Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.03.2013, 18:03   #1
Penntuete
 
Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) - Unglücklich

Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)



Hi!

Habe schon seit längerem das Problem, dass auf meinem Laptop im Ordner C:\Users\NAME\AppData immer wieder ein Virus von Avira AntiVir gemeldet wird. Die letzten beiden Meldungen waren z.B.:

In der Datei C:\User\NAME\AppData\LocalLow\...\95f8fc4-2af0db09 wurde ein Virus oder unerwünschtes Programm 'EXP/CVE-2012-0507.DD' gefunden.

und:

In der Datei C:\User\NAME\AppData\Local\bardydeab.exe wurde ein Virus oder unerwünschtes Programm ‘TR/Winwebsec.AJ.14’ gefunden.


Ich kann die Dateien zwar löschen, aber nach einiger Zeit kommt dann eine neue Meldung von AntiVir mit einem neuen Virus.

Habe schonmal rumgestöbert und gelesen, dass der Virus öfter vorkommt. Habe aber nichts gefunden, wie ich ihn jetzt einfach so löschen könnte ohne genaue Anleitung. Habe auch gelesen, dass der Virus harmlos sein soll, aber mit der Zeit nervt es einfach und weil jetzt auch noch meine Firewall irgendwie gelöscht wurde, wollte ich das jetzt doch mal beheben.


Habe jetzt defogger ausgeführt und mir von OTL die folgende OTL.txt Datei erstellen lassen:









OTL logfile created on: 24.03.2013 16:14:04 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\aläx\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,85 Gb Available Physical Memory | 71,30% Memory free
7,99 Gb Paging File | 6,63 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,56 Gb Total Space | 220,98 Gb Free Space | 77,66% Space Free | Partition Type: NTFS
Drive D: | 13,23 Gb Total Space | 2,21 Gb Free Space | 16,67% Space Free | Partition Type: NTFS
Drive E: | 435,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 931,51 Gb Total Space | 562,59 Gb Free Space | 60,40% Space Free | Partition Type: NTFS

Computer Name: ALÄX-PC | User Name: aläx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\Programme\WTGService.exe
PRC - [2013.03.24 15:30:28 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe
PRC - [2013.03.24 15:23:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aläx\Desktop\OTL.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- F:\Spiele\hamachi\hamachi-2-ui.exe
PRC - [2011.07.04 15:17:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 18:30:19 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.09.02 22:25:33 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.08.02 16:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.08 18:05:12 | 000,160,992 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
PRC - [2010.07.08 18:05:08 | 000,145,120 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe
PRC - [2008.03.13 03:59:05 | 000,684,032 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe


========== Modules (No Company Name) ==========

MOD - [2008.03.13 03:59:05 | 000,684,032 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe


========== Services (SafeList) ==========

SRV:64bit: - [2009.07.22 02:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.07.08 13:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009.07.02 19:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.03.02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - File not found [Auto | Running] -- C:\Programme\WTGService.exe -- (WTGService)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- F:\Spiele\hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.07.04 15:17:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 18:30:19 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.02 22:25:33 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.07.08 18:05:08 | 000,145,120 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.22 02:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.03.02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2009.02.22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.22 11:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012.01.11 07:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011.10.19 16:04:54 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV:64bit: - [2011.07.04 15:17:15 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.04 15:17:15 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.04.27 03:25:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2010.04.27 03:25:14 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus)
DRV:64bit: - [2010.04.27 03:25:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV:64bit: - [2009.10.16 01:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009.09.22 02:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.22 02:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.07.21 04:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.07.15 00:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.08 13:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009.07.08 13:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009.07.02 19:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 11:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.05.23 07:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.05 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.04.29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.09 06:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.02.03 16:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01)
DRV:64bit: - [2007.02.08 18:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02)
DRV:64bit: - [2006.06.14 15:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2010.06.14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.07.24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2C7072CC-3B6A-4D18-856D-F60EF665414F}
IE:64bit: - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {2C7072CC-3B6A-4D18-856D-F60EF665414F}
IE - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109980&babsrc=SP_ss&mntrId=1c81958b000000000000904ce520160f
IE - HKCU\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{47522523-F1B8-4B63-9EC9-15807E0E8449}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{5585AEC1-CE42-4BAE-A3BC-9DF54F6B9FD3}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{8973871B-05D6-44D3-BA13-14C8C276662C}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{B1A44835-B2AC-49D9-8D8F-7629C6832589}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.kicker.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: gencrawler@some.com:2.0
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?AF=109980&babsrc=adbartrp&mntrId=1c81958b000000000000904ce520160f&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.19 02:59:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.19 02:59:29 | 000,000,000 | ---D | M]

[2010.02.05 21:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aläx\AppData\Roaming\mozilla\Extensions
[2010.08.11 16:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\a4aqqrd9.default\extensions
[2010.08.11 16:39:59 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\a4aqqrd9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.08.05 22:09:43 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\a4aqqrd9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013.03.19 03:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\p766a8oh.default\extensions
[2013.03.19 03:08:28 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\p766a8oh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.06.17 13:02:13 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\p766a8oh.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2010.08.11 16:35:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\p766a8oh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013.03.19 03:08:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\p766a8oh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.03.19 03:04:16 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\aläx\AppData\Roaming\mozilla\firefox\profiles\p766a8oh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.06.17 13:02:15 | 000,001,218 | ---- | M] () -- C:\Users\aläx\AppData\Roaming\mozilla\firefox\profiles\p766a8oh.default\searchplugins\kikin-search.xml
[2013.03.19 03:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.29 14:31:51 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com
[2013.03.07 15:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.03.07 16:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.29 14:31:38 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013.03.07 16:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 16:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 16:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 16:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 16:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Windows Time] rundll32.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82E069DA-CFB1-49BC-AD6F-AE91BAE0ED11}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2000.01.23 19:39:44 | 000,000,050 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2ef9167b-f7dd-11e0-b908-00269ea1636e}\Shell - "" = AutoRun
O33 - MountPoints2\{2ef9167b-f7dd-11e0-b908-00269ea1636e}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{9bb123b5-197d-11df-a543-00269ea1636e}\Shell - "" = AutoRun
O33 - MountPoints2\{9bb123b5-197d-11df-a543-00269ea1636e}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d08f58dd-d889-11de-852c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d08f58dd-d889-11de-852c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\S3\AUTORUN.EXE -- [2000.02.02 23:51:54 | 000,062,976 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.03.24 15:23:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\aläx\Desktop\OTL.exe
[2013.03.19 20:32:36 | 000,000,000 | ---D | C] -- C:\Users\aläx\AppData\Local\Macromedia
[2013.03.19 02:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.15 19:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.04 05:49:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.02.22 23:19:45 | 000,000,000 | ---D | C] -- C:\Users\aläx\AppData\Roaming\{13215AB9-2B2E-4F6E-ADF1-1D7048C31288}
[2013.02.22 23:18:54 | 000,000,000 | ---D | C] -- C:\Users\aläx\AppData\Roaming\{8B7C62AE-92BD-48AE-AA5B-FA375BC97E3E}
[2011.10.19 16:04:55 | 001,015,859 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc42.dll
[2011.10.19 16:04:55 | 000,478,888 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\XSManager_SMSMMS.exe
[2011.10.19 16:04:55 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp60.dll
[2011.10.19 16:04:55 | 000,396,968 | ---- | C] (TODO: <Company name>) -- C:\Program Files\WTGToasterWin.dll
[2011.10.19 16:04:55 | 000,331,432 | ---- | C] (XSManager GmbH) -- C:\Program Files\4GSystems_SMSMMSIta.dll
[2011.10.19 16:04:55 | 000,331,432 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_SMSMMSSpa.dll
[2011.10.19 16:04:55 | 000,331,432 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_SMSMMSFre.dll
[2011.10.19 16:04:55 | 000,331,432 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_SMSMMSEng.dll
[2011.10.19 16:04:55 | 000,286,773 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcrt.dll
[2011.10.19 16:04:55 | 000,057,344 | ---- | C] (WinAbility® Software Corporation) -- C:\Program Files\VistaLib32.dll
[2011.10.19 16:04:54 | 001,470,120 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\XSManager.exe
[2011.10.19 16:04:54 | 000,839,336 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_OneClickAssistantSpa.dll
[2011.10.19 16:04:54 | 000,839,336 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_OneClickAssistantFre.dll
[2011.10.19 16:04:54 | 000,839,336 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_OneClickAssistantEng.dll
[2011.10.19 16:04:54 | 000,835,240 | ---- | C] (XSManager) -- C:\Program Files\4GSystems_OneClickAssistantIta.dll
[2011.07.31 21:24:01 | 000,334,640 | ---- | C] (PokerStars) -- C:\Program Files (x86)\Tracer.exe
[2011.07.31 21:23:53 | 008,963,608 | ---- | C] (PokerStars) -- C:\Program Files (x86)\PokerStars.exe
[2011.07.31 21:23:53 | 000,816,472 | ---- | C] (PokerStars.com) -- C:\Program Files (x86)\PokerStarsCommunicate.exe
[2011.07.31 21:23:53 | 000,656,728 | ---- | C] ( PokerStars) -- C:\Program Files (x86)\PokerStarsOnlineUpdate.exe
[2011.07.31 21:23:53 | 000,581,208 | ---- | C] (PokerStars) -- C:\Program Files (x86)\PokerStarsUpdate.exe
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\aläx\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\aläx\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\aläx\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\aläx\AppData\Local\bass.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.03.24 16:12:11 | 000,004,454 | ---- | M] () -- C:\Users\aläx\Desktop\viruszeugs.rtf
[2013.03.24 15:38:06 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.24 15:38:06 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.24 15:29:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.24 15:29:51 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.24 15:23:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aläx\Desktop\OTL.exe
[2013.03.24 15:23:32 | 000,000,000 | ---- | M] () -- C:\Users\aläx\defogger_reenable
[2013.03.24 15:22:59 | 000,050,477 | ---- | M] () -- C:\Users\aläx\Desktop\Defogger.exe
[2013.03.21 22:35:46 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForaläx.job
[2013.03.19 02:59:33 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.15 19:49:01 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.03.14 15:44:47 | 000,001,498 | ---- | M] () -- C:\Users\aläx\Desktop\DVD Shrink 3.2.lnk
[2013.03.04 05:49:33 | 453,885,265 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.01 00:36:29 | 000,000,000 | ---- | M] () -- C:\Users\aläx\Documents\ts3_clientui-win64-1351504843-2013-03-01 00_36_29.123775.dmp
[2013.02.25 21:00:39 | 000,000,000 | ---- | M] () -- C:\Users\aläx\Documents\ts3_clientui-win64-1351504843-2013-02-25 21_00_39.025264.dmp
[2013.02.22 21:49:30 | 000,000,680 | ---- | M] () -- C:\Users\aläx\Desktop\TeamSpeak 3 Client.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.03.24 15:43:48 | 000,004,454 | ---- | C] () -- C:\Users\aläx\Desktop\viruszeugs.rtf
[2013.03.24 15:23:32 | 000,000,000 | ---- | C] () -- C:\Users\aläx\defogger_reenable
[2013.03.24 15:22:58 | 000,050,477 | ---- | C] () -- C:\Users\aläx\Desktop\Defogger.exe
[2013.03.21 17:03:50 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForaläx.job
[2013.03.19 02:59:33 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.15 19:49:01 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.03.15 19:49:01 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.03.14 15:44:47 | 000,001,498 | ---- | C] () -- C:\Users\aläx\Desktop\DVD Shrink 3.2.lnk
[2013.03.04 05:49:33 | 453,885,265 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.03.01 00:36:29 | 000,000,000 | ---- | C] () -- C:\Users\aläx\Documents\ts3_clientui-win64-1351504843-2013-03-01 00_36_29.123775.dmp
[2013.02.25 21:00:39 | 000,000,000 | ---- | C] () -- C:\Users\aläx\Documents\ts3_clientui-win64-1351504843-2013-02-25 21_00_39.025264.dmp
[2013.02.22 21:49:30 | 000,000,680 | ---- | C] () -- C:\Users\aläx\Desktop\TeamSpeak 3 Client.lnk
[2013.02.06 13:53:15 | 000,021,584 | ---- | C] () -- C:\Program Files (x86)\_update2xblack.dat
[2013.02.06 13:51:35 | 000,008,933 | ---- | C] () -- C:\Program Files (x86)\_update2nova.dat
[2013.02.06 13:51:35 | 000,000,626 | ---- | C] () -- C:\Program Files (x86)\_update2nova.red.dat
[2012.12.27 19:18:57 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.12.27 19:18:57 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.12.27 19:18:57 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.12.27 18:24:42 | 000,000,204 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.11.17 18:28:53 | 000,017,408 | ---- | C] () -- C:\Users\aläx\AppData\Local\WebpageIcons.db
[2012.10.16 22:37:15 | 000,003,420 | ---- | C] () -- C:\Users\aläx\AppData\Local\recently-used.xbel
[2012.07.31 19:58:52 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.07.15 21:51:54 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.02 18:54:31 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.06.23 19:08:35 | 000,061,440 | ---- | C] () -- C:\ProgramData\lwvbmfpg.exe
[2012.06.23 19:07:50 | 000,000,052 | ---- | C] () -- C:\ProgramData\kecdlwzfsrwccet
[2012.06.23 02:27:05 | 000,304,128 | ---- | C] () -- C:\Users\aläx\AppData\Local\bardydeab.exe
[2011.10.19 16:04:55 | 004,129,044 | ---- | C] () -- C:\Program Files\webtogodb.wdb
[2011.10.19 16:04:55 | 001,023,656 | ---- | C] () -- C:\Program Files\Setup.exe
[2011.10.19 16:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderSpa.dll
[2011.10.19 16:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderIta.dll
[2011.10.19 16:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderGer.dll
[2011.10.19 16:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderFre.dll
[2011.10.19 16:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderEng.dll
[2011.10.19 16:04:55 | 000,476,511 | ---- | C] () -- C:\Program Files\Help_eng.chm
[2011.10.19 16:04:55 | 000,427,495 | ---- | C] () -- C:\Program Files\Help_ger.chm
[2011.10.19 16:04:55 | 000,413,648 | ---- | C] () -- C:\Program Files\OSU.exe
[2011.10.19 16:04:55 | 000,386,713 | ---- | C] () -- C:\Program Files\Help_ita.chm
[2011.10.19 16:04:55 | 000,366,391 | ---- | C] () -- C:\Program Files\Help_fre.chm
[2011.10.19 16:04:55 | 000,360,127 | ---- | C] () -- C:\Program Files\Help_spa.chm
[2011.10.19 16:04:55 | 000,331,432 | ---- | C] () -- C:\Program Files\4GSystems_SMSMMSGer.dll
[2011.10.19 16:04:55 | 000,329,168 | ---- | C] () -- C:\Program Files\WTGService.exe
[2011.10.19 16:04:55 | 000,243,152 | ---- | C] () -- C:\Program Files\WTGVistaUtil.exe
[2011.10.19 16:04:55 | 000,118,436 | ---- | C] () -- C:\Program Files\WTGPhoneCaps.dat
[2011.10.19 16:04:55 | 000,094,278 | ---- | C] () -- C:\Program Files\WtgZip.dll
[2011.10.19 16:04:55 | 000,065,192 | ---- | C] () -- C:\Program Files\WTGMMSPCClient.dll
[2011.10.19 16:04:55 | 000,030,160 | ---- | C] () -- C:\Program Files\InstallWTGService.exe
[2011.10.19 16:04:55 | 000,024,584 | ---- | C] () -- C:\Program Files\WTGMMSProfiles.dat
[2011.10.19 16:04:55 | 000,024,576 | ---- | C] () -- C:\Program Files\WTGDebugs.dll
[2011.10.19 16:04:55 | 000,000,992 | ---- | C] () -- C:\Program Files\providers.xml
[2011.10.19 16:04:55 | 000,000,567 | ---- | C] () -- C:\Program Files\KD.xml
[2011.10.19 16:04:55 | 000,000,518 | ---- | C] () -- C:\Program Files\mmsc.xml
[2011.10.19 16:04:55 | 000,000,193 | ---- | C] () -- C:\Program Files\config.ini
[2011.10.19 16:04:54 | 000,962,216 | ---- | C] () -- C:\Program Files\Uninstaller.exe
[2011.10.19 16:04:54 | 000,835,240 | ---- | C] () -- C:\Program Files\4GSystems_OneClickAssistantGer.dll
[2011.10.19 16:04:54 | 000,831,144 | ---- | C] () -- C:\Program Files\UninstallerSpa.dll
[2011.10.19 16:04:54 | 000,831,144 | ---- | C] () -- C:\Program Files\UninstallerGer.dll
[2011.10.19 16:04:54 | 000,831,144 | ---- | C] () -- C:\Program Files\UninstallerFre.dll
[2011.10.19 16:04:54 | 000,745,128 | ---- | C] () -- C:\Program Files\UninstallerIta.dll
[2011.10.19 16:04:54 | 000,376,832 | ---- | C] () -- C:\Program Files\WtgCore.dll
[2011.10.19 16:04:54 | 000,204,800 | ---- | C] () -- C:\Program Files\WtgUtil.dll
[2011.10.19 16:04:54 | 000,183,976 | ---- | C] () -- C:\Program Files\WTGSMSPCClient.dll
[2011.10.19 16:04:54 | 000,143,360 | ---- | C] () -- C:\Program Files\WtgDetection.dll
[2011.10.19 16:04:54 | 000,139,264 | ---- | C] () -- C:\Program Files\WtgBluetooth.dll
[2011.10.19 16:04:54 | 000,110,592 | ---- | C] () -- C:\Program Files\WtgDatabase.dll
[2011.10.19 16:04:54 | 000,065,536 | ---- | C] () -- C:\Program Files\WtgDialup.dll
[2011.10.19 16:04:54 | 000,045,056 | ---- | C] () -- C:\Program Files\WtgDriverInstall.dll
[2011.10.19 16:04:54 | 000,024,576 | ---- | C] () -- C:\Program Files\WtgDriverInstallX.dll
[2011.10.19 16:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientSpa.dll
[2011.10.19 16:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientIta.dll
[2011.10.19 16:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientGer.dll
[2011.10.19 16:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientFre.dll
[2011.10.19 16:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientEng.dll
[2011.10.19 15:31:32 | 000,258,048 | R--- | C] () -- C:\Windows\SysWow64\sptlib01.dll
[2011.10.19 15:31:32 | 000,253,952 | R--- | C] () -- C:\Windows\SysWow64\sptlib02.dll
[2011.10.19 15:31:32 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.dll
[2011.10.19 15:31:32 | 000,003,456 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.sys
[2011.07.31 21:24:46 | 000,087,582 | ---- | C] () -- C:\Program Files (x86)\_update2g.dat
[2011.07.31 21:24:46 | 000,038,476 | ---- | C] () -- C:\Program Files (x86)\_update2gcd.dat
[2011.07.31 21:24:46 | 000,005,019 | ---- | C] () -- C:\Program Files (x86)\_update2oldblack.dat
[2011.07.31 21:24:46 | 000,003,452 | ---- | C] () -- C:\Program Files (x86)\_update2marine.dat
[2011.07.31 21:24:46 | 000,003,356 | ---- | C] () -- C:\Program Files (x86)\_update2renaissance.dat
[2011.07.31 21:24:46 | 000,003,265 | ---- | C] () -- C:\Program Files (x86)\_update2azure.dat
[2011.07.31 21:24:46 | 000,001,655 | ---- | C] () -- C:\Program Files (x86)\_update2shiny.dat
[2011.07.31 21:24:46 | 000,001,579 | ---- | C] () -- C:\Program Files (x86)\_update2black.dat
[2011.07.31 21:24:46 | 000,001,122 | ---- | C] () -- C:\Program Files (x86)\_update2simple.dat
[2011.07.31 21:24:46 | 000,000,947 | ---- | C] () -- C:\Program Files (x86)\_update2renaissance.green.dat
[2011.07.31 21:24:46 | 000,000,486 | ---- | C] () -- C:\Program Files (x86)\_update2s.dat
[2011.07.31 21:24:46 | 000,000,163 | ---- | C] () -- C:\Program Files (x86)\_update2rare.dat
[2011.07.31 21:24:46 | 000,000,075 | ---- | C] () -- C:\Program Files (x86)\_update2default.dat
[2011.07.31 21:24:01 | 000,000,905 | ---- | C] () -- C:\Program Files (x86)\Uninstall PokerStars.lnk
[2011.07.31 21:24:01 | 000,000,475 | ---- | C] () -- C:\Program Files (x86)\update.ini
[2011.07.31 21:24:01 | 000,000,219 | ---- | C] () -- C:\Program Files (x86)\trace.ini
[2011.07.31 21:24:01 | 000,000,199 | ---- | C] () -- C:\Program Files (x86)\tinfo.dat
[2011.07.31 21:24:01 | 000,000,195 | ---- | C] () -- C:\Program Files (x86)\user.ini
[2011.07.31 21:23:53 | 000,585,728 | ---- | C] () -- C:\Program Files (x86)\PokerStarsUninstall.exe
[2011.07.31 21:23:53 | 000,046,360 | ---- | C] () -- C:\Program Files (x86)\Stub.exe
[2011.07.31 21:23:53 | 000,001,442 | ---- | C] () -- C:\Program Files (x86)\PokerStars.ini
[2011.07.31 21:23:47 | 000,000,707 | ---- | C] () -- C:\Program Files (x86)\fw.ini
[2011.07.21 17:22:14 | 000,000,600 | ---- | C] () -- C:\Users\aläx\AppData\Roaming\winscp.rnd
[2011.05.11 21:50:20 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.03.08 21:49:18 | 000,001,466 | ---- | C] () -- C:\Users\aläx\AppData\Local\RecConfig.xml
[2010.02.17 22:05:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\aläx\AppData\Local\lame_enc.dll
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\aläx\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\aläx\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\aläx\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\aläx\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\aläx\AppData\Local\no23xwrapper.dll

