| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Cannot load hotkey.sys UND Windows sicherheitscenter nicht zu startenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.02.2013, 23:22
| #1 |
| |  Cannot load hotkey.sys UND Windows sicherheitscenter nicht zu starten Habe mir einen Virus eingefangen (der sofort eine Polizei Seite anzeigt, zur Zahlung auffordert und alls sperrt). Habe den Namen leider vergessen. Selbst im abgesicherten Modus trat der fehler auf. Bei einigen Reboot veruchen, konnte ich den installieretn 'Spyhunter' starten und die Malware wurde offensichtlich erkannt und beseitigt. Nach dem reboot lief fast alles wie sonst, außer : 1.) Es kommt die Meldung "Cannot load hotkey.sys". Was man aber mit 3x OK wegdrücken kann. Im www habe ich keine einfache Lösung gefunden. 2.) In der Message line erscheint die Fahne mit rotem Kreuz : Das Windows Sicherheitscenter ist nicht gestartet. Und kann auch nicht gestartet werden. Die Lösung der PC Welt funktioniert leider auch nicht. Möchte euch daher um Hilfe bitten. Habe die logs mit OTL erstellt |
|
18.02.2013, 23:23
| #2 |
| /// Malware-holic   | Cannot load hotkey.sys UND Windows sicherheitscenter nicht zu starten Hi
__________________und wo sind sie? + spyhunter fundmeldungen mit Pfadangabe als text
__________________ |
|
18.02.2013, 23:26
| #3 |
| | Cannot load hotkey.sys UND Windows sicherheitscenter nicht zu starten Habe keine stelle gefunden um die logfiles einzufügen !!!
__________________Wo finde ich die spyhunter logs ?? Jetzt der Versuch den 'Log-Text' einfach zu pasten....OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.02.2013 22:54:52 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,43 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 68,75% Memory free 6,85 Gb Paging File | 5,75 Gb Available in Paging File | 83,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,79 Gb Total Space | 48,07 Gb Free Space | 43,00% Space Free | Partition Type: NTFS Computer Name: MANFREDPORAK-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\***\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe () PRC - C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () PRC - c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\devolo\dlan\devolonetsvc.exe (devolo AG) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20100519-1632\soffice.exe () PRC - C:\Programme\Launch Manager\WButton.exe (Wistron Corp.) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\ProgramData\DNSErrorHelper\bho.dll () MOD - C:\Windows\System32\IccLibDll.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20100519-1632\udkservice1.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20100519-1632\sal3.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20100519-1632\xerces-depdom_2_6.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20100519-1632\uwinapi.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20100519-1632\vos3MSC.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20100519-1632\xslt4cMessages_1_7_0.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20100519-1632\log4pt.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20100519-1632\reg3.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20100519-1632\jvmaccess3MSC.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20100519-1632\proxyset.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20100519-1632\rmcxt3.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20100519-1632\basicservice.uno.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20100519-1632\emser645mi.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20100519-1632\svt645mi.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20100519-1632\ucpchelp1.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20100519-1632\vcl645mi.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20100519-1632\tk645mi.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20100519-1632\so645mi.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20100519-1632\xcr645mi.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20100519-1632\sb645mi.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20100519-1632\i18npool645mi.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20100519-1632\sax.uno.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20100519-1632\go645mi.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.framework.win32_3.5.0.20100519-1632\svx645mi.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.framework.win32_3.5.0.20100519-1632\sfx645mi.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.framework.win32_3.5.0.20100519-1632\ofa645mi.