22 20:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010.01.22 20:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010.01.22 20:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010.01.22 20:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.01.08 11:33:12 | 002,480,048 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009.11.12 05:43:16 | 000,894,544 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.10.12 13:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.14 00:15:34 | 000,730,264 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\ksupmgr.exe -- (ksupmgr)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.12.19 11:18:42 | 000,405,504 | ---- | M] (BAUM Retec AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\BAUM Retec\BrailleServer\1.0\BralMiniSrv_Service.exe -- (BralMiniServer Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.29 20:09:14 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2010.09.29 20:09:14 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2010.02.08 00:41:48 | 000,038,512 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFEHashRIPEMD.sys -- (FreeOTFEHashRIPEMD)
DRV:64bit: - [2010.02.08 00:41:48 | 000,035,440 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherTwofish_ltc.sys -- (FreeOTFECypherTwofish_ltc)
DRV:64bit: - [2010.02.08 00:41:48 | 000,034,928 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFEHashWhirlpool.sys -- (FreeOTFEHashWhirlpool)
DRV:64bit: - [2010.02.08 00:41:48 | 000,029,296 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFEHashSHA.sys -- (FreeOTFEHashSHA)
DRV:64bit: - [2010.02.08 00:41:48 | 000,026,224 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFEHashTiger.sys -- (FreeOTFEHashTiger)
DRV:64bit: - [2010.02.08 00:41:48 | 000,022,640 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFEHashMD.sys -- (FreeOTFEHashMD)
DRV:64bit: - [2010.02.08 00:41:46 | 000,060,016 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherDES.sys -- (FreeOTFECypherDES)
DRV:64bit: - [2010.02.08 00:41:46 | 000,035,952 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherSerpent_Gladman.sys -- (FreeOTFECypherSerpent_Gladman)
DRV:64bit: - [2010.02.08 00:41:46 | 000,034,928 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherCAST6_Gladman.sys -- (FreeOTFECypherCAST6_Gladman)
DRV:64bit: - [2010.02.08 00:41:46 | 000,030,832 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherMARS_Gladman.sys -- (FreeOTFECypherMARS_Gladman)
DRV:64bit: - [2010.02.08 00:41:46 | 000,029,296 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherRC6_ltc.sys -- (FreeOTFECypherRC6_ltc)
DRV:64bit: - [2010.02.08 00:41:44 | 000,050,800 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherAES_ltc.sys -- (FreeOTFECypherAES_ltc)
DRV:64bit: - [2010.02.08 00:41:44 | 000,038,512 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFE.sys -- (FreeOTFE)
DRV:64bit: - [2010.02.08 00:41:44 | 000,034,928 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherCAST5.sys -- (FreeOTFECypherCAST5)
DRV:64bit: - [2010.02.08 00:41:44 | 000,027,760 | ---- | M] (Sarah Dean) [Kernel | System | Stopped] -- C:\Windows\SysNative\FreeOTFECypherBlowfish.sys -- (FreeOTFECypherBlowfish)
DRV:64bit: - [2010.01.22 20:58:24 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2010.01.22 20:58:22 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010.01.22 20:58:20 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010.01.22 20:58:16 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010.01.22 20:58:16 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010.01.22 20:00:44 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010.01.22 16:13:00 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010.01.22 16:12:58 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010.01.22 16:12:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010.01.20 00:12:00 | 000,045,648 | ---- | M] (BAUM RETEC AG) [Kernel | System | Running] -- C:\Windows\SysNative\CbrVidA.sys -- (CbrVidA)
DRV:64bit: - [2010.01.08 11:33:13 | 000,251,488 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010.01.08 11:33:11 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV:64bit: - [2010.01.08 11:33:10 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010.01.08 11:33:01 | 000,257,120 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2009.12.08 22:23:57 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.10.23 12:19:20 | 000,043,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JulaWDM.sys -- (JulaWDM.sys)
DRV:64bit: - [2009.10.23 12:19:18 | 000,058,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Jula.sys -- (Jula.sys)
DRV:64bit: - [2009.10.07 19:26:24 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.09.24 00:01:24 | 006,175,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.09.17 14:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV:64bit: - [2008.05.16 10:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008.05.16 10:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic)
DRV:64bit: - [2008.05.16 10:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008.05.16 10:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex)
DRV:64bit: - [2008.05.16 10:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5)
DRV:64bit: - [2008.05.16 10:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008.05.16 10:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus)
DRV:64bit: - [2007.07.24 03:53:04 | 000,125,992 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PnP680r.sys -- (Pnp680r)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.10.12 13:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.03.19 16:14:52 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\BurnInTest\DirectIo.sys -- (DIRECTIO)
DRV - [2006.01.13 14:00:52 | 000,015,872 | ---- | M] (Flint Incorporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\vd_filedisk.sys -- (VD_FileDisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 39 96 E8 B5 8D F7 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.5
FF - prefs.js..extensions.enabledItems: {ca8b7b3d-b6e6-438f-b935-601b3de48d66}:1.1.6
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.6
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.1.3
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:3.3
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Antestor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.10 12:22:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.10 12:22:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.10.17 21:18:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.12.11 18:05:28 | 000,000,000 | ---D | M]
 
[2010.01.19 22:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antestor\AppData\Roaming\mozilla\Extensions
[2010.01.19 22:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antestor\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.11.11 20:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions
[2011.04.04 20:13:21 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.11 15:57:36 | 000,000,000 | ---D | M] (Easy YouTube Video Downloader) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011.09.02 17:57:53 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.03.20 12:21:56 | 000,000,000 | ---D | M] (Firefox Throttle) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}
[2010.05.07 17:00:07 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2011.06.24 20:12:41 | 000,000,000 | ---D | M] (Firebug) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\firebug@software.joehewitt.com
[2011.01.29 15:23:56 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\firefox@tvunetworks.com
[2011.11.11 15:57:39 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\foxyproxy@eric.h.jung
[2010.12.11 18:22:47 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\vshare@toolbar
[2010.01.16 14:01:19 | 000,001,340 | ---- | M] () -- C:\Users\Antestor\AppData\Roaming\Mozilla\Firefox\Profiles\yu5646sy.default\searchplugins\wikipedia-en.xml
[2009.11.08 15:16:44 | 000,004,153 | ---- | M] () -- C:\Users\Antestor\AppData\Roaming\Mozilla\Firefox\Profiles\yu5646sy.default\searchplugins\youtube.xml
[2011.11.10 22:39:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.05.08 19:47:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.20 17:13:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.24 15:19:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.11 19:17:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.07.07 14:19:09 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES (X86)\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
[2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.11.08 16:49:41 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.08.17 17:54:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.17 17:54:06 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.26 18:51:58 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.08.17 17:54:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.17 17:54:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.17 17:54:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Cobra_chkRDP] C:\Program Files (x86)\BAUM Retec\COBRA\9.0\RegSetCobraRDP.exe (BAUM Retec AG)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [JulaPAN.exe] C:\Windows\SysNative\JulaPAN.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ati\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKCU..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKCU..\Run: [SansaDispatch] C:\Users\Antestor\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( )
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files (x86)\PPLive\PPLive.exe ( )
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{528444C3-B76C-451D-B0D4-89528EEC3FF0}: NameServer = 80.254.79.157 80.254.77.39
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2579BE8-B389-4030-9D62-31B2CEDC2CE7}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {6979AAD7-86EE-481F-B591-152A33E86ECB} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {6979AAD7-86EE-481F-B591-152A33E86ECB} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.07.02 10:39:37 | 000,000,000 | ---D | M] - E:\auto -- [ NTFS ]
O32 - AutoRun File - [2008.08.22 06:57:52 | 000,230,728 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - S:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.05.30 07:54:04 | 000,000,047 | R--- | M] () - S:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{461de88b-cbf0-11de-bb5b-001d60763add}\Shell - "" = AutoRun
O33 - MountPoints2\{461de88b-cbf0-11de-bb5b-001d60763add}\Shell\AutoRun\command - "" = S:\autorun.exe -- [2008.08.22 06:57:52 | 000,230,728 | R--- | M] (Konami Digital Entertainment Co., Ltd.)
O33 - MountPoints2\{7bcf7ce0-cbe8-11de-8ba3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7bcf7ce0-cbe8-11de-8ba3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\Assetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1E41233D-FEC5-F818-6F11-87D34A06FBA2} - Browser Customizations
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2DA739F5-B89A-4961-E003-578BE113FBDF} - Browser Customizations
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8E2CC5F7-DD51-14A1-A16F-FF3624BFA4CA} - Browser Customizations
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.11 16:04:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.11.10 19:24:51 | 000,000,000 | ---D | C] -- C:\Users\Antestor\AppData\Roaming\Malwarebytes
[2011.11.10 19:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.10 19:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.10 19:23:51 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.11.10 19:23:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.11.04 18:42:13 | 000,000,000 | ---D | C] -- C:\Users\Antestor\AppData\Local\Unity
[2011.06.20 20:04:11 | 000,925,696 | ---- | C] (GSpot Appliance Corp, a unit of GSp0t Heavy Industries) -- C:\Program Files (x86)\GSpot.exe
[2009.11.07 23:26:50 | 003,358,808 | ---- | C] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt Setup.exe
[2009.11.07 23:26:50 | 001,559,496 | ---- | C] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt Format.exe
[2009.11.07 23:26:50 | 001,412,552 | ---- | C] (TrueCrypt Foundation) -- C:\Program Files (x86)\TrueCrypt.exe
[2009.11.07 23:26:50 | 000,223,432 | ---- | C] (TrueCrypt Foundation) -- C:\Program Files (x86)\truecrypt.sys
[2009.11.07 23:26:50 | 000,222,152 | ---- | C] (TrueCrypt Foundation) -- C:\Program Files (x86)\truecrypt-x64.sys
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.11 20:50:17 | 000,003,862 | -H-- | M] () -- C:\NET.INI
[2011.11.11 16:03:21 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.11 16:03:21 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.11 16:00:16 | 001,506,860 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.11 16:00:16 | 000,658,728 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.11 16:00:16 | 000,619,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.11 16:00:16 | 000,131,886 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.11 16:00:16 | 000,108,180 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.11 15:56:17 | 000,000,146 | ---- | M] () -- C:\Windows\SysWow64\swctl.dll
[2011.11.11 15:55:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.11 15:55:38 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.10 12:33:39 | 000,000,000 | ---- | M] () -- C:\Users\Antestor\defogger_reenable
[2011.11.09 19:55:36 | 003,234,232 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.03 19:16:45 | 000,002,034 | -H-- | M] () -- C:\Users\Antestor\Documents\Default.rdp
[2011.11.03 19:12:49 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\DisplayFusion.lnk
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.10 12:33:39 | 000,000,000 | ---- | C] () -- C:\Users\Antestor\defogger_reenable
[2011.10.17 21:18:04 | 000,002,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011.07.17 10:44:49 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.07.17 10:44:14 | 000,033,019 | ---- | C] () -- C:\Windows\SysWow64\CoreAAC-uninstall.exe
[2011.07.17 10:43:16 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.07.17 10:43:16 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.01.15 22:37:27 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2011.01.15 22:37:27 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat
[2010.11.21 13:54:32 | 000,695,642 | ---- | C] () -- C:\Windows\unins000.exe
[2010.11.21 13:54:32 | 000,011,205 | ---- | C] () -- C:\Windows\unins000.dat
[2010.07.09 21:26:52 | 000,017,408 | ---- | C] () -- C:\Users\Antestor\AppData\Local\WebpageIcons.db
[2010.06.05 01:46:32 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.04.10 19:29:47 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2010.04.10 19:27:45 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2010.04.10 19:27:44 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2010.03.29 22:22:23 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010.03.26 20:55:32 | 000,730,264 | ---- | C] () -- C:\Windows\SysWow64\ksupmgr.exe
[2010.03.26 20:55:28 | 000,041,912 | ---- | C] () -- C:\Windows\SysWow64\drivers\ccinj64.sys
[2010.03.26 20:55:28 | 000,009,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\mchccinj.sys
[2010.01.30 19:59:58 | 001,048,576 | ---- | C] () -- C:\Windows\SysWow64\BCLIENT.DLL
[2010.01.29 19:13:58 | 000,000,480 | ---- | C] () -- C:\Windows\SysWow64\setup.dat
[2010.01.29 19:13:58 | 000,000,092 | ---- | C] () -- C:\Windows\SysWow64\lock.dat
[2010.01.29 19:11:56 | 000,227,840 | R--- | C] () -- C:\Windows\SysWow64\SVTOOLS.DLL
[2009.12.16 20:25:29 | 000,009,216 | ---- | C] () -- C:\Users\Antestor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.16 20:18:24 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009.11.27 22:40:58 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009.11.13 20:54:32 | 000,285,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsio.sys
[2009.11.13 20:54:32 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\drivers\Onsreged.sys
[2009.11.08 17:14:06 | 007,035,645 | ---- | C] () -- C:\Windows\SysWow64\httpsurl.dat
[2009.11.08 17:14:06 | 000,059,671 | ---- | C] () -- C:\Windows\SysWow64\httpuurl.dat
[2009.11.08 17:14:06 | 000,001,548 | ---- | C] () -- C:\Windows\SysWow64\nogoapp.dat
[2009.11.08 17:14:06 | 000,000,146 | ---- | C] () -- C:\Windows\SysWow64\swctl.dll
[2009.11.08 17:14:06 | 000,000,145 | -H-- | C] () -- C:\Windows\SysWow64\CTLSW.INI
[2009.11.08 17:14:04 | 000,000,050 | ---- | C] () -- C:\Windows\SysWow64\ccwt64.dat
[2009.11.08 17:14:03 | 000,000,590 | ---- | C] () -- C:\Windows\SysWow64\nochook.ini
[2009.11.08 15:02:18 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.11.08 14:44:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.11.08 00:48:50 | 000,092,704 | ---- | C] () -- C:\Windows\SysWow64\JulaASIO32.dll
[2009.11.07 23:26:50 | 001,066,371 | ---- | C] () -- C:\Program Files (x86)\TrueCrypt User Guide.pdf
[2009.11.07 22:59:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006.10.11 04:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2002.06.11 10:23:34 | 000,046,080 | R--- | C] () -- C:\Windows\SysWow64\BSYSTEM.DLL
 