========== ZeroAccess Check ==========

[2011.11.17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\@
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\L
[2012.10.28 14:48:07 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U
[2012.10.24 17:28:00 | 000,000,928 | ---- | M] () -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U\00000001.@
[2012.10.28 14:48:07 | 000,014,848 | ---- | M] () -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U\80000000.@
[2012.09.28 16:58:00 | 000,025,088 | ---- | M] () -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U\800000cb.@
[2012.06.02 12:01:02 | 000,002,048 | -HS- | M] () -- C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\@
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\L
[2011.11.17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U
[2012.06.02 01:44:43 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3976204669-1912250674-580245324-1001\$I3EQZVK.@
[2012.06.02 01:44:43 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3976204669-1912250674-580245324-1001\$I7Y6XCJ.@
[2012.06.02 01:41:06 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3976204669-1912250674-580245324-1001\$IU0NDEA.@
[2012.06.02 01:44:43 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3976204669-1912250674-580245324-1001\$IWY4OFA.@
[2012.06.06 20:29:50 | 000,000,116 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3976204669-1912250674-580245324-1001\$RWCOLQB.com\assets\oobe\l.png
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 11:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 09:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = \\.\globalroot\systemroot\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\n.
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.02.06 19:55:33 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\1&1 Mail & Media GmbH
[2013.01.08 17:13:13 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\APP_NAME_NON_STRING
[2010.09.19 17:00:54 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Ashampoo
[2012.02.29 14:31:35 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Babylon
[2012.10.28 22:50:16 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\calibre
[2011.09.17 19:44:20 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Canneverbe Limited
[2011.04.04 11:44:51 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\DAEMON Tools Lite
[2012.11.04 10:25:14 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Dropbox
[2012.09.25 15:50:01 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\DVDVideoSoft
[2012.09.25 15:49:57 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.31 13:09:54 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Foxit Software
[2010.06.27 11:23:02 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\fretsonfire
[2012.06.22 14:53:24 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\ICQ
[2011.06.17 13:02:13 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\kikin
[2010.08.31 23:23:13 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Leadertech
[2011.05.04 19:56:33 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Line 6
[2012.01.08 04:09:45 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Media Finder
[2012.09.27 18:03:35 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\MediaMonkey
[2011.11.27 16:38:04 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\mp3DirectCut
[2013.03.12 22:01:46 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Mp3tag
[2012.07.08 13:27:40 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Oghue
[2010.02.21 21:26:31 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\OpenOffice.org
[2012.11.29 23:04:31 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Origin
[2012.04.22 14:30:16 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\PacificPoker
[2013.01.08 17:14:02 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\PDF Architect
[2013.01.08 17:31:24 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\pdfforge
[2011.10.19 16:08:14 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Program Files
[2010.11.24 20:06:26 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Samsung
[2011.04.12 14:51:10 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Scribus
[2013.01.10 21:03:52 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Softland
[2013.02.22 21:36:34 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\TS3Client
[2012.01.02 02:25:54 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\ts3overlay
[2012.11.13 15:57:39 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Windows Live Writer
[2010.02.03 17:56:41 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\_MDLogs
[2013.02.22 23:19:45 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\{13215AB9-2B2E-4F6E-ADF1-1D7048C31288}
[2013.02.22 23:18:54 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\{8B7C62AE-92BD-48AE-AA5B-FA375BC97E3E}

========== Purity Check ==========



< End of report >





Im Hilfethread stand noch etwas von einer Extra.txt Datei. Da habe ich aber irgendwie keine bekommen. :/



Hier noch die gmer.txt Datei:





GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-24 17:58:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS725032A9A364 rev.PC3OC70E 298,09GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\ALX~1\AppData\Local\Temp\kxldrpog.sys


---- User code sections - GMER 2.1 ----

.text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007737fa20 8 bytes {JMP 0x3}
.text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007737fc18 8 bytes {JMP 0x3}
.text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007737fd78 8 bytes {JMP 0x3}
.text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077381ec8 8 bytes {JMP 0x3}
.text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000074b57809 8 bytes {JMP 0x3}
.text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000761e779b 8 bytes {JMP 0x3}
.text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WS2_32.dll!send 0000000076826f01 8 bytes {JMP 0x3}
.text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000768f0ec0 8 bytes {JMP 0x3}
.text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!InternetQueryOptionA 000000007698702d 8 bytes {JMP 0x3}
.text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007698c664 8 bytes {JMP 0x3}
.text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007698e13a 8 bytes {JMP 0x3}
.text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007698f8d8 8 bytes {JMP 0x3}
.text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!HttpAddRequestHeadersA 0000000076992a3c 8 bytes {JMP 0x3}
.text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076993184 8 bytes {JMP 0x3}
.text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000769b5761 8 bytes {JMP 0x3}
.text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000769b632d 8 bytes {JMP 0x3}
.text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000769bfa49 8 bytes {JMP 0x3}
.text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000769cf6c6 8 bytes {JMP 0x3}
.text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000769e525a 8 bytes {JMP 0x3}
.text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077331465 2 bytes [33, 77]
.text F:\Spiele\hamachi\hamachi-2-ui.exe[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773314bb 2 bytes [33, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077331465 2 bytes [33, 77]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2068] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773314bb 2 bytes [33, 77]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2288] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000071e41a22 2 bytes [E4, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2288] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000071e41ad0 2 bytes [E4, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2288] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000071e41b08 2 bytes [E4, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2288] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000071e41bba 2 bytes [E4, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2288] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000071e41bda 2 bytes [E4, 71]
.text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007737fa20 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007737fc18 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007737fd78 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077381ec8 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000761e779b 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000074b57809 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000768f0ec0 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!InternetQueryOptionA 000000007698702d 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007698c664 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007698e13a 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007698f8d8 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!HttpAddRequestHeadersA 0000000076992a3c 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076993184 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000769b5761 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000769b632d 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000769bfa49 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000769cf6c6 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000769e525a 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe[2468] C:\Windows\syswow64\WS2_32.dll!send 0000000076826f01 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007737fa20 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007737fc18 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007737fd78 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077381ec8 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000761e779b 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000074b57809 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077331465 2 bytes [33, 77]
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773314bb 2 bytes [33, 77]
.text ... * 2
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!InternetQueryOptionA 000000007698702d 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007698c664 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007698e13a 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007698f8d8 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!HttpAddRequestHeadersA 0000000076992a3c 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076993184 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000769b5761 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000769b632d 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000769bfa49 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000769cf6c6 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000769e525a 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000768f0ec0 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2536] C:\Windows\syswow64\WS2_32.dll!send 0000000076826f01 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007737fa20 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007737fc18 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007737fd78 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077381ec8 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000074b57809 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000761e779b 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000768f0ec0 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WS2_32.dll!send 0000000076826f01 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!InternetQueryOptionA 000000007698702d 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007698c664 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007698e13a 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007698f8d8 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!HttpAddRequestHeadersA 0000000076992a3c 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076993184 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000769b5761 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000769b632d 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000769bfa49 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000769cf6c6 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe[2552] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000769e525a 8 bytes {JMP 0x3}
.text C:\Windows\starter4g.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007737fa20 8 bytes {JMP 0x3}
.text C:\Windows\starter4g.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007737fc18 8 bytes {JMP 0x3}
.text C:\Windows\starter4g.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007737fd78 8 bytes {JMP 0x3}
.text C:\Windows\starter4g.exe[2584] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077381ec8 8 bytes {JMP 0x3}
.text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000074b57809 8 bytes {JMP 0x3}
.text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000761e779b 8 bytes {JMP 0x3}
.text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000768f0ec0 8 bytes {JMP 0x3}
.text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WS2_32.dll!send 0000000076826f01 8 bytes {JMP 0x3}
.text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!InternetQueryOptionA 000000007698702d 8 bytes {JMP 0x3}
.text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007698c664 8 bytes {JMP 0x3}
.text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007698e13a 8 bytes {JMP 0x3}
.text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007698f8d8 8 bytes {JMP 0x3}
.text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!HttpAddRequestHeadersA 0000000076992a3c 8 bytes {JMP 0x3}
.text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076993184 8 bytes {JMP 0x3}
.text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000769b5761 8 bytes {JMP 0x3}
.text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000769b632d 8 bytes {JMP 0x3}
.text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000769bfa49 8 bytes {JMP 0x3}
.text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000769cf6c6 8 bytes {JMP 0x3}
.text C:\Windows\starter4g.exe[2584] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000769e525a 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007737fa20 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007737fc18 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007737fd78 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077381ec8 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000761e779b 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000074b57809 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!InternetQueryOptionA 000000007698702d 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007698c664 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007698e13a 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007698f8d8 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!HttpAddRequestHeadersA 0000000076992a3c 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076993184 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000769b5761 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000769b632d 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000769bfa49 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000769cf6c6 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000769e525a 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000768f0ec0 8 bytes {JMP 0x3}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2592] C:\Windows\syswow64\WS2_32.dll!send 0000000076826f01 8 bytes {JMP 0x3}
.text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007737fa20 8 bytes {JMP 0x3}
.text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007737fc18 8 bytes {JMP 0x3}
.text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007737fd78 8 bytes {JMP 0x3}
.text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\SysWOW64\ntdll.dll!NtVdmControl 0000000077381ec8 8 bytes {JMP 0x3}
.text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\USER32.dll!TranslateMessage 0000000074b57809 8 bytes {JMP 0x3}
.text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\ADVAPI32.dll!CryptEncrypt 00000000761e779b 8 bytes {JMP 0x3}
.text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\CRYPT32.dll!PFXImportCertStore 00000000768f0ec0 8 bytes {JMP 0x3}
.text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WS2_32.dll!send 0000000076826f01 8 bytes {JMP 0x3}
.text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!InternetQueryOptionA 000000007698702d 8 bytes {JMP 0x3}
.text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!InternetCloseHandle 000000007698c664 8 bytes {JMP 0x3}
.text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!HttpQueryInfoA 000000007698e13a 8 bytes {JMP 0x3}
.text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!InternetReadFile 000000007698f8d8 8 bytes {JMP 0x3}
.text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!HttpAddRequestHeadersA 0000000076992a3c 8 bytes {JMP 0x3}
.text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!InternetQueryDataAvailable 0000000076993184 8 bytes {JMP 0x3}
.text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!HttpOpenRequestA 00000000769b5761 8 bytes {JMP 0x3}
.text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!HttpSendRequestW 00000000769b632d 8 bytes {JMP 0x3}
.text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!InternetReadFileExA 00000000769bfa49 8 bytes {JMP 0x3}
.text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!InternetWriteFile 00000000769cf6c6 8 bytes {JMP 0x3}
.text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\WININET.dll!HttpSendRequestA 00000000769e525a 8 bytes {JMP 0x3}
.text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077331465 2 bytes [33, 77]
.text C:\Users\ALX~1\AppData\Local\Temp\XrDAF61.exe[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773314bb 2 bytes [33, 77]
.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6760:7088] 000007fefba62a7c