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20100519-1632\soffice.exe () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20100519-1632\desktp645mi.dll () MOD - C:\Programme\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20100519-1632\oleautobridge.uno.dll () ========== Services (SafeList) ========== SRV - (AddonsHelper) -- C:\Users\***\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe () SRV - (SearchAnonymizer) -- C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (DevoloNetworkService) -- C:\Programme\devolo\dlan\devolonetsvc.exe (devolo AG) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PassThru Service) -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (Lotus Notes Diagnostics) -- C:\Programme\IBM\Lotus\Notes\nsd.exe (IBM) SRV - (UNS) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MpKsl4010e772) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{40707E0F-B9BF-4C7B-84AC-C3DC9C3C2EA1}\MpKsl4010e772.sys (Microsoft Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (NPF_devolo) -- C:\Windows\System32\drivers\npf_devolo.sys (CACE Technologies) DRV - (esgiguard) -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys () DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation) DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation) DRV - (wcndis) -- C:\Windows\System32\drivers\wcndis.sys () DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1223179397-588410523-350287256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-1223179397-588410523-350287256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKU\S-1-5-21-1223179397-588410523-350287256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1223179397-588410523-350287256-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.de/ IE - HKU\S-1-5-21-1223179397-588410523-350287256-1000\..\SearchScopes,DefaultScope = {C974074C-D796-48BA-B11B-484090A8DF29} IE - HKU\S-1-5-21-1223179397-588410523-350287256-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=d0d8608e-588f-424c-bd40-c082a70966b1&pid=freewarede&k=0 IE - HKU\S-1-5-21-1223179397-588410523-350287256-1000\..\SearchScopes\{C974074C-D796-48BA-B11B-484090A8DF29}: "URL" = hxxp://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F713D7B7365617263685465726D737D26726C7A3D314937414446415F6465&st={searchTerms}&clid=d0d8608e-588f-424c-bd40-c082a70966b1&pid=freewarede&k=0 IE - HKU\S-1-5-21-1223179397-588410523-350287256-1000\..\SearchScopes\{D0726E46-C7B9-4ABD-920F-9D42538A0508}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?anonymto=687474703A2F2F64652E77696B6970656469612E6F72672F772F696E6465782E7068703F7469746C653D5370657A69616C3A5375636865267365617263683D7B7365617263685465726D737D&st={searchTerms}&clid=d0d8608e-588f-424c-bd40-c082a70966b1&pid=freewarede&k=0 IE - HKU\S-1-5-21-1223179397-588410523-350287256-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..network.proxy.type: 0 FF - prefs.js..browser.startup.homepage: "hxxp://de.search.yahoo.com/web?fr=vc_trans_de_8197&type=ds2hp&d" FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.selectedEngine: "Search" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\dnshelp@dnshelp.com: C:\Users\***\AppData\Roaming\Helper [2013.02.18 17:27:21 | 000,000,000 | ---D | M] [2011.09.12 13:58:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.07.10 16:42:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1mlflynq.default\extensions [2012.07.10 16:42:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1mlflynq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2013.02.18 17:27:21 | 000,002,080 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\1mlflynq.default\searchplugins\7614b76c-6f50-43fe-b402-04d686c3e25b.xml [2013.02.18 17:32:56 | 000,002,080 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\1mlflynq.default\searchplugins\8771f98e-e53b-4755-a730-6081d8191ffd.xml [2013.02.18 17:27:15 | 000,002,188 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\1mlflynq.default\searchplugins\{0EA27343-18E3-47F9-BEED-389E0571EB50}.xml [2013.02.18 17:27:15 | 000,024,039 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\1mlflynq.default\searchplugins\{68F2A811-633B-4BB4-B751-DA1F5E0911D9}.xml [2013.02.18 17:27:15 | 000,002,077 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\1mlflynq.default\searchplugins\{6C66445A-A433-4876-AC6A-CCB741962A38}.xml [2013.02.18 17:27:15 | 000,001,870 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\1mlflynq.default\searchplugins\{79008563-F910-49AD-BC7C-D08116B7E909}.xml [2013.02.18 17:27:15 | 000,002,522 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\1mlflynq.default\searchplugins\{E87CF541-A527-45A0-967B-45DB109D6C06}.xml [2013.02.18 17:27:15 | 000,001,094 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\1mlflynq.default\searchplugins\{EAAC75F4-51B9-41A2-8D2B-FB35B9C2A2EA}.