========== LOP Check ==========
 
[2010.01.08 11:44:50 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Acronis
[2010.05.15 17:07:10 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Amazon
[2010.01.03 22:35:39 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Artisteer
[2009.11.20 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Ashampoo
[2010.05.12 21:23:57 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\BAUM Retec
[2011.11.03 19:16:55 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\DisplayFusion
[2011.02.19 13:26:41 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.06 17:34:26 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Filter Forge
[2011.02.18 21:40:37 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Filter Forge 2
[2009.11.08 16:50:10 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Foxit
[2010.05.02 09:03:04 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Foxit Software
[2011.11.11 20:49:35 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Free Download Manager
[2010.04.16 23:56:34 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\FreeStone Group
[2011.06.14 22:38:23 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\GHISLER
[2011.01.10 20:20:29 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Gutscheinmieze
[2010.01.16 15:58:04 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\HEXelon
[2011.06.14 22:38:23 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\IrfanView
[2011.06.14 22:38:23 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\KeePass
[2011.03.26 22:00:42 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\MAGIX
[2010.09.26 12:04:57 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Miranda
[2009.11.25 21:49:44 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Notepad++
[2009.11.29 18:08:00 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Opera
[2009.11.15 16:12:50 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Pantone
[2010.12.11 17:38:18 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\PPLive
[2010.11.25 22:53:38 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\REAPER
[2011.09.19 18:13:41 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\SanDisk
[2010.12.23 00:02:53 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Smartelectronix
[2011.01.15 23:22:02 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Steinberg
[2009.12.03 19:26:19 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Sync App Settings
[2011.02.11 21:53:06 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\TeamViewer
[2010.01.19 22:02:43 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Thunderbird
[2010.09.18 10:42:38 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\TrueCrypt
[2011.08.22 20:46:38 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Voxengo
[2010.10.09 20:29:10 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\VST3 Presets
[2011.03.26 23:25:55 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Yellow Tools
[2010.05.26 22:31:13 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Youtube Downloader HD
[2011.10.24 06:48:03 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.01.08 11:44:50 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Acronis
[2011.07.25 18:51:15 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Adobe
[2010.05.15 17:07:10 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Amazon
[2010.01.03 22:35:39 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Artisteer
[2009.11.20 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Ashampoo
[2009.11.08 17:46:42 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\ATI
[2010.05.12 21:23:57 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\BAUM Retec
[2009.11.09 19:19:59 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Corel
[2011.11.03 19:16:55 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\DisplayFusion
[2011.06.12 16:45:29 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Download Manager
[2011.11.07 20:27:02 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\dvdcss
[2011.02.19 13:26:41 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.06 17:34:26 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Filter Forge
[2011.02.18 21:40:37 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Filter Forge 2
[2009.11.08 16:50:10 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Foxit
[2010.05.02 09:03:04 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Foxit Software
[2011.11.11 20:49:35 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Free Download Manager
[2010.04.16 23:56:34 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\FreeStone Group
[2011.06.14 22:38:23 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\GHISLER
[2011.01.10 20:20:29 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Gutscheinmieze
[2010.01.16 15:58:04 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\HEXelon
[2009.11.07 23:06:48 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Identities
[2011.01.15 22:31:07 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\InstallShield
[2011.06.14 22:38:23 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\IrfanView
[2011.06.14 22:38:23 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\KeePass
[2009.11.07 23:43:58 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Macromedia
[2011.03.26 22:00:42 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\MAGIX
[2011.11.10 19:24:51 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Media Center Programs
[2011.07.13 18:28:06 | 000,000,000 | --SD | M] -- C:\Users\Antestor\AppData\Roaming\Microsoft
[2010.09.26 12:04:57 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Miranda
[2009.11.08 14:44:08 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Mozilla
[2009.11.25 21:49:44 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Notepad++
[2009.11.29 18:08:00 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Opera
[2009.11.15 16:12:50 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Pantone
[2010.12.11 17:38:18 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\PPLive
[2011.06.30 18:41:32 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Real
[2010.11.25 22:53:38 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\REAPER
[2011.09.19 18:13:41 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\SanDisk
[2010.12.23 00:02:53 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Smartelectronix
[2011.01.15 23:22:02 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Steinberg
[2009.12.03 19:26:19 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Sync App Settings
[2009.11.08 14:44:13 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Talkback
[2011.02.11 21:53:06 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\TeamViewer
[2010.01.19 22:02:43 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Thunderbird
[2010.09.18 10:42:38 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\TrueCrypt
[2010.03.28 15:57:24 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Vidalia
[2011.11.07 21:43:18 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\vlc
[2011.10.22 18:26:40 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\VMware
[2011.08.22 20:46:38 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Voxengo
[2010.10.09 20:29:10 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\VST3 Presets
[2011.10.26 18:04:17 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Winamp
[2010.01.03 23:29:49 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\WinRAR
[2011.03.26 23:25:55 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Yellow Tools
[2010.05.26 22:31:13 | 000,000,000 | ---D | M] -- C:\Users\Antestor\AppData\Roaming\Youtube Downloader HD
 