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{82E069DA-CFB1-49BC-AD6F-AE91BAE0ED11}@LeaseObtainedTime 1364139493
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{82E069DA-CFB1-49BC-AD6F-AE91BAE0ED11}@T1 1365046693
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{82E069DA-CFB1-49BC-AD6F-AE91BAE0ED11}@T2 1365727093
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{82E069DA-CFB1-49BC-AD6F-AE91BAE0ED11}@LeaseTerminatesTime 1365953893

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----






So, ich hoffe das waren jetzt alle nötigen Informationen.
Würde mich sehr freuen, wenn jemand helfen kann!


Grüße,
Alex

Alt 24.03.2013, 19:52   #2
DerJazzer
/// Malwareteam
 
Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) - Standard

Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)





Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld
__________________

__________________

Alt 24.03.2013, 23:50   #3
Penntuete
 
Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) - Standard

Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)



Alles klar, freut mich, vielen Dank schonmal für deine Mühe!
__________________

Alt 25.03.2013, 13:09   #4
DerJazzer
/// Malwareteam
 
Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) - Standard

Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)



Hallo und
Ich bin Christoph und möchte dir bei deinem Problem helfen.
Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting (Posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software außer Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen außer ich fordere Dich dazu auf. Erschwert mir nämlich das Auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein PC clean ist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


Schritt 1

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 27.03.2013, 20:15   #5
DerJazzer
/// Malwareteam
 
Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) - Standard

Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)



Hallo,
benötigst Du noch weiterhin Hilfe ?

Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten.

Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist!

__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 27.03.2013, 21:24   #6
Penntuete
 
Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) - Standard

Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)



Danke erstmal für das Angebot! Ja ich brauch noch Hilfe, bin aber zur Zeit nicht daheim und kann nichts am Laptop machen, sorry! Komme erst wieder am Sonntag zurück und würde dann gleich den Scan mit Combofix durchführen! Ich hoffe dass das für dich okay ist.

Alt 27.03.2013, 21:37   #7
DerJazzer
/// Malwareteam
 
Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) - Standard

Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)



Hi

OK, melde dich dann bitte, wenn du das Log hast.
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 31.03.2013, 22:16   #8
Penntuete
 
Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) - Standard

Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)



Hi

So, hier ist jetzt das Log von Combofix:

Code:
ATTFilter
ComboFix 13-03-31.01 - aläx 31.03.2013  21:44:00.1.2 - x64
ausgeführt von:: c:\users\alõx\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\INSTALL.LOG
c:\program files (x86)\kikin
c:\program files (x86)\kikin\default_settings.xml
c:\program files (x86)\kikin\ie_kikin.dll
c:\program files (x86)\kikin\KikinBroker.exe
c:\program files (x86)\kikin\KikinCrashReporter.exe
c:\program files (x86)\kikin\uninst.exe
c:\program files (x86)\Update
c:\programdata\l_u0_0.pad
c:\programdata\lwvbmfpg.exe
c:\programdata\ras_0oed.pad
c:\programdata\to_r0tsef.pad
c:\windows\install.exe
c:\windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\@
c:\windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U\00000001.@
c:\windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U\80000000.@
c:\windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U\800000cb.@
c:\windows\IsUn0407.exe
.
Infizierte Kopie von c:\windows\SysWow64\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-28 bis 2013-03-31  ))))))))))))))))))))))))))))))
.
.
2013-03-31 19:52 . 2013-03-31 19:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-19 19:32 . 2013-03-19 19:32	--------	d-----w-	c:\users\aläx\AppData\Local\Macromedia
2013-03-19 01:47 . 2013-03-19 01:47	310688	----a-w-	c:\windows\system32\javaws.exe
2013-03-19 01:47 . 2013-03-19 01:47	963488	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-19 01:47 . 2013-03-19 01:47	1085344	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-19 01:47 . 2013-03-19 01:47	108448	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-03-19 01:47 . 2013-03-19 01:47	188832	----a-w-	c:\windows\system32\javaw.exe
2013-03-19 01:47 . 2013-03-19 01:47	188320	----a-w-	c:\windows\system32\java.exe
2013-03-19 01:45 . 2013-03-19 01:47	--------	d-----w-	c:\program files\Java
2013-03-15 18:45 . 2013-03-15 18:45	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-15 18:45 . 2013-03-15 18:45	--------	d-----w-	c:\program files (x86)\Java
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-19 19:29 . 2012-07-17 16:07	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-19 19:29 . 2012-03-29 13:15	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-15 18:45 . 2012-09-10 21:19	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-03-15 18:45 . 2010-05-20 15:45	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-03-12 12:04 . 2012-01-19 17:44	43832	----a-w-	c:\windows\help\OEM\Scripts\PWAlertEnable.exe
2013-03-01 15:00 . 2011-11-17 17:38	21208	----a-w-	c:\windows\help\OEM\Scripts\PSGRedirector.exe
2013-02-25 13:19 . 2011-04-28 17:43	49152	----a-w-	c:\windows\help\OEM\Scripts\Interop.TaskScheduler.dll
2013-02-10 12:34 . 2013-02-10 12:34	40960	----a-r-	c:\users\aläx\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2013-02-10 12:34 . 2013-02-10 12:34	40960	----a-r-	c:\users\aläx\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2013-02-10 12:34 . 2013-02-10 12:34	40960	----a-r-	c:\users\aläx\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2013-02-10 12:34 . 2013-02-10 12:34	40960	----a-r-	c:\users\aläx\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2013-02-06 12:53 . 2011-07-31 20:23	8963608	----a-w-	c:\program files (x86)\PokerStars.exe
2013-02-06 12:51 . 2011-07-31 20:23	581208	----a-w-	c:\program files (x86)\PokerStarsUpdate.exe
2013-01-11 09:44 . 2012-12-06 16:07	19840	----a-w-	c:\windows\help\OEM\Scripts\Solution_RecoveryPgm.exe
2013-01-09 17:50 . 2011-04-28 17:43	1251640	----a-w-	c:\windows\help\OEM\Scripts\HPSAUpgrade.exe
2012-04-06 18:54 . 2011-07-31 20:24	334640	----a-w-	c:\program files (x86)\Tracer.exe
2011-07-31 20:23 . 2011-07-31 20:23	816472	----a-w-	c:\program files (x86)\PokerStarsCommunicate.exe
2011-07-31 20:23 . 2011-07-31 20:23	656728	----a-w-	c:\program files (x86)\PokerStarsOnlineUpdate.exe
2011-07-31 20:23 . 2011-07-31 20:23	585728	----a-w-	c:\program files (x86)\PokerStarsUninstall.exe
2011-07-31 20:23 . 2011-07-31 20:23	46360	----a-w-	c:\program files (x86)\Stub.exe
2010-06-22 16:48 . 2011-10-19 15:04	143360	------w-	c:\program files\WtgDetection.dll
2010-04-28 15:00 . 2011-10-19 15:04	396968	------w-	c:\program files\WTGToasterWin.dll
2010-04-28 15:00 . 2011-10-19 15:04	183976	------w-	c:\program files\WTGSMSPCClient.dll
2010-04-28 15:00 . 2011-10-19 15:04	65192	------w-	c:\program files\WTGMMSPCClient.dll
2010-04-28 15:00 . 2011-10-19 15:04	1023656	------w-	c:\program files\Setup.exe
2010-04-28 15:00 . 2011-10-19 15:04	831144	------w-	c:\program files\UninstallerSpa.dll
2010-04-28 15:00 . 2011-10-19 15:04	831144	------w-	c:\program files\UninstallerGer.dll
2010-04-28 15:00 . 2011-10-19 15:04	831144	------w-	c:\program files\UninstallerFre.dll
2010-04-28 15:00 . 2011-10-19 15:04	745128	------w-	c:\program files\UninstallerIta.dll
2010-04-28 15:00 . 2011-10-19 15:04	478888	------w-	c:\program files\XSManager_SMSMMS.exe
2010-04-28 15:00 . 2011-10-19 15:04	962216	------w-	c:\program files\Uninstaller.exe
2010-04-28 15:00 . 2011-10-19 15:04	1470120	------w-	c:\program files\XSManager.exe
2010-04-28 15:00 . 2011-10-19 15:04	20136	------w-	c:\program files\4GSystems_WTGSMSPCClientSpa.dll
2010-04-28 15:00 . 2011-10-19 15:04	20136	------w-	c:\program files\4GSystems_WTGSMSPCClientIta.dll
2010-04-28 15:00 . 2011-10-19 15:04	20136	------w-	c:\program files\4GSystems_WTGSMSPCClientGer.dll
2010-04-28 15:00 . 2011-10-19 15:04	20136	------w-	c:\program files\4GSystems_WTGSMSPCClientFre.dll
2010-04-28 15:00 . 2011-10-19 15:04	495272	------w-	c:\program files\4GSystems_UpgraderSpa.dll
2010-04-28 15:00 . 2011-10-19 15:04	495272	------w-	c:\program files\4GSystems_UpgraderIta.dll
2010-04-28 15:00 . 2011-10-19 15:04	495272	------w-	c:\program files\4GSystems_UpgraderGer.dll
2010-04-28 15:00 . 2011-10-19 15:04	20136	------w-	c:\program files\4GSystems_WTGSMSPCClientEng.dll
2010-04-28 15:00 . 2011-10-19 15:04	495272	------w-	c:\program files\4GSystems_UpgraderFre.dll
2010-04-28 15:00 . 2011-10-19 15:04	495272	------w-	c:\program files\4GSystems_UpgraderEng.dll
2010-04-28 15:00 . 2011-10-19 15:04	331432	------w-	c:\program files\4GSystems_SMSMMSSpa.dll
2010-04-28 15:00 . 2011-10-19 15:04	331432	------w-	c:\program files\4GSystems_SMSMMSIta.dll
2010-04-28 15:00 . 2011-10-19 15:04	331432	------w-	c:\program files\4GSystems_SMSMMSGer.dll
2010-04-28 15:00 . 2011-10-19 15:04	331432	------w-	c:\program files\4GSystems_SMSMMSFre.dll
2010-04-28 15:00 . 2011-10-19 15:04	331432	------w-	c:\program files\4GSystems_SMSMMSEng.dll
2010-04-28 15:00 . 2011-10-19 15:04	839336	------w-	c:\program files\4GSystems_OneClickAssistantSpa.dll
2010-04-28 15:00 . 2011-10-19 15:04	835240	------w-	c:\program files\4GSystems_OneClickAssistantIta.dll
2010-04-28 15:00 . 2011-10-19 15:04	835240	------w-	c:\program files\4GSystems_OneClickAssistantGer.dll
2010-04-28 15:00 . 2011-10-19 15:04	839336	------w-	c:\program files\4GSystems_OneClickAssistantFre.dll
2010-04-28 15:00 . 2011-10-19 15:04	839336	------w-	c:\program files\4GSystems_OneClickAssistantEng.dll
2010-04-12 16:04 . 2011-10-19 15:04	30160	------w-	c:\program files\InstallWTGService.exe
2010-04-12 16:03 . 2011-10-19 15:04	413648	------w-	c:\program files\OSU.exe
2010-04-12 16:03 . 2011-10-19 15:04	243152	------w-	c:\program files\WTGVistaUtil.exe
2010-04-12 16:03 . 2011-10-19 15:04	329168	------w-	c:\program files\WTGService.exe
2010-04-12 16:00 . 2011-10-19 15:04	24576	------w-	c:\program files\WtgDriverInstallX.dll
2010-04-12 16:00 . 2011-10-19 15:04	94278	------w-	c:\program files\WtgZip.dll
2010-04-12 15:59 . 2011-10-19 15:04	376832	------w-	c:\program files\WtgCore.dll
2010-04-12 15:59 . 2011-10-19 15:04	45056	------w-	c:\program files\WtgDriverInstall.dll
2010-04-12 15:59 . 2011-10-19 15:04	139264	------w-	c:\program files\WtgBluetooth.dll
2010-04-12 15:59 . 2011-10-19 15:04	65536	------w-	c:\program files\WtgDialup.dll
2010-04-12 15:59 . 2011-10-19 15:04	110592	------w-	c:\program files\WtgDatabase.dll
2010-04-12 15:59 . 2011-10-19 15:04	204800	------w-	c:\program files\WtgUtil.dll
2010-04-12 15:59 . 2011-10-19 15:04	24576	------w-	c:\program files\WTGDebugs.dll
2008-03-13 09:59 . 2011-10-19 15:04	57344	------w-	c:\program files\VistaLib32.dll
2008-03-13 09:59 . 2011-10-19 15:04	401462	------w-	c:\program files\msvcp60.dll
2008-03-13 09:59 . 2011-10-19 15:04	286773	------w-	c:\program files\msvcrt.dll
2008-03-13 09:59 . 2011-10-19 15:04	1015859	------w-	c:\program files\mfc42.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	94208	----a-w-	c:\users\aläx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	94208	----a-w-	c:\users\aläx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	94208	----a-w-	c:\users\aläx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	94208	----a-w-	c:\users\aläx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"starter4g"="c:\windows\starter4g.exe" [2010-07-08 160992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FSC RC.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2011-10-19 684032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2011-10-19 117888]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2009-10-16 50176]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;f:\spiele\hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]
S2 WTGService;WTGService;c:\program files\WTGService.exe [2010-04-12 329168]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-07-08 145120]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\aläx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\aläx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\aläx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49	97792	----a-w-	c:\users\aläx\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: Free YouTube Download - c:\users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to iPod Converter - c:\users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to Mp3 Converter - c:\users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
FF - ProfilePath - c:\users\aläx\AppData\Roaming\Mozilla\Firefox\Profiles\p766a8oh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.kicker.de
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109980&babsrc=adbartrp&mntrId=1c81958b000000000000904ce520160f&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKCU-Run-Windows Time - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
SafeBoot-Wdf01000.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Age of Mythology 1.0 - g:\spielä\Age of Mythology\UNINSTAL.EXE
AddRemove-Ashampoo Burning Studio 2010_is1 - g:\ashampoo burning studio 2010\unins000.exe
AddRemove-Beleuchtungstechnik - g:\progra~1\BFE-LE~1\BELEUC~1\UNWISE.EXE
AddRemove-CamStudio - g:\camstudio\uninstall.exe
AddRemove-CasinoClub - g:\casino\CASINO~1\UNWISE.EXE
AddRemove-DVDGenie - c:\program files (x86)\DVD Genie\uninst-dvdgenie.exe
AddRemove-Grand Theft Auto - c:\program files (x86)\gta\Uninst.isu
AddRemove-Guitar Pro 5_is1 - g:\guitar pro 5\unins000.exe
AddRemove-Line 6 Uninstaller - g:\line6monkey\Tools\Line 6 Uninstaller.exe
AddRemove-Moorhuhn-Sushi - c:\windows\system32\MOORHU~1.SCR
AddRemove-S3 - c:\windows\IsUn0407.exe
AddRemove-winscp3_is1 - g:\winscp\unins000.exe
AddRemove-{0E26E09B-6687-4A99-BD08-A9E705373029}_is1 - g:\vyzex pocket pod\Win32\unins000.exe
AddRemove-{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA} - c:\program files (x86)\kikin\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3976204669-1912250674-580245324-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:5d,5f,07,c8,7d,70,66,a3,37,57,77,19,6d,e0,93,5d,e1,4e,64,2f,21,5c,f0,
   16,62,dd,37,52,c5,d4,a3,d9,c8,ba,ef,e3,42,18,65,8a,74,44,58,fb,d4,7f,b0,c4,\
"??"=hex:77,fd,ed,c6,ac,5b,1f,8d,80,9d,54,37,e8,7e,b1,68
.
[HKEY_USERS\S-1-5-21-3976204669-1912250674-580245324-1001\Software\SecuROM\License information*]
"datasecu"=hex:2e,cd,34,b4,6c,01,6d,5a,9d,82,a1,25,88,14,97,24,f2,c6,4f,dc,f9,
   8c,1e,05,32,a0,df,a0,51,42,54,ea,1d,ba,4b,be,32,74,43,6e,35,a7,0e,a9,e7,38,\
"rkeysecu"=hex:55,f0,b8,87,d5,28,2e,0d,cb,f6,f6,5f,18,87,1b,ac
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
f:\spiele\hamachi\hamachi-2-ui.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-31  22:01:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-03-31 20:01
.
Vor Suchlauf: 8 Verzeichnis(se), 236.802.859.008 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 238.112.178.176 Bytes frei
.
- - End Of File - - E022A904FF6260780945550E29485A8C
         