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://de.search.yahoo.com/web?fr=vc_trans_de_8197&type=ds2hp&d CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: No name found = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (DNS Error Helper) - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll () O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Ocs_SM] C:\Users\***\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20100519-1632\preload.exe () O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-1223179397-588410523-350287256-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-1223179397-588410523-350287256-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1223179397-588410523-350287256-1000\..Trusted Domains: blank ([]about in Local intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/AT/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{142F2D10-AFAC-4319-8B97-F2F9242E1639}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{550500B5-3829-4243-93C4-E08B690AD997}: DhcpNameServer = 61.177.7.1 218.104.32.106 168.95.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DC2FCE8-0569-4A74-A36B-EAC50F15EC90}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9300F5B6-087D-496A-B2B7-64EACD8EE4BC}: DhcpNameServer = 192.168.42.129 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.10.24 07:27:21 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.18 19:34:13 | 000,000,000 | ---D | C] -- C:\Users\***\EasternGraphics [2013.02.18 19:34:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\{59E3981A-853B-4024-80E5-72FC64DF4CB7} [2013.02.18 19:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\EasternGraphics [2013.02.18 19:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\EasternGraphics [2013.02.18 19:18:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apps [2013.02.18 17:55:39 | 000,118,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msadodc.ocx [2013.02.18 17:55:39 | 000,000,000 | ---D | C] -- C:\MEINHAUSPLANER [2013.02.18 17:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BAUSET [2013.02.18 17:55:38 | 001,046,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet35.dll [2013.02.18 17:55:38 | 000,415,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl35.dll [2013.02.18 17:55:38 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbar332.dll [2013.02.18 17:55:38 | 000,287,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msxbse35.dll [2013.02.18 17:55:38 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd2x35.dll [2013.02.18 17:55:38 | 000,250,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mspdox35.dll [2013.02.18 17:55:38 | 000,250,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msexcl35.dll [2013.02.18 17:55:38 | 000,182,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ddao35.dll [2013.02.18 17:55:38 | 000,166,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msltus35.dll [2013.02.18 17:55:38 | 000,165,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mstext35.dll [2013.02.18 17:55:38 | 000,148,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjint35.dll [2013.02.18 17:55:38 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjter35.dll [2013.02.18 17:55:37 | 002,369,456 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v13.4.2.ocx [2013.02.18 17:55:37 | 001,370,032 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.ReportControl.v13.4.2.ocx [2013.02.18 17:55:37 | 001,369,264 | ---- | C] (FarPoint Technologies, Inc.) -- C:\Windows\System32\FPSPR70.ocx [2013.02.18 17:55:37 | 001,276,088 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.CommandBars.v10.1.ocx [2013.02.18 17:55:37 | 000,882,608 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.TaskPanel.v13.4.2.ocx [2013.02.18 17:55:37 | 000,598,016 | ---- | C] (Key Company) -- C:\Windows\System32\KeyTV3.ocx [2013.02.18 17:55:37 | 000,460,984 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.ReportControl.v10.1.ocx [2013.02.18 17:55:37 | 000,338,104 | ---- | C] (Codejock Software) -- C:\Windows\System32\Codejock.TaskPanel.v10.1.ocx [2013.02.18 17:55:37 | 000,167,176 | ---- | C] (/n software inc. - www.nsoftware.com) -- C:\Windows\System32\ftps60.ocx [2013.02.18 17:55:36 | 000,595,968 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\Resizer.dll [2013.02.18 17:55:36 | 000,220,160 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltvid12n.ocx [2013.02.18 17:55:36 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\System32\PCDLIB32.DLL [2013.02.18 17:55:36 | 000,187,904 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\ResizerPPG.ocx [2013.02.18 17:55:36 | 000,182,272 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltvid12n.dll [2013.02.18 17:55:36 | 000,176,128 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltcap12n.ocx [2013.02.18 17:55:36 | 000,160,256 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltnet12n.ocx [2013.02.18 17:55:36 | 000,132,608 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\ResizableControl.dll [2013.02.18 17:55:36 | 000,102,400 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfmpg12n.dll [2013.02.18 17:55:36 | 000,089,088 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfjbg12n.dll [2013.02.18 17:55:36 | 000,084,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lffpx12n.dll [2013.02.18 17:55:36 | 000,063,488 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfplt12n.dll [2013.02.18 17:55:36 | 000,062,464 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltnet12n.dll [2013.02.18 17:55:36 | 000,058,880 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfcgm12n.dll [2013.02.18 17:55:36 | 000,058,880 | ---- | C] (KL Group Inc.) -- C:\Windows\System32\ResizableControlPPG.ocx [2013.02.18 17:55:36 | 000,053,248 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltcap12n.dll [2013.02.18 17:55:36 | 000,047,616 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfdgn12n.dll [2013.02.18 17:55:36 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpcd12n.dll [2013.02.18 17:55:35 | 000,482,816 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfdwf12n.dll [2013.02.18 17:55:35 | 000,181,248 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfpng12n.dll [2013.02.18 17:55:35 | 000,141,312 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFTIF12n.DLL [2013.02.18 17:55:35 | 000,139,264 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfdxf12n.dll [2013.02.18 17:55:35 | 000,067,584 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfdwg12N.dll [2013.02.18 17:55:35 | 000,060,416 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfpct12n.dll [2013.02.18 17:55:35 | 000,049,664 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfwmf12n.dll [2013.02.18 17:55:35 | 000,047,104 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfXpm12n.dll [2013.02.18 17:55:35 | 000,046,080 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lfdrw12n.dll [2013.02.18 17:55:35 | 000,045,568 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfXbm12n.dll [2013.02.18 17:55:35 | 000,038,912 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfflc12n.dll [2013.02.18 17:55:35 | 000,036,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpsd12n.dll [2013.02.18 17:55:35 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lflmb12n.dll [2013.02.18 17:55:35 | 000,031,232 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFPNM12n.dll [2013.02.18 17:55:35 | 000,029,184 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lflma12n.dll [2013.02.18 17:55:35 | 000,028,672 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfclp12n.dll [2013.02.18 17:55:35 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfiff12n.dll [2013.02.18 17:55:35 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfxwd12n.dll [2013.02.18 17:55:35 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfpcx12n.dll [2013.02.18 17:55:35 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfani12n.dll [2013.02.18 17:55:35 | 000,021,504 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfCUT12n.dll [2013.02.18 17:55:35 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfwpg12n.dll [2013.02.18 17:55:35 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lftga12n.dll [2013.02.18 17:55:35 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfimg12n.dll [2013.02.18 17:55:35 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfwfx12n.dll [2013.02.18 17:55:35 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfitg12n.dll [2013.02.18 17:55:35 | 000,019,456 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfras12n.dll [2013.02.18 17:55:35 | 000,019,456 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfmsp12n.dll [2013.02.18 17:55:35 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfmac12n.dll [2013.02.18 17:55:34 | 000,358,912 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFCMP12n.DLL [2013.02.18 17:55:34 | 000,340,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTDLG12n.ocx [2013.02.18 17:55:34 | 000,326,656 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltvec12n.ocx [2013.02.18 17:55:34 | 000,307,712 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTDLG12n.dll [2013.02.18 17:55:34 | 000,259,584 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTDIS12n.dll [2013.02.18 17:55:34 | 000,215,552 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lvkrn12n.dll [2013.02.18 17:55:34 | 000,208,384 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTEFX12n.dll [2013.02.18 17:55:34 | 000,176,128 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltlst12n.ocx [2013.02.18 17:55:34 | 000,164,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTIMG12n.dll [2013.02.18 17:55:34 | 000,158,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\Lvdlg12n.dll [2013.02.18 17:55:34 | 000,140,288 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lttmb12n.ocx [2013.02.18 17:55:34 | 000,131,072 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTFIL12n.dll [2013.02.18 17:55:34 | 000,094,208 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltodb12n.ocx [2013.02.18 17:55:34 | 000,073,728 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LFFAX12n.DLL [2013.02.18 17:55:34 | 000,049,152 