< %APPDATA%\*.exe /s >
[2011.11.03 19:12:42 | 002,252,480 | ---- | M] (Binary Fortress Software                                    ) -- C:\Users\Antestor\AppData\Roaming\DisplayFusion\DisplayFusionSetup.exe
[2010.03.30 19:05:01 | 035,582,488 | ---- | M] (Filter Forge, Inc.                                          ) -- C:\Users\Antestor\AppData\Roaming\Filter Forge 2\Updates\Filter Forge 1.020 Setup.exe
[2010.08.10 18:12:42 | 035,951,104 | ---- | M] (Filter Forge, Inc.                                          ) -- C:\Users\Antestor\AppData\Roaming\Filter Forge 2\Updates\Filter Forge 1.021 Setup.exe
[2010.03.06 17:35:46 | 035,553,432 | ---- | M] (Filter Forge, Inc.                                          ) -- C:\Users\Antestor\AppData\Roaming\Filter Forge 2\Updates\Filter%20Forge%201.019%20Setup.exe
[2010.03.30 19:05:01 | 035,582,488 | ---- | M] (Filter Forge, Inc.                                          ) -- C:\Users\Antestor\AppData\Roaming\Filter Forge\Updates\Filter Forge 1.020 Setup.exe
[2010.08.10 18:12:42 | 035,951,104 | ---- | M] (Filter Forge, Inc.                                          ) -- C:\Users\Antestor\AppData\Roaming\Filter Forge\Updates\Filter Forge 1.021 Setup.exe
[2010.03.06 17:35:46 | 035,553,432 | ---- | M] (Filter Forge, Inc.                                          ) -- C:\Users\Antestor\AppData\Roaming\Filter Forge\Updates\Filter%20Forge%201.019%20Setup.exe
[2011.01.10 20:44:17 | 000,003,128 | R--- | M] () -- C:\Users\Antestor\AppData\Roaming\Microsoft\Installer\{147567F0-8575-4BE0-B5B3-62706C67FA5A}\ARPPRODUCTICON.exe
[2011.01.10 20:45:29 | 000,339,968 | R--- | M] (Acresso Software Inc.) -- C:\Users\Antestor\AppData\Roaming\Microsoft\Installer\{5866520C-8857-4986-833A-039F4584C3F7}\ARPPRODUCTICON.exe
[2011.01.10 20:45:29 | 000,339,968 | R--- | M] (Acresso Software Inc.) -- C:\Users\Antestor\AppData\Roaming\Microsoft\Installer\{5866520C-8857-4986-833A-039F4584C3F7}\Toontrack_solo.exe_192BF97F92894FC3B3234C1515C42CCD.exe
[2011.01.10 20:45:29 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Users\Antestor\AppData\Roaming\Microsoft\Installer\{5866520C-8857-4986-833A-039F4584C3F7}\UNINST_Uninstall_T_5866520C88574986833A039F4584C3F7.exe
[2011.01.10 20:38:31 | 000,003,128 | R--- | M] () -- C:\Users\Antestor\AppData\Roaming\Microsoft\Installer\{E80B34EE-F3E5-4F60-AE89-FF0D717554A2}\ARPPRODUCTICON.exe
[2011.05.08 13:40:13 | 000,005,310 | R--- | M] () -- C:\Users\Antestor\AppData\Roaming\Microsoft\Installer\{EAA14B41-B8FC-4B0B-934E-B9A3D46E885D}\_5837F10B782003C074ED67.exe
[2011.05.08 13:40:13 | 000,005,310 | R--- | M] () -- C:\Users\Antestor\AppData\Roaming\Microsoft\Installer\{EAA14B41-B8FC-4B0B-934E-B9A3D46E885D}\_6FEFF9B68218417F98F549.exe
[2009.11.09 19:19:34 | 000,010,134 | R--- | M] () -- C:\Users\Antestor\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
[2009.11.09 19:19:34 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Antestor\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
[2009.12.06 21:46:36 | 000,847,919 | ---- | M] () -- C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BibleWorkshop\bws.exe
[2010.03.18 02:51:46 | 023,995,392 | ---- | M] (Yellow Tools) -- C:\Users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\yellow tools Independence Free 2.5\Independence Free.exe
[2010.12.11 18:21:46 | 009,258,944 | ---- | M] (Synacast Corp.) -- C:\Users\Antestor\AppData\Roaming\PPLive\Update\Update.exe
[2011.10.20 19:28:04 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Antestor\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe
[2011.10.21 14:10:44 | 026,533,840 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Antestor\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_data\RealPlayer_de.exe
[2011.10.21 14:05:17 | 000,676,624 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Antestor\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_exe\RealPlayer_de.exe
[2011.09.19 18:13:53 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Users\Antestor\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
[2011.09.19 18:13:52 | 000,576,512 | ---- | M] (SanDisk Corporation) -- C:\Users\Antestor\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe
[2011.09.19 18:13:53 | 000,360,328 | ---- | M] (SanDisk Corporation) -- C:\Users\Antestor\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.08.20 05:26:55 | 010,991,104 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

< End of report >
         

Alt 14.11.2011, 13:53   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles - Standard

Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 39 96 E8 B5 8D F7 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.useDBForOrder: true
[2011.04.04 20:13:21 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
O4:64bit: - HKLM..\Run: [JulaPAN.exe] C:\Windows\SysNative\JulaPAN.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.07.02 10:39:37 | 000,000,000 | ---D | M] - E:\auto -- [ NTFS ]
O32 - AutoRun File - [2008.08.22 06:57:52 | 000,230,728 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - S:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.05.30 07:54:04 | 000,000,047 | R--- | M] () - S:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{461de88b-cbf0-11de-bb5b-001d60763add}\Shell - "" = AutoRun
O33 - MountPoints2\{461de88b-cbf0-11de-bb5b-001d60763add}\Shell\AutoRun\command - "" = S:\autorun.exe -- [2008.08.22 06:57:52 | 000,230,728 | R--- | M] (Konami Digital Entertainment Co., Ltd.)
O33 - MountPoints2\{7bcf7ce0-cbe8-11de-8ba3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7bcf7ce0-cbe8-11de-8ba3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\Assetup.exe
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.11.2011, 20:00   #10
Antestor
 
Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles - Standard

Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles



Hi!

Hab den OLT Fix gerade ausgeführt.
Hier das Logfile:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename
Prefs.js: true removed from browser.search.useDBForOrder
C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Antestor\AppData\Roaming\mozilla\Firefox\Profiles\yu5646sy.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\JulaPAN.exe deleted successfully.
C:\Windows\SysNative\JulaPAN.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
File move failed. S:\autorun.exe scheduled to be moved on reboot.
File move failed. S:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{461de88b-cbf0-11de-bb5b-001d60763add}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{461de88b-cbf0-11de-bb5b-001d60763add}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{461de88b-cbf0-11de-bb5b-001d60763add}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{461de88b-cbf0-11de-bb5b-001d60763add}\ not found.
File move failed. S:\autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bcf7ce0-cbe8-11de-8ba3-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bcf7ce0-cbe8-11de-8ba3-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bcf7ce0-cbe8-11de-8ba3-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bcf7ce0-cbe8-11de-8ba3-806e6f6e6963}\ not found.
File D:\Bin\Assetup.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Antestor
->Temp folder emptied: 15115370 bytes
->Temporary Internet Files folder emptied: 3708632976 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 111309182 bytes
->Opera cache emptied: 525472 bytes
->Flash cache emptied: 9810 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 2544640 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15150074 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66818 bytes
RecycleBin emptied: 21311780809 bytes
 
Total Files Cleaned = 23.999,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 11152011_195336

Files\Folders moved on Reboot...
File move failed. S:\autorun.exe scheduled to be moved on reboot.
File move failed. S:\Autorun.inf scheduled to be moved on reboot.
C:\Users\Antestor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2088.log moved successfully.

Registry entries deleted on Reboot...
         
Zur Erklärung für Laufwerk S:
Das ist mein DVD-Laufwerk in der sich seit je her die Original Pro Evo DVD befindet...

ABER: Leider fehlt jetzt in der Taskleiste das Control-Panel für meine Juli@-Soundkarte (Das war wohl das Julapan.exe). Krieg ich das irgendwie wieder?

Viele Grüße
Antestor

Alt 15.11.2011, 20:34   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles - Standard

Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles



Gehört das zur Soundkarte? Wie ich schon schrieb:

Zitat:
Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
Findest du die Datei in C:\_OTL\... wieder.


Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.11.2011, 21:05   #12
Antestor
 
Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles - Standard

Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles



Zitat:
Gehört das zur Soundkarte?
Ja gehört zur Juli@ Soundkarte von ESI! Habs wieder in den ursprünglichen Ordner kopiert.

Hier ist der TDSS Log:

Code:
ATTFilter
21:01:50.0859 6056	TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
21:01:51.0112 6056	============================================================
21:01:51.0112 6056	Current date / time: 2011/11/15 21:01:51.0112
21:01:51.0112 6056	SystemInfo:
21:01:51.0112 6056	
21:01:51.0112 6056	OS Version: 6.1.7601 ServicePack: 1.0
21:01:51.0112 6056	Product type: Workstation
21:01:51.0112 6056	ComputerName: GRAMHEIM-PC
21:01:51.0112 6056	UserName: Antestor
21:01:51.0113 6056	Windows directory: C:\Windows
21:01:51.0113 6056	System windows directory: C:\Windows
21:01:51.0113 6056	Running under WOW64
21:01:51.0113 6056	Processor architecture: Intel x64
21:01:51.0113 6056	Number of processors: 2
21:01:51.0113 6056	Page size: 0x1000
21:01:51.0113 6056	Boot type: Normal boot
21:01:51.0113 6056	============================================================
21:01:52.0103 6056	Initialize success
21:02:26.0399 5544	============================================================
21:02:26.0399 5544	Scan started
21:02:26.0399 5544	Mode: Manual; SigCheck; TDLFS; 
21:02:26.0399 5544	============================================================
21:02:26.0950 5544	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:02:27.0045 5544	1394ohci - ok
21:02:27.0101 5544	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:02:27.0120 5544	ACPI - ok
21:02:27.0153 5544	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:02:27.0179 5544	AcpiPmi - ok
21:02:27.0244 5544	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:02:27.0272 5544	adp94xx - ok
21:02:27.0303 5544	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:02:27.0326 5544	adpahci - ok
21:02:27.0345 5544	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:02:27.0364 5544	adpu320 - ok
21:02:27.0417 5544	afcdp           (3f5fdc12ffa4794fc3a178a26d48e7cf) C:\Windows\system32\DRIVERS\afcdp.sys
21:02:27.0473 5544	afcdp - ok
21:02:27.0528 5544	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:02:27.0560 5544	AFD - ok
21:02:27.0588 5544	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:02:27.0605 5544	agp440 - ok
21:02:27.0625 5544	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:02:27.0639 5544	aliide - ok
21:02:27.0653 5544	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:02:27.0669 5544	amdide - ok
21:02:27.0703 5544	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:02:27.0732 5544	AmdK8 - ok
21:02:27.0743 5544	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:02:27.0776 5544	AmdPPM - ok
21:02:27.0804 5544	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:02:27.0822 5544	amdsata - ok
21:02:27.0870 5544	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:02:27.0890 5544	amdsbs - ok
21:02:27.0924 5544	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:02:27.0935 5544	amdxata - ok
21:02:28.0017 5544	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:02:28.0058 5544	AppID - ok
21:02:28.0076 5544	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:02:28.0094 5544	arc - ok
21:02:28.0106 5544	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:02:28.0126 5544	arcsas - ok
21:02:28.0144 5544	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:02:28.0182 5544	AsyncMac - ok
21:02:28.0200 5544	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:02:28.0210 5544	atapi - ok
21:02:28.0283 5544	ATICDSDr - ok
21:02:28.0467 5544	atikmdag        (2263eafcf5add181b7fd47b78ae6d3e3) C:\Windows\system32\DRIVERS\atikmdag.sys
21:02:28.0673 5544	atikmdag - ok
21:02:28.0708 5544	avgntflt        (c30b5fc0adcdfba7668e99baf0cbf58e) C:\Windows\system32\DRIVERS\avgntflt.sys
21:02:28.0717 5544	avgntflt - ok
21:02:28.0761 5544	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:02:28.0797 5544	b06bdrv - ok
21:02:28.0822 5544	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:02:28.0847 5544	b57nd60a - ok
21:02:28.0870 5544	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:02:28.0919 5544	Beep - ok
21:02:28.0960 5544	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:02:28.0977 5544	blbdrive - ok
21:02:29.0027 5544	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:02:29.0040 5544	bowser - ok
21:02:29.0080 5544	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:02:29.0098 5544	BrFiltLo - ok
21:02:29.0113 5544	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:02:29.0131 5544	BrFiltUp - ok
21:02:29.0156 5544	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:02:29.0202 5544	Brserid - ok
21:02:29.0272 5544	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:02:29.0291 5544	BrSerWdm - ok
21:02:29.0301 5544	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:02:29.0333 5544	BrUsbMdm - ok
21:02:29.0344 5544	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:02:29.0361 5544	BrUsbSer - ok
21:02:29.0380 5544	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:02:29.0401 5544	BTHMODEM - ok
21:02:29.0448 5544	CbrVidA         (c897371658d6ca7a68c8dcd539bdfe65) C:\Windows\system32\CbrVidA.sys
21:02:29.0461 5544	CbrVidA - ok
21:02:29.0478 5544	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:02:29.0535 5544	cdfs - ok
21:02:29.0580 5544	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:02:29.0601 5544	cdrom - ok
21:02:29.0621 5544	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:02:29.0654 5544	circlass - ok
21:02:29.0689 5544	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:02:29.0706 5544	CLFS - ok
21:02:29.0743 5544	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:02:29.0759 5544	CmBatt - ok
21:02:29.0790 5544	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:02:29.0805 5544	cmdide - ok
21:02:29.0848 5544	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:02:29.0874 5544	CNG - ok
21:02:29.0895 5544	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:02:29.0910 5544	Compbatt - ok
21:02:29.0947 5544	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:02:29.0981 5544	CompositeBus - ok
21:02:30.0040 5544	cpuz130 - ok
21:02:30.0061 5544	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:02:30.0076 5544	crcdisk - ok
21:02:30.0140 5544	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:02:30.0188 5544	DfsC - ok
21:02:30.0267 5544	DIRECTIO        (a17c403c4b74d4fa920c3887066daeb2) C:\Program Files (x86)\BurnInTest\DirectIo.sys
21:02:30.0278 5544	DIRECTIO - ok
21:02:30.0297 5544	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:02:30.0338 5544	discache - ok
21:02:30.0388 5544	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:02:30.0399 5544	Disk - ok
21:02:30.0501 5544	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:02:30.0519 5544	drmkaud - ok
21:02:30.0563 5544	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:02:30.0610 5544	DXGKrnl - ok
21:02:30.0702 5544	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:02:30.0834 5544	ebdrv - ok
21:02:30.0884 5544	ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:02:30.0897 5544	ElbyCDIO - ok
21:02:30.0932 5544	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:02:30.0961 5544	elxstor - ok
21:02:30.0993 5544	ENTECH64        (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
21:02:31.0004 5544	ENTECH64 - ok
21:02:31.0043 5544	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:02:31.0059 5544	ErrDev - ok
21:02:31.0094 5544	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:02:31.0140 5544	exfat - ok
21:02:31.0162 5544	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:02:31.0203 5544	fastfat - ok
21:02:31.0227 5544	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:02:31.0244 5544	fdc - ok
21:02:31.0275 5544	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:02:31.0286 5544	FileInfo - ok
21:02:31.0306 5544	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:02:31.0359 5544	Filetrace - ok
21:02:31.0405 5544	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:02:31.0422 5544	flpydisk - ok
21:02:31.0460 5544	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:02:31.0476 5544	FltMgr - ok
21:02:31.0524 5544	FreeOTFE        (72b73acd5f7f3a368a80fec70d5b0d8c) C:\Windows\System32\FreeOTFE.sys
21:02:31.0534 5544	FreeOTFE ( UnsignedFile.Multi.Generic ) - warning
21:02:31.0534 5544	FreeOTFE - detected UnsignedFile.Multi.Generic (1)
21:02:31.0559 5544	FreeOTFECypherAES_ltc (63b156e752252742f291c15e46575a28) C:\Windows\System32\FreeOTFECypherAES_ltc.sys
21:02:31.0582 5544	FreeOTFECypherAES_ltc ( UnsignedFile.Multi.Generic ) - warning
21:02:31.0582 5544	FreeOTFECypherAES_ltc - detected UnsignedFile.Multi.Generic (1)
21:02:31.0603 5544	FreeOTFECypherBlowfish (7e3d01e3b16ed8aad2dfe75fa01efab2) C:\Windows\System32\FreeOTFECypherBlowfish.sys
21:02:31.0625 5544	FreeOTFECypherBlowfish ( UnsignedFile.Multi.Generic ) - warning
21:02:31.0625 5544	FreeOTFECypherBlowfish - detected UnsignedFile.Multi.Generic (1)
21:02:31.0651 5544	FreeOTFECypherCAST5 (c3984a51bbd900dd745ddfd520a44ce4) C:\Windows\System32\FreeOTFECypherCAST5.sys
21:02:31.0671 5544	FreeOTFECypherCAST5 ( UnsignedFile.Multi.Generic ) - warning
21:02:31.0671 5544	FreeOTFECypherCAST5 - detected UnsignedFile.Multi.Generic (1)
21:02:31.0749 5544	FreeOTFECypherCAST6_Gladman (3859d1952fab7ca303fb1e1dfb2c72e5) C:\Windows\System32\FreeOTFECypherCAST6_Gladman.sys
21:02:31.0761 5544	FreeOTFECypherCAST6_Gladman ( UnsignedFile.Multi.Generic ) - warning
21:02:31.0761 5544	FreeOTFECypherCAST6_Gladman - detected UnsignedFile.Multi.Generic (1)
21:02:31.0788 5544	FreeOTFECypherDES (9b560d25ad5b12e0c23c7ab0c6c6fe65) C:\Windows\System32\FreeOTFECypherDES.sys
21:02:31.0808 5544	FreeOTFECypherDES ( UnsignedFile.Multi.Generic ) - warning
21:02:31.0808 5544	FreeOTFECypherDES - detected UnsignedFile.Multi.Generic (1)
21:02:31.0834 5544	FreeOTFECypherMARS_Gladman (21fd0076acbe45cf5f2f6ace47f2911b) C:\Windows\System32\FreeOTFECypherMARS_Gladman.sys