Alt 31.03.2013, 22:35   #9
DerJazzer
/// Malwareteam
 
Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) - Standard

Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)



Da hast du dir ja was nettes angelacht

Schritt 1

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Schritt 3

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Schritt 4

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.


Bitte poste in deiner naechsten Antwort
  • AdwCleaner-Log & JRT.txt
  • AswMBR.txt & TDSSKiller-Log
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 31.03.2013, 23:43   #10
Penntuete
 
Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) - Standard

Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)



Hört sich ja toll an


AdwCleaner:

Code:
ATTFilter
# AdwCleaner v2.115 - Datei am 31/03/2013 um 22:42:43 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : aläx - ALÄX-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\aläx\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Ordner Gelöscht : C:\Program Files (x86)\Babylon
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Plasmoo
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gelöscht : C:\Users\aläx\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\aläx\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\kikin
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\Media Finder
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\Mozilla\Firefox\Profiles\a4aqqrd9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\Mozilla\Firefox\Profiles\p766a8oh.default\Conduit
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\Mozilla\Firefox\Profiles\p766a8oh.default\CT2269050
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\Mozilla\Firefox\Profiles\p766a8oh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\Mozilla\Firefox\Profiles\p766a8oh.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
Ordner Gelöscht : C:\Users\aläx\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16446

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\aläx\AppData\Roaming\Mozilla\Firefox\Profiles\p766a8oh.default\prefs.js

C:\Users\aläx\AppData\Roaming\Mozilla\Firefox\Profiles\p766a8oh.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "11-8-2010");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Wed Aug 11 2010 18:17:38 GMT+0200");
Gelöscht : user_pref("CT2269050.FirstServerDate", "11-8-2010");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 1);
Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2269050.InstalledDate", "Wed Aug 11 2010 18:17:38 GMT+0200");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Wed Aug 11 2010 18:17:39 GMT+0200");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.7.0.14", "Wed Aug 11 2010 18:17:38 GMT+0200");
Gelöscht : user_pref("CT2269050.LatestVersion", "2.1.0.18");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Wed Aug 11 2010 18:17:39 GMT+0200");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Wed Aug 11 2010 18:17:39 GMT+0200");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Wed Aug 11 2010 18:17:37 GMT+0200");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1281105247");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Wed Aug 11 2010 18:17:37 GMT+0200");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1246790578");
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Gelöscht : user_pref("CT2269050.UserID", "UN85531458676184340");
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Wed Aug 11 2010 18:17:38 GMT+0200");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Aug 11 2010 18:17:38 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Aug 11 2010 18:17:37 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1276093853");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "{12eef586-10e9-40f2-96eb-35d80c0ac64c}");
Gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Aug 11 2010 18:17:38 GMT+0200");
Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 29);
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Gelöscht : user_pref("extensions.BabylonToolbar.hmpg", true);
Gelöscht : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=109980&babsrc=adbar[...]
Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 29);
Gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Gelöscht : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Gelöscht : user_pref("extensions.BabylonToolbar.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?AF=109980&babsrc=NT_ss&[...]
Gelöscht : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.propectorlck", 69084111);
Gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "free");
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Gelöscht : user_pref("extensions.asktb.apn_dbr", "ff_3.6.3");
Gelöscht : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Gelöscht : user_pref("extensions.asktb.cbid", "5J");
Gelöscht : user_pref("extensions.asktb.config-updated", false);
Gelöscht : user_pref("extensions.asktb.crumb", "2012.07.01+16.05.46-toolbar020iad-DE-TnVyZW1iZXJnLEdlcm1hbnk%3D[...]
Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Gelöscht : user_pref("extensions.asktb.displaybehavior", "");
Gelöscht : user_pref("extensions.asktb.displaytext", "");
Gelöscht : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Gelöscht : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Gelöscht : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMBY0250");
Gelöscht : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Gelöscht : user_pref("extensions.asktb.fresh-install", false);
Gelöscht : user_pref("extensions.asktb.guid", "73932ac6-ad86-423a-9efd-96009be1a7c8");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelöscht : user_pref("extensions.asktb.if", "first");
Gelöscht : user_pref("extensions.asktb.l", "dis");
Gelöscht : user_pref("extensions.asktb.last-config-req", "1341185133351");
Gelöscht : user_pref("extensions.asktb.locale", "de_DE");
Gelöscht : user_pref("extensions.asktb.location", "Nuremberg,Germany");
Gelöscht : user_pref("extensions.asktb.lstation", "");
Gelöscht : user_pref("extensions.asktb.news-native-on", true);
Gelöscht : user_pref("extensions.asktb.o", "102869");
Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gelöscht : user_pref("extensions.asktb.pstate", "");
Gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Gelöscht : user_pref("extensions.asktb.r", "2");
Gelöscht : user_pref("extensions.asktb.sa", "NO");
Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Gelöscht : user_pref("extensions.asktb.socialmini-first", true);
Gelöscht : user_pref("extensions.asktb.socialmini-interval", "1200000");
Gelöscht : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Gelöscht : user_pref("extensions.asktb.socialmini-max-items", "30");
Gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);
Gelöscht : user_pref("extensions.asktb.socialmini-speed", "10000");
Gelöscht : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Gelöscht : user_pref("extensions.asktb.themeid", "");
Gelöscht : user_pref("extensions.asktb.timeinstalled", "02.07.2012 01:06:13");
Gelöscht : user_pref("extensions.asktb.to", "");
Gelöscht : user_pref("extensions.asktb.v", "3.15.4.100013");
Gelöscht : user_pref("extensions.asktb.version", "5.15.4.23821");
Gelöscht : user_pref("extensions.asktb.volume", "");
Gelöscht : user_pref("keyword.URL", "hxxp://search.babylon.com/?AF=109980&babsrc=adbartrp&mntrId=1c81958b000000[...]

*************************

AdwCleaner[S1].txt - [19727 octets] - [31/03/2013 22:42:43]