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\ltlst12n.dll [2013.02.18 17:55:34 | 000,048,128 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfica12n.dll [2013.02.18 17:55:34 | 000,037,888 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfeps12n.dll [2013.02.18 17:55:34 | 000,035,840 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTTWN12n.dll [2013.02.18 17:55:34 | 000,035,840 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfcal12n.dll [2013.02.18 17:55:34 | 000,035,328 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfgif12n.dll [2013.02.18 17:55:34 | 000,032,256 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lttmb12n.dll [2013.02.18 17:55:34 | 000,030,720 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfbmp12n.dll [2013.02.18 17:55:34 | 000,023,040 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfawd12n.dll [2013.02.18 17:55:34 | 000,018,944 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\lfavi12n.dll [2013.02.18 17:55:33 | 000,848,376 | ---- | C] (APEX Software Corporation) -- C:\Windows\System32\tdbl6.ocx [2013.02.18 17:55:33 | 000,801,464 | ---- | C] (APEX Software Corporation) -- C:\Windows\System32\tdbg6.ocx [2013.02.18 17:55:33 | 000,630,272 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTOCX12n.ocx [2013.02.18 17:55:33 | 000,406,048 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedZip.dll [2013.02.18 17:55:33 | 000,388,096 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\System32\LTKRN12n.dll [2013.02.18 17:55:33 | 000,242,144 | ---- | C] (Apex Software Corporation) -- C:\Windows\System32\tdbgpp.dll [2013.02.18 17:55:33 | 000,106,984 | ---- | C] (Apex Software Corporation) -- C:\Windows\System32\xarraydb.ocx [2013.02.18 17:55:31 | 000,851,420 | ---- | C] (Seagate Software, Inc.) -- C:\Windows\System32\crystl32.ocx [2013.02.18 17:55:31 | 000,270,336 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2sodbc.dll [2013.02.18 17:55:31 | 000,147,456 | ---- | C] (Seagate Software, Inc) -- C:\Windows\System32\p2smon.dll [2013.02.18 17:55:31 | 000,094,208 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2sevt.dll [2013.02.18 17:55:31 | 000,094,208 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2bdao.dll [2013.02.18 17:55:31 | 000,061,440 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2irdao.dll [2013.02.18 17:55:31 | 000,053,248 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2ctdao.dll [2013.02.18 17:55:31 | 000,036,864 | ---- | C] (Seagate Software, Inc) -- C:\Windows\System32\p3smnde.dll [2013.02.18 17:55:31 | 000,036,864 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p3sodde.dll [2013.02.18 17:55:31 | 000,036,864 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p3sevde.dll [2013.02.18 17:55:31 | 000,024,576 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p3rdode.dll [2013.02.18 17:55:31 | 000,024,576 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p3ddode.dll [2013.02.18 17:55:31 | 000,023,040 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p2bbnd.dll [2013.02.18 17:55:31 | 000,020,480 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p3tdode.dll [2013.02.18 17:55:31 | 000,004,096 | ---- | C] (Seagate Software Information Management Group, Inc.) -- C:\Windows\System32\p3dbdde.dll [2013.02.18 17:55:31 | 000,000,000 | ---D | C] -- C:\Windows\Crystal [2013.02.18 17:55:30 | 005,550,080 | ---- | C] (Seagate Software, Inc.) -- C:\Windows\System32\craxdrt.dll [2013.02.18 17:55:30 | 005,337,088 | ---- | C] (Seagate Software, Inc.) -- C:\Windows\System32\crpe32.dll [2013.02.18 17:55:30 | 000,745,472 | ---- | C] (Seagate Software, Inc.) -- C:\Windows\System32\crpe32_res_de.dll [2013.02.18 17:55:30 | 000,618,496 | ---- | C] (Seagate Software) -- C:\Windows\System32\crpaig80.dll [2013.02.18 17:55:30 | 000,544,768 | ---- | C] (Seagate Software, Inc.) -- C:\Windows\System32\exlate32.dll [2013.02.18 17:55:30 | 000,507,904 | ---- | C] (Seagate Software) -- C:\Windows\System32\crviewer.dll [2013.02.18 17:55:30 | 000,442,368 | ---- | C] (Seagate Software, Inc) -- C:\Windows\System32\cpeaut32.dll [2013.02.18 17:55:30 | 000,040,960 | ---- | C] (Seagate Software, Inc) -- C:\Windows\System32\cdo32.dll [2013.02.18 17:55:29 | 000,525,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DBGrid32.ocx [2013.02.18 17:55:29 | 000,414,944 | ---- | C] (Microsoft Corporation ) -- C:\Windows\System32\Comct332.ocx [2013.02.18 17:55:29 | 000,299,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDBRPTR.DLL [2013.02.18 17:55:29 | 000,262,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDatGrd.ocx [2013.02.18 17:55:29 | 000,244,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsFlxGrd.ocx [2013.02.18 17:55:29 | 000,200,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DBList32.ocx [2013.02.18 17:55:29 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ComDlg32.ocx [2013.02.18 17:55:29 | 