21:02:31.0857 5544	FreeOTFECypherMARS_Gladman ( UnsignedFile.Multi.Generic ) - warning
21:02:31.0857 5544	FreeOTFECypherMARS_Gladman - detected UnsignedFile.Multi.Generic (1)
21:02:31.0898 5544	FreeOTFECypherRC6_ltc (2430e45ef1439aab0e896437aaa1c685) C:\Windows\System32\FreeOTFECypherRC6_ltc.sys
21:02:31.0907 5544	FreeOTFECypherRC6_ltc ( UnsignedFile.Multi.Generic ) - warning
21:02:31.0907 5544	FreeOTFECypherRC6_ltc - detected UnsignedFile.Multi.Generic (1)
21:02:31.0929 5544	FreeOTFECypherSerpent_Gladman (ed7382fd681ca9ea81494595527de21d) C:\Windows\System32\FreeOTFECypherSerpent_Gladman.sys
21:02:31.0953 5544	FreeOTFECypherSerpent_Gladman ( UnsignedFile.Multi.Generic ) - warning
21:02:31.0953 5544	FreeOTFECypherSerpent_Gladman - detected UnsignedFile.Multi.Generic (1)
21:02:31.0975 5544	FreeOTFECypherTwofish_ltc (1b00b0d5ccd4e7270d145b53612584c3) C:\Windows\System32\FreeOTFECypherTwofish_ltc.sys
21:02:31.0986 5544	FreeOTFECypherTwofish_ltc ( UnsignedFile.Multi.Generic ) - warning
21:02:31.0986 5544	FreeOTFECypherTwofish_ltc - detected UnsignedFile.Multi.Generic (1)
21:02:31.0999 5544	FreeOTFEHashMD  (6ce7f52fc992f747ab9d68611198af1d) C:\Windows\System32\FreeOTFEHashMD.sys
21:02:32.0007 5544	FreeOTFEHashMD ( UnsignedFile.Multi.Generic ) - warning
21:02:32.0007 5544	FreeOTFEHashMD - detected UnsignedFile.Multi.Generic (1)
21:02:32.0021 5544	FreeOTFEHashRIPEMD (4d5026914bb47a035fb552511b9cda59) C:\Windows\System32\FreeOTFEHashRIPEMD.sys
21:02:32.0040 5544	FreeOTFEHashRIPEMD ( UnsignedFile.Multi.Generic ) - warning
21:02:32.0040 5544	FreeOTFEHashRIPEMD - detected UnsignedFile.Multi.Generic (1)
21:02:32.0078 5544	FreeOTFEHashSHA (e560a1733f4cf2d626f46dae71522df9) C:\Windows\System32\FreeOTFEHashSHA.sys
21:02:32.0096 5544	FreeOTFEHashSHA ( UnsignedFile.Multi.Generic ) - warning
21:02:32.0096 5544	FreeOTFEHashSHA - detected UnsignedFile.Multi.Generic (1)
21:02:32.0117 5544	FreeOTFEHashTiger (c28cccc8556f5a675f186565946b27ca) C:\Windows\System32\FreeOTFEHashTiger.sys
21:02:32.0126 5544	FreeOTFEHashTiger ( UnsignedFile.Multi.Generic ) - warning
21:02:32.0126 5544	FreeOTFEHashTiger - detected UnsignedFile.Multi.Generic (1)
21:02:32.0164 5544	FreeOTFEHashWhirlpool (590531108e8cc5ac5b23a1acf0247a14) C:\Windows\System32\FreeOTFEHashWhirlpool.sys
21:02:32.0174 5544	FreeOTFEHashWhirlpool ( UnsignedFile.Multi.Generic ) - warning
21:02:32.0174 5544	FreeOTFEHashWhirlpool - detected UnsignedFile.Multi.Generic (1)
21:02:32.0216 5544	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:02:32.0232 5544	FsDepends - ok
21:02:32.0253 5544	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:02:32.0267 5544	Fs_Rec - ok
21:02:32.0316 5544	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:02:32.0333 5544	fvevol - ok
21:02:32.0360 5544	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:02:32.0376 5544	gagp30kx - ok
21:02:32.0408 5544	ggflt           (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
21:02:32.0419 5544	ggflt - ok
21:02:32.0444 5544	ggsemc          (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
21:02:32.0455 5544	ggsemc - ok
21:02:32.0501 5544	hcmon           (b93b24f258441820e575c7983ba47313) C:\Windows\system32\drivers\hcmon.sys
21:02:32.0513 5544	hcmon - ok
21:02:32.0530 5544	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:02:32.0554 5544	hcw85cir - ok
21:02:32.0604 5544	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:02:32.0634 5544	HdAudAddService - ok
21:02:32.0674 5544	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:02:32.0691 5544	HDAudBus - ok
21:02:32.0714 5544	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:02:32.0731 5544	HidBatt - ok
21:02:32.0743 5544	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:02:32.0776 5544	HidBth - ok
21:02:32.0788 5544	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:02:32.0808 5544	HidIr - ok
21:02:32.0852 5544	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:02:32.0869 5544	HidUsb - ok
21:02:32.0903 5544	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:02:32.0920 5544	HpSAMD - ok
21:02:33.0017 5544	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:02:33.0086 5544	HTTP - ok
21:02:33.0137 5544	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:02:33.0148 5544	hwpolicy - ok
21:02:33.0184 5544	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:02:33.0205 5544	i8042prt - ok
21:02:33.0252 5544	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:02:33.0279 5544	iaStorV - ok
21:02:33.0302 5544	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:02:33.0318 5544	iirsp - ok
21:02:33.0338 5544	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:02:33.0349 5544	intelide - ok
21:02:33.0376 5544	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:02:33.0390 5544	intelppm - ok
21:02:33.0431 5544	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:02:33.0474 5544	IpFilterDriver - ok
21:02:33.0508 5544	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:02:33.0527 5544	IPMIDRV - ok
21:02:33.0549 5544	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:02:33.0593 5544	IPNAT - ok
21:02:33.0619 5544	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:02:33.0640 5544	IRENUM - ok
21:02:33.0657 5544	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:02:33.0672 5544	isapnp - ok
21:02:33.0695 5544	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:02:33.0721 5544	iScsiPrt - ok
21:02:33.0758 5544	JRAID           (6ebe4832b1a7c063fdf87035afc1e3dc) C:\Windows\system32\DRIVERS\jraid.sys
21:02:33.0767 5544	JRAID - ok
21:02:33.0792 5544	Jula.sys        (931fe3a27c44b2be0064364004815f04) C:\Windows\system32\DRIVERS\Jula.sys
21:02:33.0805 5544	Jula.sys - ok
21:02:33.0838 5544	JulaWDM.sys     (93e40d108351c25fd4e2ea02aed07cbf) C:\Windows\system32\DRIVERS\JulaWDM.sys
21:02:33.0849 5544	JulaWDM.sys - ok
21:02:33.0895 5544	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:02:33.0911 5544	kbdclass - ok
21:02:33.0935 5544	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:02:33.0962 5544	kbdhid - ok
21:02:33.0987 5544	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:02:33.0999 5544	KSecDD - ok
21:02:34.0037 5544	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:02:34.0051 5544	KSecPkg - ok
21:02:34.0068 5544	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:02:34.0109 5544	ksthunk - ok
21:02:34.0161 5544	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:02:34.0218 5544	lltdio - ok
21:02:34.0276 5544	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:02:34.0294 5544	LSI_FC - ok
21:02:34.0306 5544	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:02:34.0323 5544	LSI_SAS - ok
21:02:34.0342 5544	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:02:34.0358 5544	LSI_SAS2 - ok
21:02:34.0371 5544	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:02:34.0389 5544	LSI_SCSI - ok
21:02:34.0409 5544	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:02:34.0449 5544	luafv - ok
21:02:34.0491 5544	MBAMProtector   (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
21:02:34.0501 5544	MBAMProtector - ok
21:02:34.0523 5544	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:02:34.0539 5544	megasas - ok
21:02:34.0565 5544	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:02:34.0588 5544	MegaSR - ok
21:02:34.0615 5544	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:02:34.0657 5544	Modem - ok
21:02:34.0676 5544	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:02:34.0692 5544	monitor - ok
21:02:34.0728 5544	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:02:34.0745 5544	mouclass - ok
21:02:34.0769 5544	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:02:34.0788 5544	mouhid - ok
21:02:34.0820 5544	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:02:34.0832 5544	mountmgr - ok
21:02:34.0868 5544	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:02:34.0889 5544	mpio - ok
21:02:34.0905 5544	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:02:34.0948 5544	mpsdrv - ok
21:02:34.0988 5544	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:02:35.0014 5544	MRxDAV - ok
21:02:35.0044 5544	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:02:35.0059 5544	mrxsmb - ok
21:02:35.0099 5544	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:02:35.0115 5544	mrxsmb10 - ok
21:02:35.0136 5544	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:02:35.0150 5544	mrxsmb20 - ok
21:02:35.0182 5544	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:02:35.0196 5544	msahci - ok
21:02:35.0220 5544	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:02:35.0239 5544	msdsm - ok
21:02:35.0264 5544	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:02:35.0310 5544	Msfs - ok
21:02:35.0343 5544	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:02:35.0383 5544	mshidkmdf - ok
21:02:35.0413 5544	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:02:35.0424 5544	msisadrv - ok
21:02:35.0453 5544	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:02:35.0494 5544	MSKSSRV - ok
21:02:35.0510 5544	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:02:35.0564 5544	MSPCLOCK - ok
21:02:35.0587 5544	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:02:35.0641 5544	MSPQM - ok
21:02:35.0684 5544	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:02:35.0702 5544	MsRPC - ok
21:02:35.0725 5544	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:02:35.0736 5544	mssmbios - ok
21:02:35.0746 5544	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:02:35.0787 5544	MSTEE - ok
21:02:35.0803 5544	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:02:35.0820 5544	MTConfig - ok