########## EOF - C:\AdwCleaner[S1].txt - [19788 octets] ##########
         


JRT:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.8 (03.31.2013:1)
OS: Windows 7 Home Premium x64
Ran by al„x on 31.03.2013 at 22:51:28,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\al„x\appdata\local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}



~~~ FireFox

Successfully deleted: [Folder] C:\Users\al„x\AppData\Roaming\mozilla\firefox\profiles\p766a8oh.default\extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Emptied folder: C:\Users\al„x\AppData\Roaming\mozilla\firefox\profiles\p766a8oh.default\minidumps [18 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.03.2013 at 23:01:15,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


aswMBR: (habe aus Versehen das erste mal zu früh abgespeichert)

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-31 23:07:57
-----------------------------
23:07:57.848    OS Version: Windows x64 6.1.7601 Service Pack 1
23:07:57.848    Number of processors: 2 586 0x602
23:07:57.848    ComputerName: ALÄX-PC  UserName: aläx
23:07:58.877    Initialize success
23:09:32.546    AVAST engine defs: 13033100
23:09:59.316    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:09:59.316    Disk 0 Vendor: Hitachi_HTS725032A9A364 PC3OC70E Size: 305245MB BusType: 11
23:09:59.425    Disk 0 MBR read successfully
23:09:59.425    Disk 0 MBR scan
23:09:59.441    Disk 0 unknown MBR code
23:09:59.456    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
23:09:59.472    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       291394 MB offset 409600
23:09:59.503    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        13547 MB offset 597184512
23:09:59.534    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 624928768
23:09:59.581    Disk 0 scanning C:\Windows\system32\drivers
23:10:16.741    Service scanning
23:10:42.981    Modules scanning
23:10:42.996    Disk 0 trace - called modules:
23:10:43.027    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
23:10:43.027    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800432a060]
23:10:43.043    3 CLASSPNP.SYS[fffff880010f043f] -> nt!IofCallDriver -> [0xfffffa80043242c0]
23:10:43.043    5 hpdskflt.sys[fffff880023bf289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80042a8680]
23:10:43.979    AVAST engine scan C:\Windows
23:10:48.269    AVAST engine scan C:\Windows\system32
23:15:00.069    AVAST engine scan C:\Windows\system32\drivers
23:15:17.822    AVAST engine scan C:\Users\aläx
23:15:21.909    File: C:\Users\aläx\AppData\Local\bardydeab.exe  **INFECTED** Win32:Susn-AK [Trj]
23:16:32.983    Disk 0 MBR has been saved successfully to "C:\Users\aläx\Desktop\MBR.dat"
23:16:32.998    The log file has been saved successfully to "C:\Users\aläx\Desktop\aswMBR.txt"
 aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-31 23:07:57
-----------------------------
23:07:57.848    OS Version: Windows x64 6.1.7601 Service Pack 1
23:07:57.848    Number of processors: 2 586 0x602
23:07:57.848    ComputerName: ALÄX-PC  UserName: aläx
23:07:58.877    Initialize success
23:09:32.546    AVAST engine defs: 13033100
23:09:59.316    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:09:59.316    Disk 0 Vendor: Hitachi_HTS725032A9A364 PC3OC70E Size: 305245MB BusType: 11
23:09:59.425    Disk 0 MBR read successfully
23:09:59.425    Disk 0 MBR scan
23:09:59.441    Disk 0 unknown MBR code
23:09:59.456    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
23:09:59.472    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       291394 MB offset 409600
23:09:59.503    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        13547 MB offset 597184512
23:09:59.534    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 624928768
23:09:59.581    Disk 0 scanning C:\Windows\system32\drivers
23:10:16.741    Service scanning
23:10:42.981    Modules scanning
23:10:42.996    Disk 0 trace - called modules:
23:10:43.027    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
23:10:43.027    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800432a060]
23:10:43.043    3 CLASSPNP.SYS[fffff880010f043f] -> nt!IofCallDriver -> [0xfffffa80043242c0]
23:10:43.043    5 hpdskflt.sys[fffff880023bf289] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80042a8680]
23:10:43.979    AVAST engine scan C:\Windows
23:10:48.269    AVAST engine scan C:\Windows\system32
23:15:00.069    AVAST engine scan C:\Windows\system32\drivers
23:15:17.822    AVAST engine scan C:\Users\aläx
23:15:21.909    File: C:\Users\aläx\AppData\Local\bardydeab.exe  **INFECTED** Win32:Susn-AK [Trj]
23:16:32.983    Disk 0 MBR has been saved successfully to "C:\Users\aläx\Desktop\MBR.dat"
23:16:32.998    The log file has been saved successfully to "C:\Users\aläx\Desktop\aswMBR.txt"
23:24:37.363    AVAST engine scan C:\ProgramData
23:26:07.125    Scan finished successfully
23:26:31.649    Disk 0 MBR has been saved successfully to "C:\Users\aläx\Desktop\MBR.dat"
23:26:31.664    The log file has been saved successfully to "C:\Users\aläx\Desktop\aswMBR.txt"
         


TDSSKiller:

Code:
ATTFilter
23:30:26.0244 3836  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:30:26.0400 3836  ============================================================
23:30:26.0400 3836  Current date / time: 2013/03/31 23:30:26.0400
23:30:26.0400 3836  SystemInfo:
23:30:26.0400 3836  
23:30:26.0400 3836  OS Version: 6.1.7601 ServicePack: 1.0
23:30:26.0400 3836  Product type: Workstation
23:30:26.0400 3836  ComputerName: ALÄX-PC
23:30:26.0400 3836  UserName: aläx
23:30:26.0400 3836  Windows directory: C:\Windows
23:30:26.0400 3836  System windows directory: C:\Windows
23:30:26.0400 3836  Running under WOW64
23:30:26.0400 3836  Processor architecture: Intel x64
23:30:26.0400 3836  Number of processors: 2
23:30:26.0400 3836  Page size: 0x1000
23:30:26.0400 3836  Boot type: Normal boot
23:30:26.0400 3836  ============================================================
23:30:27.0398 3836  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:30:27.0414 3836  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:30:27.0898 3836  ============================================================
23:30:27.0898 3836  \Device\Harddisk0\DR0:
23:30:27.0898 3836  MBR partitions:
23:30:27.0898 3836  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:30:27.0898 3836  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23921000
23:30:27.0898 3836  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23985000, BlocksNum 0x1A75800
23:30:27.0898 3836  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
23:30:27.0898 3836  \Device\Harddisk1\DR1:
23:30:27.0898 3836  MBR partitions:
23:30:27.0898 3836  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74706D71
23:30:27.0898 3836  ============================================================
23:30:27.0929 3836  C: <-> \Device\Harddisk0\DR0\Partition2
23:30:27.0976 3836  D: <-> \Device\Harddisk0\DR0\Partition3
23:30:28.0038 3836  F: <-> \Device\Harddisk1\DR1\Partition1
23:30:28.0038 3836  ============================================================
23:30:28.0038 3836  Initialize success
23:30:28.0038 3836  ============================================================
23:30:37.0164 2656  ============================================================
23:30:37.0164 2656  Scan started
23:30:37.0164 2656  Mode: Manual; SigCheck; TDLFS; 
23:30:37.0164 2656  ============================================================
23:30:38.0209 2656  ================ Scan system memory ========================
23:30:38.0209 2656  System memory - ok
23:30:38.0209 2656  ================ Scan services =============================
23:30:38.0365 2656  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:30:38.0459 2656  1394ohci - ok
23:30:38.0490 2656  [ 4DF5E6215A102A192B2B6DBB61F2FBA5 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
23:30:38.0506 2656  Accelerometer - ok
23:30:38.0521 2656  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:30:38.0537 2656  ACPI - ok
23:30:38.0552 2656  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:30:38.0615 2656  AcpiPmi - ok
23:30:38.0708 2656  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:30:38.0740 2656  AdobeARMservice - ok
23:30:38.0771 2656  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:30:38.0802 2656  adp94xx - ok
23:30:38.0833 2656  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:30:38.0864 2656  adpahci - ok
23:30:38.0880 2656  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:30:38.0896 2656  adpu320 - ok
23:30:38.0911 2656  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:30:38.0989 2656  AeLookupSvc - ok
23:30:39.0098 2656  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
23:30:39.0161 2656  AESTFilters - ok
23:30:39.0208 2656  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
23:30:39.0286 2656  AFD - ok
23:30:39.0348 2656  [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
23:30:39.0442 2656  AgereSoftModem - ok
23:30:39.0473 2656  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:30:39.0504 2656  agp440 - ok
23:30:39.0520 2656  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
23:30:39.0582 2656  ALG - ok
23:30:39.0613 2656  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:30:39.0613 2656  aliide - ok
23:30:39.0676 2656  [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:30:39.0754 2656  AMD External Events Utility - ok
23:30:39.0785 2656  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
23:30:39.0800 2656  amdide - ok
23:30:39.0832 2656  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:30:39.0894 2656  AmdK8 - ok
23:30:39.0910 2656  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:30:39.0956 2656  AmdPPM - ok
23:30:39.0988 2656  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:30:40.0003 2656  amdsata - ok
23:30:40.0019 2656  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:30:40.0034 2656  amdsbs - ok
23:30:40.0050 2656  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:30:40.0066 2656  amdxata - ok
23:30:40.0128 2656  [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:30:40.0144 2656  AntiVirSchedulerService - ok
23:30:40.0175 2656  [ 72D90E56563165984224493069C69ED4 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:30:40.0190 2656  AntiVirService - ok
23:30:40.0237 2656  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
23:30:40.0378 2656  AppID - ok
23:30:40.0409 2656  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:30:40.0487 2656  AppIDSvc - ok
23:30:40.0534 2656  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
23:30:40.0627 2656  Appinfo - ok
23:30:40.0799 2656  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:30:40.0861 2656  arc - ok
23:30:40.0861 2656  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:30:40.0877 2656  arcsas - ok
23:30:40.0908 2656  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:30:40.0970 2656  AsyncMac - ok
23:30:41.0002 2656  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
23:30:41.0017 2656  atapi - ok
23:30:41.0080 2656  [ 38562A6A9CB10844759EAF2B01A7FCD3 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
23:30:41.0173 2656  athr - ok
23:30:41.0204 2656  [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
23:30:41.0236 2656  AtiHdmiService - ok
23:30:41.0360 2656  [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:30:41.0485 2656  atikmdag - ok
23:30:41.0516 2656  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
23:30:41.0516 2656  AtiPcie - ok
23:30:41.0563 2656  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:30:41.0688 2656  AudioEndpointBuilder - ok
23:30:41.0704 2656  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:30:41.0735 2656  AudioSrv - ok
23:30:41.0782 2656  [ B1224E6B086CD6548315B04AB575A23E ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:30:41.0797 2656  avgntflt - ok
23:30:41.0844 2656  [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:30:41.0860 2656  avipbb - ok
23:30:41.0906 2656  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:30:42.0016 2656  AxInstSV - ok
23:30:42.0062 2656  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
23:30:42.0140 2656  b06bdrv - ok
23:30:42.0172 2656  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:30:42.0203 2656  b57nd60a - ok
23:30:42.0234 2656  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:30:42.0281 2656  BDESVC - ok
23:30:42.0296 2656  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:30:42.0359 2656  Beep - ok
23:30:42.0437 2656  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
23:30:42.0499 2656  BFE - ok
23:30:42.0593 2656  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
23:30:42.0702 2656  BITS - ok
23:30:42.0733 2656  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:30:42.0764 2656  blbdrive - ok
23:30:42.0811 2656  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:30:42.0858 2656  bowser - ok
23:30:42.0889 2656  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:30:42.0983 2656  BrFiltLo - ok
23:30:42.0998 2656  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:30:43.0030 2656  BrFiltUp - ok
23:30:43.0061 2656  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
23:30:43.0123 2656  BridgeMP - ok
23:30:43.0186 2656  [ 8EF0D5C41EC907751B8429162B1239ED ] Browser         C:\Windows\System32\browser.dll
23:30:43.0248 2656  Browser - ok
23:30:43.0264 2656  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:30:43.0310 2656  Brserid - ok
23:30:43.0326 2656  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:30:43.0373 2656  BrSerWdm - ok
23:30:43.0388 2656  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:30:43.0435 2656  BrUsbMdm - ok
23:30:43.0451 2656  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:30:43.0482 2656  BrUsbSer - ok
23:30:43.0513 2656  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:30:43.0560 2656  BTHMODEM - ok
23:30:43.0607 2656  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
23:30:43.0638 2656  bthserv - ok
23:30:43.0685 2656  catchme - ok
23:30:43.0716 2656  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:30:43.0763 2656  cdfs - ok
23:30:43.0810 2656  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
23:30:43.0841 2656  cdrom - ok
23:30:43.0888 2656  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
23:30:43.0981 2656  CertPropSvc - ok
23:30:44.0028 2656  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:30:44.0075 2656  circlass - ok
23:30:44.0106 2656  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
23:30:44.0153 2656  CLFS - ok
23:30:44.0215 2656  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:30:44.0246 2656  clr_optimization_v2.0.50727_32 - ok
23:30:44.0262 2656  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:30:44.0278 2656  clr_optimization_v2.0.50727_64 - ok
23:30:44.0356 2656  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:30:44.0387 2656  clr_optimization_v4.0.30319_32 - ok
23:30:44.0418 2656  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:30:44.0434 2656  clr_optimization_v4.0.30319_64 - ok
23:30:44.0465 2656  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:30:44.0496 2656  CmBatt - ok
23:30:44.0527 2656  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:30:44.0543 2656  cmdide - ok
23:30:44.0590 2656  [ 2BE0B819E0E1551136F4967660DF89B4 ] cmnsusbser      C:\Windows\system32\DRIVERS\cmnsusbser.sys
23:30:44.0652 2656  cmnsusbser - ok
23:30:44.0683 2656  [ C4943B6C962E4B82197542447AD599F4 ] CNG             C:\Windows\system32\Drivers\cng.sys
23:30:44.0746 2656  CNG - ok
23:30:44.0824 2656  [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx       C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
23:30:44.0855 2656  Com4QLBEx - ok
23:30:44.0855 2656  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:30:44.0870 2656  Compbatt - ok
23:30:44.0917 2656  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:30:44.0964 2656  CompositeBus - ok
23:30:44.0995 2656  COMSysApp - ok
23:30:45.0026 2656  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:30:45.0058 2656  crcdisk - ok
23:30:45.0089 2656  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:30:45.0167 2656  CryptSvc - ok
23:30:45.0214 2656  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:30:45.0307 2656  DcomLaunch - ok
23:30:45.0354 2656  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
23:30:45.0448 2656  defragsvc - ok
23:30:45.0479 2656  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:30:45.0526 2656  DfsC - ok
23:30:45.0572 2656  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:30:45.0619 2656  Dhcp - ok
23:30:45.0650 2656  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
23:30:45.0713 2656  discache - ok
23:30:45.0760 2656  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:30:45.0760 2656  Disk - ok
23:30:45.0791 2656  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:30:45.0853 2656  Dnscache - ok
23:30:45.0884 2656  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:30:45.0947 2656  dot3svc - ok
23:30:45.0962 2656  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
23:30:46.0025 2656  DPS - ok
23:30:46.0072 2656  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:30:46.0087 2656  drmkaud - ok
23:30:46.0118 2656  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:30:46.0150 2656  DXGKrnl - ok
23:30:46.0181 2656  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
23:30:46.0243 2656  EapHost - ok
23:30:46.0352 2656  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
23:30:46.0446 2656  ebdrv - ok
23:30:46.0477 2656  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
23:30:46.0540 2656  EFS - ok
23:30:46.0602 2656  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:30:46.0680 2656  ehRecvr - ok
23:30:46.0727 2656  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
23:30:46.0805 2656  ehSched - ok
23:30:46.0836 2656  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:30:46.0883 2656  elxstor - ok
23:30:46.0898 2656  [ 524C79054636D2E5751169005006460B ] enecir          C:\Windows\system32\DRIVERS\enecir.sys
23:30:46.0961 2656  enecir - ok
23:30:47.0008 2656  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:30:47.0054 2656  ErrDev - ok
23:30:47.0101 2656  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
23:30:47.0148 2656  EventSystem - ok
23:30:47.0179 2656  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
23:30:47.0242 2656  exfat - ok
23:30:47.0288 2656  ezSharedSvc - ok
23:30:47.0288 2656  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:30:47.0382 2656  fastfat - ok
23:30:47.0444 2656  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
23:30:47.0538 2656  Fax - ok
23:30:47.0554 2656  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:30:47.0585 2656  fdc - ok
23:30:47.0616 2656  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
23:30:47.0663 2656  fdPHost - ok
23:30:47.0694 2656  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:30:47.0741 2656  FDResPub - ok
23:30:47.0772 2656  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:30:47.0788 2656  FileInfo - ok