000,103,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMM32.OCX [2013.02.18 17:55:29 | 000,099,866 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB5DE.dll [2013.02.18 17:55:29 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Vb5db.dll [2013.02.18 17:55:29 | 000,082,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PicClp32.ocx [2013.02.18 17:55:29 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSBIND.DLL [2013.02.18 17:55:29 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FlxGdDE.dll [2013.02.18 17:55:29 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RchTxDE.dll [2013.02.18 17:55:29 | 000,035,328 | ---- | C] (Apex Software Corporation) -- C:\Windows\System32\DBGrdDE.dll [2013.02.18 17:55:29 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CmDlgDE.dll [2013.02.18 17:55:29 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DBLstDE.dll [2013.02.18 17:55:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSComDE.dll [2013.02.18 17:55:28 | 000,645,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mscomct2.ocx [2013.02.18 17:55:28 | 000,198,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mci32.ocx [2013.02.18 17:55:28 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mscc2de.dll [2013.02.18 17:55:28 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC42LOC.DLL [2013.02.18 17:27:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Helper [2013.02.18 17:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\DNSErrorHelper [2013.02.18 17:27:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon [2013.02.18 17:27:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera [2013.02.18 17:27:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OCS [2013.02.15 18:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced Fix 2012 [2013.02.15 17:57:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.02.15 17:57:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.02.15 17:57:56 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.02.15 17:57:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.02.15 17:57:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.02.15 17:57:55 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.02.15 17:57:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.02.15 17:57:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.02.15 17:55:09 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.02.15 17:55:09 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.02.15 17:55:08 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.02.15 17:55:05 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2013.02.15 17:55:05 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.02.15 17:17:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SpeedyPC Software [2013.02.15 17:17:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DriverCure [2013.02.15 17:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software [2013.02.15 16:45:23 | 000,000,000 | ---D | C] -- C:\Medion [2013.02.14 10:34:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.01.30 01:10:36 | 000,000,000 | ---D | C] -- C:\sh4ldr [2013.01.24 15:37:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\20-20 Technologies [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ] [1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.18 22:54:14 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.18 22:54:14 | 000,010,096 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.18 22:47:18 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.18 22:47:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.18 22:40:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.18 20:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.18 18:00:06 | 000,000,089 | ---- | M] () -- C:\Windows\System32\MSBII.dll [2013.02.18 17:27:18 | 000,067,584 | ---- | M] () -- C:\Windows\System32\kbenec95.exe [2013.02.16 13:10:17 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.02.15 18:03:22 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.02.15 18:03:22 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.02.15 18:01:32 | 000,405,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.02.15 17:56:19 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.02.15 17:56:19 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.02.15 17:56:19 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.02.15 17:56:19 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.02.14 00:49:28 | 000,063,999 | ---- | M] () -- C:\spyhunter.fix [2013.02.13 23:35:19 | 095,023,320 | ---- | M] () -- C:\ProgramData\1433281.pad [2013.01.30 11:53:21 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2013.01.30 01:11:15 | 000,008,192 | ---- | M] () -- C:\shldr.mbr [2013.01.30 01:10:38 | 000,002,262 | ---- | M] () -- C:\Users\***\Desktop\SpyHunter.lnk [2013.01.20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\***\Documents\*.tmp files -> C:\Users\***\Documents\*.tmp -> ] [1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.18 18:00:06 | 000,000,089 | ---- | C] () -- C:\Windows\System32\MSBII.dll [2013.02.18 17:55:37 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NumX.ocx [2013.02.18 17:55:37 | 000,032,768 | ---- | C] () -- C:\Windows\System32\WKAuxil.dll [2013.02.18 17:55:36 | 000,338,944 | ---- | C] () -- C:\Windows\System32\lffpx7.dll [2013.02.18 17:55:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\lfkodak.dll [2013.02.18 17:55:29 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll [2013.02.18 17:55:29 | 000,005,807 | ---- | C] () -- C:\Windows\System32\MSCALDEU.TLB [2013.02.18 17:55:28 | 003,782,416 | ---- | C] () -- C:\Windows\System32\mso97.dll [2013.02.18 17:27:18 | 000,067,584 | ---- | C] () -- C:\Windows\System32\kbenec95.exe [2013.02.13 23:48:28 | 000,063,999 | ---- | C] () -- C:\spyhunter.fix [2013.02.13 23:12:34 | 095,023,320 | ---- | C] () -- C:\ProgramData\1433281.pad [2012.10.24 15:26:20 | 000,000,000 | ---- | C] () -- C:\Windows\PhotoNow.INI [2012.07.06 14:46:47 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad [2012.06.27 14:07:49 | 000,000,051 | ---- | C] () -- C:\Users\***\AppData\Roaming\blckdom.res [2012.06.22 11:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys [2012.06.17 15:50:05 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.01.17 16:48:26 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2012.01.10 20:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll [2012.01.10 20:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2011.08.31 19:46:18 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin [2011.08.31 19:46:12 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin [2011.08.31 19:46:10 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin [2011.08.31 19:13:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll [2011.01.27 12:09:21 | 000,006,144 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.15 14:32:35 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010.08.15 10:20:35 | 000,037,322 | ---- | C] () -- C:\Users\***\install.xml ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.11.19 11:59:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\7-PDFSplitMerge [2010.12.26 15:11:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis [2011.06.06 15:50:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Arendi [2013.02.18 17:27:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon [2010.12.19 15:11:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dream Aquarium [2013.02.15 17:17:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DriverCure [2012.07.10 16:43:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.07.10 16:42:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.17 15:33:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeCDRipper [2010.11.15 12:28:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFileSync [2012.01.17 16:42:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo [2012.10.23 15:14:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\hellomoto [2011.06.06 15:57:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Itsth [2012.06.27 14:07:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock [2010.11.22 10:02:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leawo [2012.10.25 13:33:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2010.09.14 13:33:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mquadr.at [2012.12.03 20:39:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer [2013.02.18 17:27:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OCS [2013.02.18 17:27:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2011.06.30 15:12:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Outlook [2011.11.28 08:32:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SmartTools [2013.02.15 17:17:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SpeedyPC Software [2012.02.01 08:40:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2012.06.27 14:13:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs [2012.06.27 14:07:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm ========== Purity Check ========== < End of report > Geändert von mp10088 (18.02.2013 um 23:45 Uhr) |
|
18.02.2013, 23:28
| #4 |
| /// Malware-holic | Cannot load hotkey.sys UND Windows sicherheitscenter nicht zu starten spyhunter nutze ich nicht, einfach mal durchklicken. einfach die logs reinkopieren und absenden wenn zu groß, packen und hochladen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Cannot load hotkey.sys UND Windows sicherheitscenter nicht zu starten |
| abgesicherten, eingefangen, erkannt, erstell, erstellt, fehler, funktioniert, gen, hotkey.sys, lösung, malware, meldung, message, modus, namen, not, reboot, seite, sicherheitscenter, sicherheitscenter deaktiviert, sofort, sperrt, starte, starten, virus, windows, zahlung |
Linear-Darstellung