21:02:35.0850 5544	MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
21:02:35.0868 5544	MTsensor - ok
21:02:35.0894 5544	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:02:35.0906 5544	Mup - ok
21:02:35.0944 5544	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:02:35.0976 5544	NativeWifiP - ok
21:02:36.0044 5544	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:02:36.0088 5544	NDIS - ok
21:02:36.0115 5544	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:02:36.0166 5544	NdisCap - ok
21:02:36.0192 5544	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:02:36.0234 5544	NdisTapi - ok
21:02:36.0270 5544	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:02:36.0312 5544	Ndisuio - ok
21:02:36.0351 5544	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:02:36.0396 5544	NdisWan - ok
21:02:36.0435 5544	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:02:36.0477 5544	NDProxy - ok
21:02:36.0512 5544	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:02:36.0563 5544	NetBIOS - ok
21:02:36.0595 5544	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:02:36.0642 5544	NetBT - ok
21:02:36.0686 5544	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:02:36.0702 5544	nfrd960 - ok
21:02:36.0729 5544	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:02:36.0768 5544	Npfs - ok
21:02:36.0789 5544	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:02:36.0841 5544	nsiproxy - ok
21:02:36.0926 5544	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:02:36.0988 5544	Ntfs - ok
21:02:37.0008 5544	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:02:37.0060 5544	Null - ok
21:02:37.0102 5544	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:02:37.0121 5544	nvraid - ok
21:02:37.0139 5544	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:02:37.0159 5544	nvstor - ok
21:02:37.0203 5544	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:02:37.0221 5544	nv_agp - ok
21:02:37.0254 5544	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:02:37.0273 5544	ohci1394 - ok
21:02:37.0301 5544	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:02:37.0320 5544	Parport - ok
21:02:37.0335 5544	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:02:37.0346 5544	partmgr - ok
21:02:37.0384 5544	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:02:37.0397 5544	pci - ok
21:02:37.0430 5544	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:02:37.0441 5544	pciide - ok
21:02:37.0468 5544	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:02:37.0492 5544	pcmcia - ok
21:02:37.0519 5544	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:02:37.0530 5544	pcw - ok
21:02:37.0562 5544	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:02:37.0622 5544	PEAUTH - ok
21:02:37.0695 5544	Pnp680r         (53c96271f1f6db9f4983fca85f2dfb52) C:\Windows\system32\DRIVERS\pnp680r.sys
21:02:37.0705 5544	Pnp680r - ok
21:02:37.0762 5544	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:02:37.0805 5544	PptpMiniport - ok
21:02:37.0826 5544	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:02:37.0845 5544	Processor - ok
21:02:37.0893 5544	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:02:37.0932 5544	Psched - ok
21:02:38.0069 5544	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:02:38.0170 5544	ql2300 - ok
21:02:38.0193 5544	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:02:38.0212 5544	ql40xx - ok
21:02:38.0239 5544	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:02:38.0273 5544	QWAVEdrv - ok
21:02:38.0295 5544	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:02:38.0336 5544	RasAcd - ok
21:02:38.0364 5544	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:02:38.0406 5544	RasAgileVpn - ok
21:02:38.0445 5544	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:02:38.0488 5544	Rasl2tp - ok
21:02:38.0512 5544	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:02:38.0556 5544	RasPppoe - ok
21:02:38.0576 5544	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:02:38.0619 5544	RasSstp - ok
21:02:38.0659 5544	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:02:38.0700 5544	rdbss - ok
21:02:38.0713 5544	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:02:38.0733 5544	rdpbus - ok
21:02:38.0746 5544	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:02:38.0797 5544	RDPCDD - ok
21:02:38.0824 5544	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:02:38.0874 5544	RDPENCDD - ok
21:02:38.0896 5544	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:02:38.0936 5544	RDPREFMP - ok
21:02:38.0972 5544	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:02:39.0018 5544	RDPWD - ok
21:02:39.0060 5544	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:02:39.0073 5544	rdyboost - ok
21:02:39.0106 5544	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:02:39.0159 5544	rspndr - ok
21:02:39.0240 5544	RTL8167         (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:02:39.0261 5544	RTL8167 - ok
21:02:39.0291 5544	s0016bus        (ea268bce30691c2dd24f02e617fd2eb5) C:\Windows\system32\DRIVERS\s0016bus.sys
21:02:39.0305 5544	s0016bus - ok
21:02:39.0325 5544	s0016mdfl       (f5f9deb89996d333ef976624d37e24e3) C:\Windows\system32\DRIVERS\s0016mdfl.sys
21:02:39.0336 5544	s0016mdfl - ok
21:02:39.0359 5544	s0016mdm        (c17ce2aee67480febcc36eccb54c0be8) C:\Windows\system32\DRIVERS\s0016mdm.sys
21:02:39.0375 5544	s0016mdm - ok
21:02:39.0389 5544	s0016mgmt       (cc267f04c54c5ec5b7bd658d7628469f) C:\Windows\system32\DRIVERS\s0016mgmt.sys
21:02:39.0405 5544	s0016mgmt - ok
21:02:39.0431 5544	s0016nd5        (30a35bbce09d9fe67482fd62c61911fc) C:\Windows\system32\DRIVERS\s0016nd5.sys
21:02:39.0443 5544	s0016nd5 - ok
21:02:39.0464 5544	s0016obex       (ca394dcc38579c7ad82e83ee64d798a0) C:\Windows\system32\DRIVERS\s0016obex.sys
21:02:39.0479 5544	s0016obex - ok
21:02:39.0495 5544	s0016unic       (eb267ccea84e6e8598d92f73332ac67b) C:\Windows\system32\DRIVERS\s0016unic.sys
21:02:39.0510 5544	s0016unic - ok
21:02:39.0551 5544	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:02:39.0569 5544	sbp2port - ok
21:02:39.0611 5544	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:02:39.0652 5544	scfilter - ok
21:02:39.0678 5544	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:02:39.0720 5544	secdrv - ok
21:02:39.0747 5544	seehcri - ok
21:02:39.0776 5544	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:02:39.0792 5544	Serenum - ok
21:02:39.0813 5544	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:02:39.0832 5544	Serial - ok
21:02:39.0860 5544	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:02:39.0877 5544	sermouse - ok
21:02:39.0920 5544	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:02:39.0952 5544	sffdisk - ok
21:02:39.0974 5544	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:02:39.0993 5544	sffp_mmc - ok
21:02:40.0008 5544	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:02:40.0027 5544	sffp_sd - ok
21:02:40.0045 5544	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:02:40.0062 5544	sfloppy - ok
21:02:40.0092 5544	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:02:40.0108 5544	SiSRaid2 - ok
21:02:40.0127 5544	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:02:40.0143 5544	SiSRaid4 - ok
21:02:40.0156 5544	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:02:40.0201 5544	Smb - ok
21:02:40.0255 5544	snapman         (27ba49f89468fddae6c2b311c53bce3a) C:\Windows\system32\DRIVERS\snapman.sys
21:02:40.0267 5544	snapman - ok
21:02:40.0290 5544	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:02:40.0301 5544	spldr - ok
21:02:40.0348 5544	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:02:40.0378 5544	srv - ok
21:02:40.0405 5544	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:02:40.0435 5544	srv2 - ok
21:02:40.0487 5544	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:02:40.0513 5544	srvnet - ok
21:02:40.0548 5544	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:02:40.0563 5544	stexstor - ok
21:02:40.0617 5544	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:02:40.0631 5544	swenum - ok
21:02:40.0733 5544	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:02:40.0804 5544	Tcpip - ok
21:02:40.0865 5544	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:02:40.0907 5544	TCPIP6 - ok
21:02:40.0946 5544	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:02:40.0987 5544	tcpipreg - ok
21:02:41.0006 5544	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:02:41.0046 5544	TDPIPE - ok
21:02:41.0112 5544	tdrpman258      (bf7ac81df6fbe09438d9dc7188178ea9) C:\Windows\system32\DRIVERS\tdrpm258.sys
21:02:41.0164 5544	tdrpman258 - ok
21:02:41.0184 5544	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:02:41.0225 5544	TDTCP - ok
21:02:41.0264 5544	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:02:41.0317 5544	tdx - ok
21:02:41.0358 5544	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:02:41.0374 5544	TermDD - ok
21:02:41.0430 5544	timounter       (2c1caf5563548a15515eab07d2a069c6) C:\Windows\system32\DRIVERS\timntr.sys
21:02:41.0464 5544	timounter - ok
21:02:41.0484 5544	truecrypt - ok
21:02:41.0531 5544	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:02:41.0571 5544	tssecsrv - ok
21:02:41.0608 5544	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:02:41.0653 5544	TsUsbFlt - ok
21:02:41.0773 5544	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:02:41.0817 5544	tunnel - ok
21:02:41.0839 5544	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:02:41.0855 5544	uagp35 - ok
21:02:41.0895 5544	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:02:41.0936 5544	udfs - ok
21:02:41.0978 5544	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:02:41.0995 5544	uliagpkx - ok