23:30:47.0803 2656  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:30:47.0897 2656  Filetrace - ok
23:30:47.0912 2656  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:30:47.0959 2656  flpydisk - ok
23:30:48.0006 2656  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:30:48.0053 2656  FltMgr - ok
23:30:48.0100 2656  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
23:30:48.0162 2656  FontCache - ok
23:30:48.0209 2656  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:30:48.0240 2656  FontCache3.0.0.0 - ok
23:30:48.0256 2656  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:30:48.0271 2656  FsDepends - ok
23:30:48.0302 2656  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:30:48.0318 2656  Fs_Rec - ok
23:30:48.0365 2656  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:30:48.0396 2656  fvevol - ok
23:30:48.0427 2656  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:30:48.0443 2656  gagp30kx - ok
23:30:48.0505 2656  [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
23:30:48.0536 2656  GameConsoleService - ok
23:30:48.0583 2656  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:30:48.0599 2656  GEARAspiWDM - ok
23:30:48.0646 2656  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
23:30:48.0724 2656  gpsvc - ok
23:30:48.0770 2656  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
23:30:48.0786 2656  hamachi - ok
23:30:48.0880 2656  Hamachi2Svc - ok
23:30:48.0911 2656  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:30:48.0973 2656  hcw85cir - ok
23:30:49.0020 2656  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:30:49.0051 2656  HdAudAddService - ok
23:30:49.0082 2656  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
23:30:49.0114 2656  HDAudBus - ok
23:30:49.0145 2656  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:30:49.0176 2656  HidBatt - ok
23:30:49.0207 2656  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:30:49.0238 2656  HidBth - ok
23:30:49.0285 2656  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:30:49.0332 2656  HidIr - ok
23:30:49.0379 2656  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
23:30:49.0426 2656  hidserv - ok
23:30:49.0472 2656  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:30:49.0504 2656  HidUsb - ok
23:30:49.0550 2656  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:30:49.0644 2656  hkmsvc - ok
23:30:49.0675 2656  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:30:49.0722 2656  HomeGroupListener - ok
23:30:49.0738 2656  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:30:49.0784 2656  HomeGroupProvider - ok
23:30:49.0831 2656  [ 0141816A095A3F5A83FFA5B4A47B8023 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
23:30:49.0847 2656  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
23:30:49.0847 2656  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
23:30:49.0878 2656  [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
23:30:49.0894 2656  hpdskflt - ok
23:30:49.0925 2656  [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
23:30:49.0987 2656  HpqKbFiltr - ok
23:30:50.0034 2656  [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
23:30:50.0065 2656  hpqwmiex - ok
23:30:50.0112 2656  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:30:50.0128 2656  HpSAMD - ok
23:30:50.0143 2656  [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv           C:\Windows\system32\Hpservice.exe
23:30:50.0159 2656  hpsrv - ok
23:30:50.0206 2656  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:30:50.0284 2656  HTTP - ok
23:30:50.0315 2656  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:30:50.0330 2656  hwpolicy - ok
23:30:50.0362 2656  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:30:50.0377 2656  i8042prt - ok
23:30:50.0393 2656  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:30:50.0424 2656  iaStorV - ok
23:30:50.0471 2656  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:30:50.0502 2656  idsvc - ok
23:30:50.0658 2656  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
23:30:50.0783 2656  igfx - ok
23:30:50.0830 2656  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:30:50.0830 2656  iirsp - ok
23:30:50.0892 2656  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
23:30:50.0954 2656  IKEEXT - ok
23:30:50.0986 2656  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
23:30:51.0001 2656  intelide - ok
23:30:51.0017 2656  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:30:51.0048 2656  intelppm - ok
23:30:51.0079 2656  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:30:51.0157 2656  IPBusEnum - ok
23:30:51.0188 2656  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:30:51.0251 2656  IpFilterDriver - ok
23:30:51.0313 2656  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:30:51.0391 2656  iphlpsvc - ok
23:30:51.0422 2656  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:30:51.0438 2656  IPMIDRV - ok
23:30:51.0469 2656  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:30:51.0532 2656  IPNAT - ok
23:30:51.0547 2656  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:30:51.0657 2656  IRENUM - ok
23:30:51.0688 2656  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:30:51.0688 2656  isapnp - ok
23:30:51.0703 2656  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:30:51.0735 2656  iScsiPrt - ok
23:30:51.0766 2656  [ F8844B00C10E386C704C610E95A9847D ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
23:30:51.0828 2656  JMCR - ok
23:30:51.0859 2656  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:30:51.0875 2656  kbdclass - ok
23:30:51.0891 2656  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:30:51.0922 2656  kbdhid - ok
23:30:51.0937 2656  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
23:30:51.0953 2656  KeyIso - ok
23:30:51.0984 2656  [ DA1E991A61CFDD755A589E206B97644B ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:30:52.0000 2656  KSecDD - ok
23:30:52.0015 2656  [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:30:52.0031 2656  KSecPkg - ok
23:30:52.0047 2656  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:30:52.0125 2656  ksthunk - ok
23:30:52.0171 2656  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:30:52.0249 2656  KtmRm - ok
23:30:52.0281 2656  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
23:30:52.0359 2656  LanmanServer - ok
23:30:52.0405 2656  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:30:52.0468 2656  LanmanWorkstation - ok
23:30:52.0546 2656  [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
23:30:52.0577 2656  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
23:30:52.0577 2656  LightScribeService - detected UnsignedFile.Multi.Generic (1)
23:30:52.0608 2656  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:30:52.0671 2656  lltdio - ok
23:30:52.0717 2656  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:30:52.0780 2656  lltdsvc - ok
23:30:52.0795 2656  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:30:52.0842 2656  lmhosts - ok
23:30:52.0873 2656  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:30:52.0889 2656  LSI_FC - ok
23:30:52.0920 2656  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:30:52.0936 2656  LSI_SAS - ok
23:30:52.0936 2656  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:30:52.0951 2656  LSI_SAS2 - ok
23:30:52.0967 2656  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:30:52.0983 2656  LSI_SCSI - ok
23:30:53.0014 2656  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
23:30:53.0092 2656  luafv - ok
23:30:53.0139 2656  [ 922CBAC7B992B9614CAB7122F4BF9406 ] ManyCam         C:\Windows\system32\DRIVERS\mcvidrv_x64.sys
23:30:53.0154 2656  ManyCam - ok
23:30:53.0185 2656  [ 34A42DD7CF525D0D2C5232916496E4B8 ] mcaudrv_simple  C:\Windows\system32\drivers\mcaudrv_x64.sys
23:30:53.0217 2656  mcaudrv_simple - ok
23:30:53.0248 2656  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:30:53.0279 2656  Mcx2Svc - ok
23:30:53.0295 2656  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:30:53.0310 2656  megasas - ok
23:30:53.0341 2656  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:30:53.0357 2656  MegaSR - ok
23:30:53.0388 2656  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
23:30:53.0451 2656  MMCSS - ok
23:30:53.0482 2656  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
23:30:53.0544 2656  Modem - ok
23:30:53.0575 2656  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:30:53.0638 2656  monitor - ok
23:30:53.0669 2656  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:30:53.0685 2656  mouclass - ok
23:30:53.0716 2656  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:30:53.0731 2656  mouhid - ok
23:30:53.0778 2656  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:30:53.0794 2656  mountmgr - ok
23:30:53.0809 2656  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:30:53.0825 2656  mpio - ok
23:30:53.0841 2656  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:30:53.0887 2656  mpsdrv - ok
23:30:53.0950 2656  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:30:54.0043 2656  MpsSvc - ok
23:30:54.0075 2656  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:30:54.0090 2656  MRxDAV - ok
23:30:54.0121 2656  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:30:54.0184 2656  mrxsmb - ok
23:30:54.0215 2656  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:30:54.0231 2656  mrxsmb10 - ok
23:30:54.0246 2656  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:30:54.0262 2656  mrxsmb20 - ok
23:30:54.0293 2656  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:30:54.0309 2656  msahci - ok
23:30:54.0324 2656  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:30:54.0340 2656  msdsm - ok
23:30:54.0355 2656  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
23:30:54.0387 2656  MSDTC - ok
23:30:54.0433 2656  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:30:54.0480 2656  Msfs - ok
23:30:54.0480 2656  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:30:54.0543 2656  mshidkmdf - ok
23:30:54.0574 2656  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:30:54.0574 2656  msisadrv - ok
23:30:54.0605 2656  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:30:54.0667 2656  MSiSCSI - ok
23:30:54.0667 2656  msiserver - ok
23:30:54.0699 2656  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:30:54.0761 2656  MSKSSRV - ok
23:30:54.0777 2656  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:30:54.0855 2656  MSPCLOCK - ok
23:30:54.0886 2656  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:30:54.0948 2656  MSPQM - ok
23:30:54.0979 2656  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:30:55.0011 2656  MsRPC - ok
23:30:55.0057 2656  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:30:55.0073 2656  mssmbios - ok
23:30:55.0089 2656  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:30:55.0151 2656  MSTEE - ok
23:30:55.0182 2656  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:30:55.0229 2656  MTConfig - ok
23:30:55.0245 2656  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:30:55.0276 2656  Mup - ok
23:30:55.0323 2656  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
23:30:55.0385 2656  napagent - ok
23:30:55.0416 2656  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:30:55.0463 2656  NativeWifiP - ok
23:30:55.0494 2656  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:30:55.0525 2656  NDIS - ok
23:30:55.0557 2656  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:30:55.0603 2656  NdisCap - ok
23:30:55.0635 2656  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:30:55.0666 2656  NdisTapi - ok
23:30:55.0713 2656  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:30:55.0791 2656  Ndisuio - ok
23:30:55.0822 2656  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:30:55.0884 2656  NdisWan - ok
23:30:55.0915 2656  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:30:55.0993 2656  NDProxy - ok
23:30:56.0040 2656  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:30:56.0118 2656  NetBIOS - ok
23:30:56.0149 2656  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:30:56.0227 2656  NetBT - ok
23:30:56.0243 2656  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
23:30:56.0259 2656  Netlogon - ok
23:30:56.0290 2656  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
23:30:56.0368 2656  Netman - ok
23:30:56.0399 2656  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
23:30:56.0461 2656  netprofm - ok
23:30:56.0493 2656  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:30:56.0508 2656  NetTcpPortSharing - ok
23:30:56.0649 2656  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
23:30:56.0758 2656  netw5v64 - ok
23:30:56.0789 2656  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:30:56.0805 2656  nfrd960 - ok
23:30:56.0851 2656  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:30:56.0929 2656  NlaSvc - ok
23:30:56.0992 2656  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:30:57.0054 2656  Npfs - ok
23:30:57.0070 2656  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
23:30:57.0132 2656  nsi - ok
23:30:57.0148 2656  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:30:57.0195 2656  nsiproxy - ok
23:30:57.0273 2656  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:30:57.0319 2656  Ntfs - ok
23:30:57.0335 2656  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
23:30:57.0397 2656  Null - ok
23:30:57.0429 2656  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:30:57.0444 2656  nvraid - ok
23:30:57.0475 2656  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:30:57.0491 2656  nvstor - ok
23:30:57.0522 2656  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:30:57.0538 2656  nv_agp - ok
23:30:57.0553 2656  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:30:57.0585 2656  ohci1394 - ok
23:30:57.0647 2656  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:30:57.0678 2656  ose - ok
23:30:57.0709 2656  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:30:57.0756 2656  p2pimsvc - ok
23:30:57.0787 2656  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:30:57.0803 2656  p2psvc - ok
23:30:57.0834 2656  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:30:57.0850 2656  Parport - ok
23:30:57.0865 2656  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:30:57.0897 2656  partmgr - ok
23:30:57.0897 2656  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:30:57.0943 2656  PcaSvc - ok
23:30:57.0990 2656  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
23:30:58.0021 2656  pci - ok
23:30:58.0037 2656  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
23:30:58.0053 2656  pciide - ok
23:30:58.0068 2656  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:30:58.0084 2656  pcmcia - ok
23:30:58.0115 2656  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:30:58.0131 2656  pcw - ok
23:30:58.0146 2656  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:30:58.0209 2656  PEAUTH - ok
23:30:58.0287 2656  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:30:58.0318 2656  PerfHost - ok
23:30:58.0380 2656  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
23:30:58.0458 2656  pla - ok
23:30:58.0521 2656  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:30:58.0567 2656  PlugPlay - ok
23:30:58.0583 2656  PnkBstrA - ok
23:30:58.0599 2656  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:30:58.0630 2656  PNRPAutoReg - ok
23:30:58.0661 2656  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:30:58.0677 2656  PNRPsvc - ok
23:30:58.0708 2656  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:30:58.0770 2656  PolicyAgent - ok
23:30:58.0817 2656  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
23:30:58.0879 2656  Power - ok
23:30:58.0926 2656  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:30:58.0973 2656  PptpMiniport - ok
23:30:59.0020 2656  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:30:59.0051 2656  Processor - ok
23:30:59.0098 2656  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:30:59.0145 2656  ProfSvc - ok
23:30:59.0160 2656  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:30:59.0191 2656  ProtectedStorage - ok
23:30:59.0238 2656  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:30:59.0269 2656  Psched - ok
23:30:59.0316 2656  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:30:59.0363 2656  ql2300 - ok
23:30:59.0363 2656  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:30:59.0379 2656  ql40xx - ok
23:30:59.0425 2656  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
23:30:59.0457 2656  QWAVE - ok
23:30:59.0488 2656  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:30:59.0503 2656  QWAVEdrv - ok
23:30:59.0581 2656  [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
23:30:59.0613 2656  RapiMgr - ok
23:30:59.0628 2656  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:30:59.0691 2656  RasAcd - ok
23:30:59.0722 2656  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:30:59.0769 2656  RasAgileVpn - ok
23:30:59.0784 2656  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
23:30:59.0847 2656  RasAuto - ok
23:30:59.0878 2656  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:30:59.0925 2656  Rasl2tp - ok
23:30:59.0987 2656  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
23:31:00.0034 2656  RasMan - ok
23:31:00.0049 2656  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:31:00.0127 2656  RasPppoe - ok
23:31:00.0159 2656  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:31:00.0221 2656  RasSstp - ok
23:31:00.0252 2656  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:31:00.0346 2656  rdbss - ok
23:31:00.0361 2656  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:31:00.0424 2656  rdpbus - ok
23:31:00.0455 2656  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:31:00.0486 2656  RDPCDD - ok
23:31:00.0517 2656  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:31:00.0564 2656  RDPENCDD - ok
23:31:00.0595 2656  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:31:00.0627 2656  RDPREFMP - ok
23:31:00.0658 2656  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:31:00.0689 2656  RDPWD - ok
23:31:00.0720 2656  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:31:00.0751 2656  rdyboost - ok
23:31:00.0767 2656  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:31:00.0829 2656  RemoteAccess - ok
23:31:00.0861 2656  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:31:00.0954 2656  RemoteRegistry - ok
23:31:01.0032 2656  [ 498EB62A160674E793FA40FD65390625 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
23:31:01.0063 2656  RichVideo - ok
23:31:01.0079 2656  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:31:01.0110 2656  RpcEptMapper - ok
23:31:01.0141 2656  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
23:31:01.0157 2656  RpcLocator - ok
23:31:01.0204 2656  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\System32\rpcss.dll
23:31:01.0266 2656  RpcSs - ok
23:31:01.0282 2656  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:31:01.0329 2656  rspndr - ok
23:31:01.0360 2656  [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
23:31:01.0375 2656  RTL8167 - ok
23:31:01.0391 2656  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
23:31:01.0407 2656  SamSs - ok
23:31:01.0422 2656  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:31:01.0453 2656  sbp2port - ok
23:31:01.0469 2656  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:31:01.0531 2656  SCardSvr - ok
23:31:01.0563 2656  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:31:01.0641 2656  scfilter - ok
23:31:01.0687 2656  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
23:31:01.0765 2656  Schedule - ok
23:31:01.0797 2656  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:31:01.0828 2656  SCPolicySvc - ok
23:31:01.0890 2656  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
23:31:01.0937 2656  sdbus - ok
23:31:01.0984 2656  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:31:02.0046 2656  SDRSVC - ok
23:31:02.0077 2656  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:31:02.0155 2656  secdrv - ok
23:31:02.0171 2656  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
23:31:02.0233 2656  seclogon - ok
23:31:02.0265 2656  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
23:31:02.0311 2656  SENS - ok
23:31:02.0327 2656  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:31:02.0343 2656  SensrSvc - ok
23:31:02.0358 2656  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:31:02.0374 2656  Serenum - ok
23:31:02.0389 2656  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:31:02.0436 2656  Serial - ok
23:31:02.0467 2656  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:31:02.0499 2656  sermouse - ok
23:31:02.0545 2656  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:31:02.0608 2656  SessionEnv - ok
23:31:02.0655 2656  [ 4FCACE92BB0345D58BB96ADBD69F5237 ] sfdrv01         C:\Windows\system32\drivers\sfdrv01.sys
23:31:02.0670 2656  sfdrv01 - ok
23:31:02.0701 2656  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:31:02.0748 2656  sffdisk - ok
23:31:02.0779 2656  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:31:02.0811 2656  sffp_mmc - ok
23:31:02.0826 2656  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:31:02.0873 2656  sffp_sd - ok
23:31:02.0904 2656  [ 17F6BD95BF04B924F4C05CE78BEF8AE6 ] sfhlp02         C:\Windows\system32\drivers\sfhlp02.sys
23:31:02.0904 2656  sfhlp02 - ok
23:31:02.0935 2656  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:31:02.0967 2656  sfloppy - ok
23:31:02.0998 2656  [ F3B72568A6FA36E5D63D30B8186D1C48 ] sfvfs02         C:\Windows\system32\drivers\sfvfs02.sys
23:31:03.0013 2656  sfvfs02 - ok
23:31:03.0076 2656  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:31:03.0185 2656  SharedAccess - ok
23:31:03.0232 2656  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:31:03.0294 2656  ShellHWDetection - ok
23:31:03.0341 2656  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:31:03.0341 2656  SiSRaid2 - ok
23:31:03.0372 2656  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:31:03.0388 2656  SiSRaid4 - ok
23:31:03.0403 2656  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:31:03.0450 2656  Smb - ok
23:31:03.0497 2656  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:31:03.0528 2656  SNMPTRAP - ok
23:31:03.0559 2656  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:31:03.0559 2656  spldr - ok
23:31:03.0591 2656  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
23:31:03.0637 2656  Spooler - ok
23:31:03.0731 2656  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
23:31:03.0840 2656  sppsvc - ok
23:31:03.0856 2656  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:31:03.0918 2656  sppuinotify - ok
23:31:03.0965 2656  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:31:03.0996 2656  srv - ok
23:31:04.0027 2656  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:31:04.0059 2656  srv2 - ok
23:31:04.0090 2656  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:31:04.0152 2656  SrvHsfHDA - ok
23:31:04.0215 2656  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:31:04.0246 2656  SrvHsfV92 - ok
23:31:04.0277 2656  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:31:04.0308 2656  SrvHsfWinac - ok
23:31:04.0324 2656  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:31:04.0371 2656  srvnet - ok
23:31:04.0402 2656  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:31:04.0449 2656  SSDPSRV - ok
23:31:04.0480 2656  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:31:04.0527 2656  SstpSvc - ok
23:31:04.0558 2656  [ D21FF3592DAEE244EE8376830A672B52 ] ss_bus          C:\Windows\system32\DRIVERS\ss_bus.sys
23:31:04.0573 2656  ss_bus - ok
23:31:04.0605 2656  [ 451DB3D10E6112E06B4506D4A7BECEC1 ] ss_mdfl         C:\Windows\system32\DRIVERS\ss_mdfl.sys
23:31:04.0620 2656  ss_mdfl - ok
23:31:04.0636 2656  [ EF40C8A268A5263A0EF48FED8E57CBED ] ss_mdm          C:\Windows\system32\DRIVERS\ss_mdm.sys
23:31:04.0651 2656  ss_mdm - ok
23:31:04.0729 2656  [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
23:31:04.0745 2656  STacSV - ok
23:31:04.0761 2656  StarOpen - ok
23:31:04.0776 2656  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:31:04.0792 2656  stexstor - ok
23:31:04.0839 2656  [ ED1722F43CE61409EF68340402D6267D ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
23:31:04.0885 2656  STHDA - ok
23:31:04.0948 2656  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
23:31:04.0979 2656  stisvc - ok
23:31:05.0026 2656  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:31:05.0073 2656  swenum - ok
23:31:05.0135 2656  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
23:31:05.0291 2656  swprv - ok
23:31:05.0338 2656  [ 929C9FA0B18AD2EBC8340591C4BF00FF ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
23:31:05.0385 2656  SynTP - ok
23:31:05.0463 2656  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
23:31:05.0525 2656  SysMain - ok
23:31:05.0572 2656  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:31:05.0587 2656  TabletInputService - ok
23:31:05.0619 2656  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:31:05.0681 2656  TapiSrv - ok
23:31:05.0712 2656  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
23:31:05.0775 2656  TBS - ok
23:31:05.0868 2656  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:31:05.0931 2656  Tcpip - ok
23:31:05.0962 2656  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:31:06.0009 2656  TCPIP6 - ok
23:31:06.0040 2656  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:31:06.0102 2656  tcpipreg - ok
23:31:06.0149 2656  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:31:06.0165 2656  TDPIPE - ok
23:31:06.0196 2656  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:31:06.0227 2656  TDTCP - ok
23:31:06.0258 2656  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:31:06.0336 2656  tdx - ok
23:31:06.0367 2656  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:31:06.0383 2656  TermDD - ok
23:31:06.0414 2656  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
23:31:06.0461 2656  TermService - ok
23:31:06.0508 2656  [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk       C:\Windows\System32\Drivers\TFsExDisk.sys
23:31:06.0539 2656  TFsExDisk - ok
23:31:06.0570 2656  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
23:31:06.0633 2656  Themes - ok
23:31:06.0664 2656  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
23:31:06.0695 2656  THREADORDER - ok
23:31:06.0711 2656  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
23:31:06.0757 2656  TrkWks - ok
23:31:06.0804 2656  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:31:06.0898 2656  TrustedInstaller - ok
23:31:06.0945 2656  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:31:06.0976 2656  tssecsrv - ok
23:31:07.0023 2656  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:31:07.0085 2656  TsUsbFlt - ok
23:31:07.0132 2656  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:31:07.0179 2656  tunnel - ok
23:31:07.0210 2656  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:31:07.0225 2656  uagp35 - ok
23:31:07.0257 2656  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:31:07.0319 2656  udfs - ok
23:31:07.0350 2656  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:31:07.0381 2656  UI0Detect - ok
23:31:07.0428 2656  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:31:07.0444 2656  uliagpkx - ok
23:31:07.0475 2656  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
23:31:07.0506 2656  umbus - ok
23:31:07.0553 2656  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:31:07.0584 2656  UmPass - ok
23:31:07.0615 2656  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
23:31:07.0678 2656  upnphost - ok
23:31:07.0740 2656  [ 5CF1EAD086176DD3348E920A40BED03D ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
23:31:07.0771 2656  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
23:31:07.0771 2656  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
23:31:07.0818 2656  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
23:31:07.0865 2656  usbaudio - ok
23:31:07.0912 2656  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:31:07.0959 2656  usbccgp - ok
23:31:07.0974 2656  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:31:07.0990 2656  usbcir - ok
23:31:08.0005 2656  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:31:08.0052 2656  usbehci - ok
23:31:08.0083 2656  [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
23:31:08.0099 2656  usbfilter - ok
23:31:08.0130 2656  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:31:08.0161 2656  usbhub - ok
23:31:08.0177 2656  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
23:31:08.0224 2656  usbohci - ok
23:31:08.0255 2656  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:31:08.0286 2656  usbprint - ok
23:31:08.0333 2656  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:31:08.0411 2656  USBSTOR - ok
23:31:08.0427 2656  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:31:08.0458 2656  usbuhci - ok
23:31:08.0489 2656  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
23:31:08.0505 2656  usbvideo - ok
23:31:08.0536 2656  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
23:31:08.0583 2656  UxSms - ok
23:31:08.0598 2656  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
23:31:08.0614 2656  VaultSvc - ok
23:31:08.0629 2656  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:31:08.0645 2656  vdrvroot - ok
23:31:08.0692 2656  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
23:31:08.0754 2656  vds - ok
23:31:08.0785 2656  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:31:08.0801 2656  vga - ok
23:31:08.0817 2656  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:31:08.0863 2656  VgaSave - ok
23:31:08.0910 2656  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:31:08.0941 2656  vhdmp - ok
23:31:08.0973 2656  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:31:08.0988 2656  viaide - ok
23:31:08.0988 2656  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:31:09.0004 2656  volmgr - ok
23:31:09.0051 2656  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:31:09.0082 2656  volmgrx - ok
23:31:09.0097 2656  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:31:09.0113 2656  volsnap - ok
23:31:09.0144 2656  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:31:09.0160 2656  vsmraid - ok
23:31:09.0222 2656  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
23:31:09.0316 2656  VSS - ok
23:31:09.0347 2656  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:31:09.0378 2656  vwifibus - ok
23:31:09.0409 2656  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:31:09.0441 2656  vwififlt - ok
23:31:09.0472 2656  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
23:31:09.0519 2656  W32Time - ok
23:31:09.0550 2656  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:31:09.0581 2656  WacomPen - ok
23:31:09.0628 2656  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:31:09.0721 2656  WANARP - ok
23:31:09.0721 2656  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:31:09.0753 2656  Wanarpv6 - ok
23:31:09.0815 2656  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
23:31:09.0862 2656  wbengine - ok
23:31:09.0893 2656  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:31:09.0909 2656  WbioSrvc - ok
23:31:09.0955 2656  [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
23:31:09.0987 2656  WcesComm - ok
23:31:10.0033 2656  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:31:10.0080 2656  wcncsvc - ok
23:31:10.0096 2656  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:31:10.0111 2656  WcsPlugInService - ok
23:31:10.0127 2656  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:31:10.0143 2656  Wd - ok
23:31:10.0174 2656  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:31:10.0205 2656  Wdf01000 - ok
23:31:10.0221 2656  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:31:10.0377 2656  WdiServiceHost - ok
23:31:10.0377 2656  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:31:10.0392 2656  WdiSystemHost - ok
23:31:10.0423 2656  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
23:31:10.0501 2656  WebClient - ok
23:31:10.0533 2656  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:31:10.0595 2656  Wecsvc - ok
23:31:10.0611 2656  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:31:10.0673 2656  wercplsupport - ok
23:31:10.0689 2656  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:31:10.0751 2656  WerSvc - ok
23:31:10.0767 2656  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:31:10.0798 2656  WfpLwf - ok
23:31:10.0829 2656  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:31:10.0845 2656  WIMMount - ok
23:31:10.0876 2656  WinDefend - ok
23:31:10.0891 2656  WinHttpAutoProxySvc - ok
23:31:10.0938 2656  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:31:10.0985 2656  Winmgmt - ok
23:31:11.0047 2656  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
23:31:11.0125 2656  WinRM - ok
23:31:11.0172 2656  [ FE88B288356E7B47B74B13372ADD906D ] WINUSB          C:\Windows\system32\drivers\WinUSB.SYS
23:31:11.0235 2656  WINUSB - ok
23:31:11.0297 2656  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:31:11.0359 2656  Wlansvc - ok
23:31:11.0515 2656  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:31:11.0562 2656  wlidsvc - ok
23:31:11.0609 2656  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:31:11.0640 2656  WmiAcpi - ok
23:31:11.0671 2656  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:31:11.0718 2656  wmiApSrv - ok
23:31:11.0734 2656  WMPNetworkSvc - ok
23:31:11.0765 2656  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:31:11.0781 2656  WPCSvc - ok
23:31:11.0812 2656  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:31:11.0827 2656  WPDBusEnum - ok
23:31:11.0843 2656  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:31:11.0905 2656  ws2ifsl - ok
23:31:11.0952 2656  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
23:31:11.0999 2656  wscsvc - ok
23:31:11.0999 2656  WSearch - ok
23:31:12.0061 2656  [ 624809FE31F0EBBA33FD4C98E016DD83 ] WTGService      C:\Program Files\WTGService.exe
23:31:12.0093 2656  WTGService - ok
23:31:12.0155 2656  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:31:12.0217 2656  wuauserv - ok
23:31:12.0233 2656  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:31:12.0311 2656  WudfPf - ok
23:31:12.0342 2656  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:31:12.0405 2656  WUDFRd - ok
23:31:12.0436 2656  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:31:12.0483 2656  wudfsvc - ok
23:31:12.0514 2656  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:31:12.0545 2656  WwanSvc - ok
23:31:12.0592 2656  [ 72C17898CFA71513E50BD40CDD18A943 ] XS Stick Service C:\Windows\service4g.exe
23:31:12.0623 2656  XS Stick Service - ok
23:31:12.0639 2656  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
23:31:12.0685 2656  yukonw7 - ok
23:31:12.0717 2656  ================ Scan global ===============================
23:31:12.0732 2656  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:31:12.0763 2656  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:31:12.0779 2656  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:31:12.0810 2656  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:31:12.0841 2656  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:31:12.0857 2656  [Global] - ok
23:31:12.0857 2656  ================ Scan MBR ==================================
23:31:12.0857 2656  [ 80063A27F44478B1A9B3E74C2F4343C7 ] \Device\Harddisk0\DR0
23:31:13.0091 2656  \Device\Harddisk0\DR0 - ok
23:31:13.0434 2656  [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR1
23:31:13.0840 2656  \Device\Harddisk1\DR1 - ok
23:31:13.0840 2656  ================ Scan VBR ==================================
23:31:13.0840 2656  [ D9E5DACA560537DF001C77AEA84298E6 ] \Device\Harddisk0\DR0\Partition1
23:31:13.0840 2656  \Device\Harddisk0\DR0\Partition1 - ok
23:31:13.0871 2656  [ 746A4F7787ADF6BDE2496981A7E4DCF4 ] \Device\Harddisk0\DR0\Partition2
23:31:13.0871 2656  \Device\Harddisk0\DR0\Partition2 - ok
23:31:13.0902 2656  [ ED07FB09BA8B311A8233B7A9FAA24E0C ] \Device\Harddisk0\DR0\Partition3
23:31:13.0902 2656  \Device\Harddisk0\DR0\Partition3 - ok
23:31:13.0933 2656  [ 221106910C50085A0CB88D9EF284D698 ] \Device\Harddisk0\DR0\Partition4
23:31:13.0933 2656  \Device\Harddisk0\DR0\Partition4 - ok
23:31:13.0933 2656  [ E3A087E5193B57A9E892440079078E0F ] \Device\Harddisk1\DR1\Partition1
23:31:13.0949 2656  \Device\Harddisk1\DR1\Partition1 - ok
23:31:13.0949 2656  ============================================================
23:31:13.0949 2656  Scan finished
23:31:13.0949 2656  ============================================================
23:31:13.0965 5048  Detected object count: 3
23:31:13.0965 5048  Actual detected object count: 3
23:31:38.0425 5048  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:31:38.0425 5048  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:31:38.0425 5048  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
23:31:38.0425 5048  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:31:38.0425 5048  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
23:31:38.0425 5048  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:33:16.0346 4884  Deinitialize success
         

Alt 01.04.2013, 12:09   #11
DerJazzer
/// Malwareteam
 
Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) - Standard

Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)



Sieht doch schonmal etwas besser aus.

Schritt 1
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /360
C:\Windows\SysNative\*.dll /360
C:\Windows\SysWOW64\*.dll /360
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extras.txt hier in Deinen Thread
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 01.04.2013, 15:08   #12
DerJazzer
/// Malwareteam
 
Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) - Standard

Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)



Bitte nimm mal das Skript, hatte da was vergessen:

Schritt 1
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /360
C:\Windows\SysNative\*.dll /360
C:\Windows\SysWOW64\*.dll /360