21:02:42.0032 5544	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:02:42.0051 5544	umbus - ok
21:02:42.0069 5544	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:02:42.0085 5544	UmPass - ok
21:02:42.0128 5544	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:02:42.0161 5544	usbaudio - ok
21:02:42.0192 5544	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:02:42.0213 5544	usbccgp - ok
21:02:42.0244 5544	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:02:42.0281 5544	usbcir - ok
21:02:42.0302 5544	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:02:42.0319 5544	usbehci - ok
21:02:42.0347 5544	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:02:42.0389 5544	usbhub - ok
21:02:42.0411 5544	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
21:02:42.0428 5544	usbohci - ok
21:02:42.0457 5544	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:02:42.0476 5544	usbprint - ok
21:02:42.0515 5544	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:02:42.0536 5544	usbscan - ok
21:02:42.0579 5544	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:02:42.0599 5544	USBSTOR - ok
21:02:42.0624 5544	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
21:02:42.0651 5544	usbuhci - ok
21:02:42.0697 5544	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:02:42.0708 5544	vdrvroot - ok
21:02:42.0728 5544	VD_FileDisk - ok
21:02:42.0752 5544	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:02:42.0772 5544	vga - ok
21:02:42.0789 5544	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:02:42.0841 5544	VgaSave - ok
21:02:42.0882 5544	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:02:42.0905 5544	vhdmp - ok
21:02:43.0009 5544	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:02:43.0023 5544	viaide - ok
21:02:43.0068 5544	vmci            (cc711ed4f3d1987e84745237358ff87c) C:\Windows\system32\drivers\vmci.sys
21:02:43.0081 5544	vmci - ok
21:02:43.0112 5544	vmkbd           (98e05ba0c49aa98aa0fd998ebc33d763) C:\Windows\system32\drivers\VMkbd.sys
21:02:43.0123 5544	vmkbd - ok
21:02:43.0136 5544	VMnetAdapter    (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
21:02:43.0147 5544	VMnetAdapter - ok
21:02:43.0164 5544	VMnetBridge     (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
21:02:43.0177 5544	VMnetBridge - ok
21:02:43.0196 5544	VMnetuserif     (3a9ad1d1fcf673b1b7f27140e45aeffd) C:\Windows\system32\drivers\vmnetuserif.sys
21:02:43.0208 5544	VMnetuserif - ok
21:02:43.0219 5544	VMparport       (243f106a48c3af953cf2a78dc01a02b8) C:\Windows\system32\drivers\VMparport.sys
21:02:43.0231 5544	VMparport - ok
21:02:43.0260 5544	vmusb           (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
21:02:43.0271 5544	vmusb - ok
21:02:43.0303 5544	vmx86           (884737c95b3e1281525d7bc6e9e9d11f) C:\Windows\system32\drivers\vmx86.sys
21:02:43.0316 5544	vmx86 - ok
21:02:43.0333 5544	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:02:43.0344 5544	volmgr - ok
21:02:43.0382 5544	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:02:43.0399 5544	volmgrx - ok
21:02:43.0422 5544	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:02:43.0438 5544	volsnap - ok
21:02:43.0466 5544	vpcbus          (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
21:02:43.0489 5544	vpcbus - ok
21:02:43.0532 5544	vpcnfltr        (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
21:02:43.0550 5544	vpcnfltr - ok
21:02:43.0569 5544	vpcusb          (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
21:02:43.0589 5544	vpcusb - ok
21:02:43.0628 5544	vpcvmm          (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
21:02:43.0646 5544	vpcvmm - ok
21:02:43.0675 5544	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:02:43.0695 5544	vsmraid - ok
21:02:43.0757 5544	vstor2-ws60     (69f57e89e6ebc5012d210527af005a70) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
21:02:43.0768 5544	vstor2-ws60 - ok
21:02:43.0803 5544	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:02:43.0836 5544	vwifibus - ok
21:02:43.0858 5544	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:02:43.0879 5544	WacomPen - ok
21:02:43.0911 5544	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:02:43.0953 5544	WANARP - ok
21:02:43.0959 5544	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:02:43.0996 5544	Wanarpv6 - ok
21:02:44.0023 5544	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:02:44.0039 5544	Wd - ok
21:02:44.0076 5544	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:02:44.0100 5544	Wdf01000 - ok
21:02:44.0140 5544	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:02:44.0181 5544	WfpLwf - ok
21:02:44.0223 5544	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:02:44.0240 5544	WIMMount - ok
21:02:44.0307 5544	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:02:44.0329 5544	WinUsb - ok
21:02:44.0368 5544	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:02:44.0384 5544	WmiAcpi - ok
21:02:44.0434 5544	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:02:44.0476 5544	ws2ifsl - ok
21:02:44.0528 5544	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:02:44.0571 5544	WudfPf - ok
21:02:44.0598 5544	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:02:44.0637 5544	WUDFRd - ok
21:02:44.0667 5544	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:02:44.0703 5544	\Device\Harddisk0\DR0 - ok
21:02:44.0721 5544	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
21:02:44.0851 5544	\Device\Harddisk1\DR1 - ok
21:02:44.0874 5544	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
21:02:44.0937 5544	\Device\Harddisk2\DR2 - ok
21:02:44.0940 5544	Boot (0x1200)   (dd5cac46500dba42a4026b1a5ec3f3c7) \Device\Harddisk0\DR0\Partition0
21:02:44.0941 5544	\Device\Harddisk0\DR0\Partition0 - ok
21:02:44.0969 5544	Boot (0x1200)   (cafbb97ac52bff38a5f0c348955c4ca4) \Device\Harddisk1\DR1\Partition0
21:02:44.0970 5544	\Device\Harddisk1\DR1\Partition0 - ok
21:02:44.0974 5544	Boot (0x1200)   (b489ca58caff982f9f05b02fa7669a51) \Device\Harddisk1\DR1\Partition1
21:02:44.0975 5544	\Device\Harddisk1\DR1\Partition1 - ok
21:02:44.0998 5544	Boot (0x1200)   (18a168e13a1944e9ee3178adbad4472c) \Device\Harddisk2\DR2\Partition0
21:02:44.0998 5544	\Device\Harddisk2\DR2\Partition0 - ok
21:02:45.0016 5544	Boot (0x1200)   (e99ab091cdd3ce25df93a5d38ce9a9b5) \Device\Harddisk2\DR2\Partition1
21:02:45.0016 5544	\Device\Harddisk2\DR2\Partition1 - ok
21:02:45.0028 5544	Boot (0x1200)   (7169fe65a96ed969df5be590d68d8ad3) \Device\Harddisk2\DR2\Partition2
21:02:45.0028 5544	\Device\Harddisk2\DR2\Partition2 - ok
21:02:45.0032 5544	Boot (0x1200)   (cbc813194063d0f204c066cd2905e952) \Device\Harddisk2\DR2\Partition3
21:02:45.0033 5544	\Device\Harddisk2\DR2\Partition3 - ok
21:02:45.0035 5544	============================================================
21:02:45.0035 5544	Scan finished
21:02:45.0035 5544	============================================================
21:02:45.0049 5176	Detected object count: 15
21:02:45.0049 5176	Actual detected object count: 15
21:03:17.0549 5176	FreeOTFE ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0549 5176	FreeOTFE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:03:17.0551 5176	FreeOTFECypherAES_ltc ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0551 5176	FreeOTFECypherAES_ltc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:03:17.0554 5176	FreeOTFECypherBlowfish ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0554 5176	FreeOTFECypherBlowfish ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:03:17.0557 5176	FreeOTFECypherCAST5 ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0557 5176	FreeOTFECypherCAST5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:03:17.0559 5176	FreeOTFECypherCAST6_Gladman ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0559 5176	FreeOTFECypherCAST6_Gladman ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:03:17.0562 5176	FreeOTFECypherDES ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0562 5176	FreeOTFECypherDES ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:03:17.0565 5176	FreeOTFECypherMARS_Gladman ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0565 5176	FreeOTFECypherMARS_Gladman ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:03:17.0569 5176	FreeOTFECypherRC6_ltc ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0569 5176	FreeOTFECypherRC6_ltc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:03:17.0572 5176	FreeOTFECypherSerpent_Gladman ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0572 5176	FreeOTFECypherSerpent_Gladman ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:03:17.0574 5176	FreeOTFECypherTwofish_ltc ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0574 5176	FreeOTFECypherTwofish_ltc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:03:17.0578 5176	FreeOTFEHashMD ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0578 5176	FreeOTFEHashMD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:03:17.0580 5176	FreeOTFEHashRIPEMD ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0581 5176	FreeOTFEHashRIPEMD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:03:17.0584 5176	FreeOTFEHashSHA ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0584 5176	FreeOTFEHashSHA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:03:17.0587 5176	FreeOTFEHashTiger ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0587 5176	FreeOTFEHashTiger ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:03:17.0590 5176	FreeOTFEHashWhirlpool ( UnsignedFile.Multi.Generic ) - skipped by user
21:03:17.0590 5176	FreeOTFEHashWhirlpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 16.11.2011, 09:23   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles - Standard

Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.11.2011, 21:13   #14
Antestor
 
Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles - Standard

Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles



Hier ist der ComboFix Log:

Code:
ATTFilter
ComboFix 11-11-16.01 - Antestor 16.11.2011  20:49:59.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2594 [GMT 1:00]
ausgeführt von:: c:\users\Antestor\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Antestor\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
c:\windows\Fonts\ATMFM.EXE
c:\windows\Fonts\GRAFIK1.TTF
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\swctl.dll
c:\windows\SysWow64\Temp
c:\windows\SysWow64\Temp\DE99B447R3
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-10-16 bis 2011-11-16  ))))))))))))))))))))))))))))))
.
.
2011-11-16 19:56 . 2011-11-16 19:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-16 19:08 . 2011-11-16 19:08	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6957CD65-64BB-42C4-860B-BD0A0F188E1A}\offreg.dll
2011-11-15 19:48 . 2009-10-23 11:19	526368	----a-w-	c:\windows\system32\JulaPAN.exe
2011-11-15 18:53 . 2011-11-15 18:53	--------	d-----w-	C:\_OTL
2011-11-15 18:44 . 2011-10-07 04:16	8570192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6957CD65-64BB-42C4-860B-BD0A0F188E1A}\mpengine.dll
2011-11-12 10:37 . 2011-11-12 10:37	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-11-12 10:21 . 2011-11-12 10:21	--------	d-----w-	c:\windows\system32\Macromed
2011-11-11 15:04 . 2011-11-11 15:04	--------	d-----w-	c:\program files (x86)\ESET
2011-11-10 18:24 . 2011-11-10 18:24	--------	d-----w-	c:\users\Antestor\AppData\Roaming\Malwarebytes
2011-11-10 18:23 . 2011-11-10 18:23	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-10 18:23 . 2011-11-10 18:23	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-10 18:23 . 2011-08-31 16:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-08 21:18 . 2011-10-01 05:45	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-08 21:18 . 2011-10-01 04:37	708608	----a-w-	c:\program files (x86)\Common Files\System\wab32.dll
2011-11-08 21:18 . 2011-09-29 16:29	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-08 21:17 . 2011-09-29 04:03	3144704	----a-w-	c:\windows\system32\win32k.sys
2011-11-04 17:42 . 2011-11-04 17:42	--------	d-----w-	c:\users\Antestor\AppData\Local\Unity
2011-10-25 19:17 . 2011-08-13 05:27	6144	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2011-10-25 19:17 . 2011-08-13 04:18	6144	----a-w-	c:\program files (x86)\Internet Explorer\iecompat.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 10:21 . 2011-05-19 14:36	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-03 04:06 . 2010-05-08 18:47	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-10-01 03:25 . 2011-10-12 18:09	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-12 18:09	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-08-27 05:37 . 2011-10-12 18:09	861696	----a-w-	c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-12 18:09	331776	----a-w-	c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-12 18:09	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-12 18:09	233472	----a-w-	c:\windows\SysWow64\oleacc.dll
2011-08-20 05:37 . 2011-10-12 18:10	1188864	----a-w-	c:\windows\system32\wininet.dll
2011-08-20 04:31 . 2011-10-12 18:09	981504	----a-w-	c:\windows\SysWow64\wininet.dll
2009-11-07 22:26 . 2009-11-07 22:26	223432	----a-w-	c:\program files (x86)\truecrypt.sys
2009-11-07 22:26 . 2009-11-07 22:26	222152	----a-w-	c:\program files (x86)\truecrypt-x64.sys
2009-11-07 22:26 . 2009-11-07 22:26	1559496	----a-w-	c:\program files (x86)\TrueCrypt Format.exe
2009-11-07 22:26 . 2009-11-07 22:26	1412552	----a-w-	c:\program files (x86)\TrueCrypt.exe
2009-11-07 19:46 . 2009-11-07 22:26	3358808	----a-w-	c:\program files (x86)\TrueCrypt Setup.exe
2007-02-22 19:08 . 2011-06-20 19:04	925696	----a-w-	c:\program files (x86)\GSpot.exe
2006-05-03 09:06	163328	--sh--r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47	31232	--sh--r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30	216064	--sh--r-	c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCWinTray"="c:\windows\Tray\wintmr.exe" [2010-03-26 5805216]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"DisplayFusion"="c:\program files (x86)\DisplayFusion\DisplayFusion.exe" [2011-10-02 2456992]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"ChicoSys"="c:\windows\SysWOW64\cc32\webtmr.exe" [2010-03-26 5558432]
"StartCCC"="c:\program files (x86)\ati\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5140960]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-02-15 417792]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-01-22 64048]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2010-12-11 274608]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Antestor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-11-8 113664]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2010-1-6 3581680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-11-8 113664]
hueyPROTray.lnk - c:\program files (x86)\Pantone\hueyPRO\hueyPROTray.exe [2009-11-15 1081344]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Scanner Finder.lnk - c:\program files (x86)\ScanWizard 5\ScannerFinder.exe [2009-11-13 315392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
R1 FreeOTFE;FreeOTFE;c:\windows\System32\FreeOTFE.sys [x]
R1 FreeOTFECypherAES_ltc;FreeOTFECypherAES_ltc;c:\windows\System32\FreeOTFECypherAES_ltc.sys [x]
R1 FreeOTFECypherBlowfish;FreeOTFECypherBlowfish;c:\windows\System32\FreeOTFECypherBlowfish.sys [x]
R1 FreeOTFECypherCAST5;FreeOTFECypherCAST5;c:\windows\System32\FreeOTFECypherCAST5.sys [x]
R1 FreeOTFECypherCAST6_Gladman;FreeOTFECypherCAST6_Gladman;c:\windows\System32\FreeOTFECypherCAST6_Gladman.sys [x]
R1 FreeOTFECypherDES;FreeOTFECypherDES;c:\windows\System32\FreeOTFECypherDES.sys [x]
R1 FreeOTFECypherMARS_Gladman;FreeOTFECypherMARS_Gladman;c:\windows\System32\FreeOTFECypherMARS_Gladman.sys [x]
R1 FreeOTFECypherRC6_ltc;FreeOTFECypherRC6_ltc;c:\windows\System32\FreeOTFECypherRC6_ltc.sys [x]
R1 FreeOTFECypherSerpent_Gladman;FreeOTFECypherSerpent_Gladman;c:\windows\System32\FreeOTFECypherSerpent_Gladman.sys [x]
R1 FreeOTFECypherTwofish_ltc;FreeOTFECypherTwofish_ltc;c:\windows\System32\FreeOTFECypherTwofish_ltc.sys [x]
R1 FreeOTFEHashMD;FreeOTFEHashMD;c:\windows\System32\FreeOTFEHashMD.sys [x]
R1 FreeOTFEHashRIPEMD;FreeOTFEHashRIPEMD;c:\windows\System32\FreeOTFEHashRIPEMD.sys [x]
R1 FreeOTFEHashSHA;FreeOTFEHashSHA;c:\windows\System32\FreeOTFEHashSHA.sys [x]
R1 FreeOTFEHashTiger;FreeOTFEHashTiger;c:\windows\System32\FreeOTFEHashTiger.sys [x]
R1 FreeOTFEHashWhirlpool;FreeOTFEHashWhirlpool;c:\windows\System32\FreeOTFEHashWhirlpool.sys [x]
R1 VD_FileDisk;VD_FileDisk; [x]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-01-08 2480048]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ATICDSDr;ATICDSDr;c:\users\Antestor\AppData\Local\Temp\ATICDSDr.sys [x]
R3 cpuz130;cpuz130;c:\users\Antestor\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 DIRECTIO;DIRECTIO;c:\program files (x86)\BurnInTest\DirectIo.sys [2008-03-19 15872]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 s0016bus;s0016bus;c:\windows\system32\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;s0016nd5;c:\windows\system32\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [x]
R3 s0016unic;s0016unic;c:\windows\system32\DRIVERS\s0016unic.sys [x]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 Wpeeomcynwn;Wpeeomcynwn; [x]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]
S1 CbrVidA;CbrVidA;c:\windows\system32\CbrVidA.sys [x]
S1 Jula.sys;Service for Juli@ Audio Driver EWDM;c:\windows\system32\DRIVERS\Jula.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 BralMiniServer Service;BralMiniServer Service;c:\program files (x86)\Common Files\BAUM Retec\BrailleServer\1.0\BralMiniSrv_Service.exe [2008-12-19 405504]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-01-22 563760]
S2 Windows-CCHook-Service;Windows-CCHook-Service;c:\windows\SysWOW64\cchservice.exe [2010-01-27 1595032]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 JulaWDM.sys;Service for Juli@ WDM;c:\windows\system32\DRIVERS\JulaWDM.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - Chico64
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 362032]
"Cobra_chkRDP"="c:\program files (x86)\BAUM Retec\COBRA\9.0\RegSetCobraRDP.exe" [2009-11-02 24576]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = 
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Free YouTube to MP3 Converter - c:\users\Antestor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {{1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - {0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} - c:\program files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Antestor\AppData\Roaming\Mozilla\Firefox\Profiles\yu5646sy.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: FoxyProxy Standard: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: FoxyProxy Basic: foxyproxy@eric.h.jung - %profile%\extensions\foxyproxy@eric.h.jung
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Easy YouTube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Fast Video Download (with SearchMenu): {c50ca3c4-5656-43c2-a061-13e717f73fc8} - %profile%\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
FF - Ext: Firefox Throttle: {ca8b7b3d-b6e6-438f-b935-601b3de48d66} - %profile%\extensions\{ca8b7b3d-b6e6-438f-b935-601b3de48d66}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-SansaDispatch - c:\users\Antestor\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
Wow6432Node-HKLM-Run-NWEReboot - (no file)
ShellExecuteHooks-{6979AAD7-86EE-481F-B591-152A33E86ECB} - (no file)
ShellExecuteHooks-{6979AAD7-86EE-481F-B591-152A33E86ECB} - (no file)
AddRemove-1489-3350-5074-6281 - z:\survive\plea\JDownloader\JDUninstall.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-CoreAAC Audio Decoder - c:\windows\system32\CoreAAC-uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3388136713-3722576333-1192773260-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{196B0BEB-6567-9F6B-84E9-B197BB30A38A}*]
"hakglljbkfdaamak"=hex:6b,61,66,67,64,67,6c,65,6c,70,69,63,63,65,62,6d,63,65,
   61,65,69,63,00,77
"iamfbjikkngcljobjb"=hex:6b,61,66,67,64,67,6c,65,6c,70,69,63,63,65,62,6d,63,65,
   61,65,69,63,00,00
"hapnjkdpohhaplab"=hex:62,63,6a,63,69,61,6f,6f,63,6c,63,61,6f,70,67,61,65,6c,
   70,70,67,6b,6d,64,61,6f,65,62,6c,70,6e,69,6a,65,66,6e,65,6a,6d,69,61,64,64,\
.
[HKEY_USERS\S-1-5-21-3388136713-3722576333-1192773260-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{71160731-4AF9-64C6-903B-52DAFCDAFF84}*]
"iacbncefjnbljcajje"=hex:6a,61,62,6b,68,67,67,6c,6f,6a,6e,6f,66,64,64,6b,6b,6b,
   61,6b,00,00
"hamapbjomjglolaf"=hex:6a,61,62,6b,68,67,67,6c,6f,6a,6e,6f,66,64,64,6b,6b,6b,
   61,6b,00,01
"hahhjgkliidphlnb"=hex:62,63,6e,6d,61,64,70,6b,61,66,70,62,6d,66,6d,66,62,6d,
   63,6e,67,62,69,70,65,66,68,66,67,69,6c,69,6f,68,6b,66,6f,63,65,6f,64,61,66,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{196B0BEB-6567-9F6B-84E9-B197BB30A38A}\InProcServer32*]
"jagfonebidcknlfencel"=hex:6b,61,66,67,64,67,6c,65,6c,70,69,63,63,65,62,6d,63,
   65,61,65,69,63,00,77
"iagfengapjlckhhmoc"=hex:6b,61,66,67,64,67,6c,65,6c,70,69,63,63,65,62,6d,63,65,
   61,65,69,63,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{71160731-4AF9-64C6-903B-52DAFCDAFF84}\InProcServer32*]
"jaabcagfbbipbepjijcd"=hex:6a,61,62,6b,68,67,67,6c,6f,6a,6e,6f,66,64,64,6b,6b,
   6b,61,6b,00,00
"iaabiamhlimaikophh"=hex:6a,61,62,6b,68,67,67,6c,6f,6a,6e,6f,66,64,64,6b,6b,6b,
   61,6b,00,fe
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-11-16  20:59:29
ComboFix-quarantined-files.txt  2011-11-16 19:59
.
Vor Suchlauf: 17 Verzeichnis(se), 12.242.923.520 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 12.117.315.584 Bytes frei
.
- - End Of File - - 8033300E5004307BABFAF015A3950082
         
Viele Grüße
Antestor

Alt 16.11.2011, 21:47   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles - Standard

Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Regnull::
[HKEY_USERS\S-1-5-21-3388136713-3722576333-1192773260-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{196B0BEB-6567-9F6B-84E9-B197BB30A38A}*]

Driver::
Wpeeomcynwn
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles
0x00000001, 7-zip, antivir, avira, bho, bonjour, c:\windows\system32\rundll32.exe, converter, cubase, dateien gelöscht, desktop, downloader, eraser, error, excel, fehler, firefox, free download, home, jdownloader, langs, logfile, malware, mozilla thunderbird, mp3, nicht gefunden, nodrives, popup, realtek, recuva, registry, registry cleaner, richtlinie, rundll, scr-datei, security, shortcut, software, starten, studio, super, trojaner, usb, version=1.0, webcheck, windows, youtube downloader



Ähnliche Themen: Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles


  1. Trojaner TR/Gendal
    Log-Analyse und Auswertung - 30.10.2011 (7)
  2. Trojaner TR/Gendal.4987692 "amcap.exe" setzt Internetverbindung lahm!
    Plagegeister aller Art und deren Bekämpfung - 05.10.2011 (5)
  3. R/Gendal.KD.292984 in der Datei Recycle.Bin.exe
    Plagegeister aller Art und deren Bekämpfung - 03.08.2011 (3)
  4. backdoor Gendal auf PC, gibts Möglichkeit wie datei auf system kam
    Plagegeister aller Art und deren Bekämpfung - 13.10.2010 (9)
  5. backdoor Gendal auf PC, gibts Möglichkeit wie datei auf system kam
    Diskussionsforum - 12.10.2010 (5)
  6. Trojaner TR/Gendal gefunden und mit OTL gesvannt
    Plagegeister aller Art und deren Bekämpfung - 03.10.2010 (1)
  7. TR/Gendal.562176.A / WORM/Autorun.bcvt / SPR/KKFinder.CE.2
    Log-Analyse und Auswertung - 27.09.2010 (7)
  8. Autorun blockiert C:\autorun.inf frisches System
    Plagegeister aller Art und deren Bekämpfung - 30.08.2010 (6)
  9. Autorun.inf Datei auf dem Mp3 Player & Adware.Agent auf dem Pc
    Log-Analyse und Auswertung - 10.08.2010 (16)
  10. Trojaner Tr/Gendal. 35888 gefunden-was tun???
    Log-Analyse und Auswertung - 05.08.2010 (19)
  11. Trojaner TR/Gendal.45271
    Plagegeister aller Art und deren Bekämpfung - 27.07.2010 (1)
  12. "autorun.inf ist der Trojaner: TR/Autorun.TE" Meldung beim Anschluss eines USB Sticks
    Plagegeister aller Art und deren Bekämpfung - 21.03.2010 (19)
  13. autorun.inf - TR/Autorun.SJ.1 Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (1)
  14. TROJANER Flut! W32/Delf.EKEH, INI/AutoRun.CYI, WSCommCntr1.exe, BAT/Autorun.IZJ
    Plagegeister aller Art und deren Bekämpfung - 06.11.2009 (3)
  15. autorun.inf: Trojan.Autorun-271 FOUND - USB-Stick
    Log-Analyse und Auswertung - 11.03.2009 (1)
  16. Trojaner TR/Gendal.2001550 Fund!
    Plagegeister aller Art und deren Bekämpfung - 21.07.2008 (1)
  17. "Krepper.3" in CAB-Datei: HijackThis & AntiVir-LogFiles
    Log-Analyse und Auswertung - 24.01.2005 (2)

Zum Thema Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles - Gestern schlug Antivir bei mir Alarm. Auf 3 Partitionen wurde jeweils die Datei pcwelt.scr gefunden, die angeblich den Trojaner TR/Gendal.2.4609 enthält. Im selben Verzeichnis war eine autorun.inf, die die Dateien - Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles...
Archiv
Du betrachtest: Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.