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extras.txt hier in Deinen Thread
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Alt 01.04.2013, 22:00   #13
Penntuete
 
Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) - Standard

Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)



Extras.txt hat er mir wie schon am Anfang keine ausgespuckt.

Hier die OTL.txt: (ist zu groß, darum post ich das jetzt auf 2 mal. Wenn ich es stattdessen einfach als Anhang senden soll, gib mir bitte Bescheid)

Code:
ATTFilter
OTL logfile created on: 01.04.2013 21:29:40 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\aläx\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 68,10% Memory free
7,99 Gb Paging File | 6,43 Gb Available in Paging File | 80,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,56 Gb Total Space | 219,17 Gb Free Space | 77,02% Space Free | Partition Type: NTFS
Drive D: | 13,23 Gb Total Space | 2,21 Gb Free Space | 16,67% Space Free | Partition Type: NTFS
Drive E: | 7,43 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 931,51 Gb Total Space | 564,59 Gb Free Space | 60,61% Space Free | Partition Type: NTFS
 
Computer Name: ALÄX-PC | User Name: aläx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- C:\Programme\WTGService.exe
PRC - [2013.03.24 16:23:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aläx\Desktop\OTL.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- F:\Spiele\hamachi\hamachi-2-ui.exe
PRC - [2011.07.04 16:17:14 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 19:30:19 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.09.02 23:25:33 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.08.02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.08 19:05:12 | 000,160,992 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe
PRC - [2010.07.08 19:05:08 | 000,145,120 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe
PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009.07.24 19:24:02 | 000,427,304 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
PRC - [2009.07.23 21:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009.07.23 12:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008.03.13 04:59:05 | 000,684,032 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.07.23 12:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008.03.13 04:59:05 | 000,684,032 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.22 03:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.07.08 14:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009.07.02 20:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.03.02 23:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - File not found [Auto | Running] -- C:\Programme\WTGService.exe -- (WTGService)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- F:\Spiele\hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.07.04 16:17:14 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 19:30:19 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.02 23:25:33 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.07.08 19:05:08 | 000,145,120 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.22 03:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe -- (STacSV)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.22 20:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.03.02 23:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2009.02.22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.22 12:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012.01.11 08:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011.10.19 17:04:54 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV:64bit: - [2011.07.04 16:17:15 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.04 16:17:15 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.04.27 04:25:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2010.04.27 04:25:14 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus)
DRV:64bit: - [2010.04.27 04:25:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV:64bit: - [2009.10.16 02:33:06 | 000,050,176 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009.09.22 03:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.22 03:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.07.21 05:39:22 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.07.15 01:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.08 14:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009.07.08 14:48:22 | 000,033,848 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009.07.02 20:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.06.29 20:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 12:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.05.23 08:52:30 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.05 07:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.04.29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.03.09 07:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01)
DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02)
DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE:64bit: - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{1366F70F-D4B1-41A2-9C50-344E76EADE50}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{2C7072CC-3B6A-4D18-856D-F60EF665414F}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\..\SearchScopes\{3CA7DAB2-1C99-4C76-88C3-55972FB79B59}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{47522523-F1B8-4B63-9EC9-15807E0E8449}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{5585AEC1-CE42-4BAE-A3BC-9DF54F6B9FD3}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{8973871B-05D6-44D3-BA13-14C8C276662C}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{B1A44835-B2AC-49D9-8D8F-7629C6832589}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.kicker.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: gencrawler@some.com:2.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.19 03:59:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.19 03:59:29 | 000,000,000 | ---D | M]
 
[2010.02.05 22:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aläx\AppData\Roaming\mozilla\Extensions
[2013.03.31 22:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\a4aqqrd9.default\extensions
[2010.08.05 23:09:43 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\a4aqqrd9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013.03.31 23:00:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\p766a8oh.default\extensions
[2013.03.19 04:08:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\aläx\AppData\Roaming\mozilla\Firefox\Profiles\p766a8oh.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.03.19 04:04:16 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\aläx\AppData\Roaming\mozilla\firefox\profiles\p766a8oh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.06.17 14:02:15 | 000,001,218 | ---- | M] () -- C:\Users\aläx\AppData\Roaming\mozilla\firefox\profiles\p766a8oh.default\searchplugins\kikin-search.xml
[2013.03.31 22:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.07 16:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.31 21:55:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82E069DA-CFB1-49BC-AD6F-AE91BAE0ED11}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig:64bit - StartUpFolder: C:^Users^aläx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk - C:\Windows\SysNative\rundll32.exe - (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^aläx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk -  - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - F:\Spiele\hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: Media Finder - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: vasja - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - StartUpReg: xlgkeoxjlmnqkpj - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.01 01:44:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.04.01 01:34:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.04.01 01:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.04.01 01:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.31 23:55:52 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.03.31 23:28:08 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\aläx\Desktop\tdsskiller.exe
[2013.03.31 23:06:04 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\aläx\Desktop\aswMBR.exe
[2013.03.31 22:51:26 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.31 22:51:13 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.31 22:50:43 | 000,550,772 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\aläx\Desktop\JRT.exe
[2013.03.31 22:01:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.31 21:55:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.31 21:41:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.31 21:41:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.31 21:41:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.31 21:40:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.31 21:39:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.31 21:36:03 | 005,045,447 | R--- | C] (Swearware) -- C:\Users\aläx\Desktop\ComboFix.exe
[2013.03.24 16:23:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\aläx\Desktop\OTL.exe
[2013.03.19 21:32:36 | 000,000,000 | ---D | C] -- C:\Users\aläx\AppData\Local\Macromedia
[2013.03.19 03:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.15 20:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.04 06:49:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.10.19 17:04:55 | 001,015,859 | ---- | C] (Microsoft Corporation) -- C:\Program Files\mfc42.dll
[2011.10.19 17:04:55 | 000,478,888 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\XSManager_SMSMMS.exe
[2011.10.19 17:04:55 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp60.dll
[2011.10.19 17:04:55 | 000,396,968 | ---- | C] (TODO: <Company name>) -- C:\Program Files\WTGToasterWin.dll
[2011.10.19 17:04:55 | 000,331,432 | ---- | C] (XSManager GmbH) -- C:\Program Files\4GSystems_SMSMMSIta.dll
[2011.10.19 17:04:55 | 000,331,432 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_SMSMMSSpa.dll
[2011.10.19 17:04:55 | 000,331,432 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_SMSMMSFre.dll
[2011.10.19 17:04:55 | 000,331,432 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_SMSMMSEng.dll
[2011.10.19 17:04:55 | 000,286,773 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcrt.dll
[2011.10.19 17:04:55 | 000,057,344 | ---- | C] (WinAbility® Software Corporation) -- C:\Program Files\VistaLib32.dll
[2011.10.19 17:04:54 | 001,470,120 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\XSManager.exe
[2011.10.19 17:04:54 | 000,839,336 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_OneClickAssistantSpa.dll
[2011.10.19 17:04:54 | 000,839,336 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_OneClickAssistantFre.dll
[2011.10.19 17:04:54 | 000,839,336 | ---- | C] (WebToGo Mobiles Internet GmbH) -- C:\Program Files\4GSystems_OneClickAssistantEng.dll
[2011.10.19 17:04:54 | 000,835,240 | ---- | C] (XSManager) -- C:\Program Files\4GSystems_OneClickAssistantIta.dll
[2011.07.31 22:24:01 | 000,334,640 | ---- | C] (PokerStars) -- C:\Program Files (x86)\Tracer.exe
[2011.07.31 22:23:53 | 008,963,608 | ---- | C] (PokerStars) -- C:\Program Files (x86)\PokerStars.exe
[2011.07.31 22:23:53 | 000,816,472 | ---- | C] (PokerStars.com) -- C:\Program Files (x86)\PokerStarsCommunicate.exe
[2011.07.31 22:23:53 | 000,656,728 | ---- | C] ( PokerStars) -- C:\Program Files (x86)\PokerStarsOnlineUpdate.exe
[2011.07.31 22:23:53 | 000,581,208 | ---- | C] (PokerStars) -- C:\Program Files (x86)\PokerStarsUpdate.exe
[2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\aläx\AppData\Local\CDRip.dll
[2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\aläx\AppData\Local\No23 Recorder.exe
[2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\aläx\AppData\Local\basscd.dll
[2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\aläx\AppData\Local\bass.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.01 21:21:42 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 21:21:42 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.01 21:21:37 | 001,498,568 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.01 21:21:37 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.01 21:21:37 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.01 21:21:37 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.01 21:21:37 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.01 21:13:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.01 21:12:52 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.01 10:47:02 | 000,382,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.01 02:00:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.01 02:00:06 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.31 23:28:11 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\aläx\Desktop\tdsskiller.exe
[2013.03.31 23:26:31 | 000,000,512 | ---- | M] () -- C:\Users\aläx\Desktop\MBR.dat
[2013.03.31 23:07:28 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\aläx\Desktop\aswMBR.exe
[2013.03.31 22:50:50 | 000,550,772 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\aläx\Desktop\JRT.exe
[2013.03.31 22:41:23 | 000,609,993 | ---- | M] () -- C:\Users\aläx\Desktop\adwcleaner.exe
[2013.03.31 21:55:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.31 21:36:04 | 005,045,447 | R--- | M] (Swearware) -- C:\Users\aläx\Desktop\ComboFix.exe
[2013.03.25 21:32:50 | 000,514,060 | ---- | M] () -- C:\Users\aläx\Desktop\Mietvertrag Studentenwohnheim Würzburg.pdf
[2013.03.24 17:38:22 | 000,377,856 | ---- | M] () -- C:\Users\aläx\Desktop\gmer_2.1.19155.exe
[2013.03.24 16:23:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aläx\Desktop\OTL.exe
[2013.03.24 16:23:32 | 000,000,000 | ---- | M] () -- C:\Users\aläx\defogger_reenable
[2013.03.24 16:22:59 | 000,050,477 | ---- | M] () -- C:\Users\aläx\Desktop\Defogger.exe
[2013.03.19 03:59:33 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.15 20:49:01 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.03.14 16:44:47 | 000,001,498 | ---- | M] () -- C:\Users\aläx\Desktop\DVD Shrink 3.2.lnk
[2013.03.04 06:49:33 | 453,885,265 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.01 02:08:27 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.04.01 02:00:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.01 02:00:06 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.01 01:36:33 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.03.31 23:16:32 | 000,000,512 | ---- | C] () -- C:\Users\aläx\Desktop\MBR.dat
[2013.03.31 22:41:13 | 000,609,993 | ---- | C] () -- C:\Users\aläx\Desktop\adwcleaner.exe
[2013.03.31 21:41:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.31 21:41:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.31 21:41:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.31 21:41:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.31 21:41:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.25 21:32:49 | 000,514,060 | ---- | C] () -- C:\Users\aläx\Desktop\Mietvertrag Studentenwohnheim Würzburg.pdf
[2013.03.24 17:38:21 | 000,377,856 | ---- | C] () -- C:\Users\aläx\Desktop\gmer_2.1.19155.exe
[2013.03.24 16:23:32 | 000,000,000 | ---- | C] () -- C:\Users\aläx\defogger_reenable
[2013.03.24 16:22:58 | 000,050,477 | ---- | C] () -- C:\Users\aläx\Desktop\Defogger.exe
[2013.03.19 03:59:33 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.03.15 20:49:01 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.03.15 20:49:01 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.03.14 16:44:47 | 000,001,498 | ---- | C] () -- C:\Users\aläx\Desktop\DVD Shrink 3.2.lnk
[2013.03.04 06:49:33 | 453,885,265 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.02.06 14:53:15 | 000,021,584 | ---- | C] () -- C:\Program Files (x86)\_update2xblack.dat
[2013.02.06 14:51:35 | 000,008,933 | ---- | C] () -- C:\Program Files (x86)\_update2nova.dat
[2013.02.06 14:51:35 | 000,000,626 | ---- | C] () -- C:\Program Files (x86)\_update2nova.red.dat
[2012.12.27 20:18:57 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.12.27 20:18:57 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.12.27 20:18:57 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.12.27 19:24:42 | 000,000,204 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.11.17 19:28:53 | 000,017,408 | ---- | C] () -- C:\Users\aläx\AppData\Local\WebpageIcons.db
[2012.10.16 23:37:15 | 000,003,420 | ---- | C] () -- C:\Users\aläx\AppData\Local\recently-used.xbel
[2012.06.23 20:07:50 | 000,000,052 | ---- | C] () -- C:\ProgramData\kecdlwzfsrwccet
[2012.06.23 03:27:05 | 000,304,128 | ---- | C] () -- C:\Users\aläx\AppData\Local\bardydeab.exe
[2011.10.19 17:04:55 | 004,129,044 | ---- | C] () -- C:\Program Files\webtogodb.wdb
[2011.10.19 17:04:55 | 001,023,656 | ---- | C] () -- C:\Program Files\Setup.exe
[2011.10.19 17:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderSpa.dll
[2011.10.19 17:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderIta.dll
[2011.10.19 17:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderGer.dll
[2011.10.19 17:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderFre.dll
[2011.10.19 17:04:55 | 000,495,272 | ---- | C] () -- C:\Program Files\4GSystems_UpgraderEng.dll
[2011.10.19 17:04:55 | 000,476,511 | ---- | C] () -- C:\Program Files\Help_eng.chm
[2011.10.19 17:04:55 | 000,427,495 | ---- | C] () -- C:\Program Files\Help_ger.chm
[2011.10.19 17:04:55 | 000,413,648 | ---- | C] () -- C:\Program Files\OSU.exe
[2011.10.19 17:04:55 | 000,386,713 | ---- | C] () -- C:\Program Files\Help_ita.chm
[2011.10.19 17:04:55 | 000,366,391 | ---- | C] () -- C:\Program Files\Help_fre.chm
[2011.10.19 17:04:55 | 000,360,127 | ---- | C] () -- C:\Program Files\Help_spa.chm
[2011.10.19 17:04:55 | 000,331,432 | ---- | C] () -- C:\Program Files\4GSystems_SMSMMSGer.dll
[2011.10.19 17:04:55 | 000,329,168 | ---- | C] () -- C:\Program Files\WTGService.exe
[2011.10.19 17:04:55 | 000,243,152 | ---- | C] () -- C:\Program Files\WTGVistaUtil.exe
[2011.10.19 17:04:55 | 000,118,436 | ---- | C] () -- C:\Program Files\WTGPhoneCaps.dat
[2011.10.19 17:04:55 | 000,094,278 | ---- | C] () -- C:\Program Files\WtgZip.dll
[2011.10.19 17:04:55 | 000,065,192 | ---- | C] () -- C:\Program Files\WTGMMSPCClient.dll
[2011.10.19 17:04:55 | 000,030,160 | ---- | C] () -- C:\Program Files\InstallWTGService.exe
[2011.10.19 17:04:55 | 000,024,584 | ---- | C] () -- C:\Program Files\WTGMMSProfiles.dat
[2011.10.19 17:04:55 | 000,024,576 | ---- | C] () -- C:\Program Files\WTGDebugs.dll
[2011.10.19 17:04:55 | 000,000,992 | ---- | C] () -- C:\Program Files\providers.xml
[2011.10.19 17:04:55 | 000,000,567 | ---- | C] () -- C:\Program Files\KD.xml
[2011.10.19 17:04:55 | 000,000,518 | ---- | C] () -- C:\Program Files\mmsc.xml
[2011.10.19 17:04:55 | 000,000,193 | ---- | C] () -- C:\Program Files\config.ini
[2011.10.19 17:04:54 | 000,962,216 | ---- | C] () -- C:\Program Files\Uninstaller.exe
[2011.10.19 17:04:54 | 000,835,240 | ---- | C] () -- C:\Program Files\4GSystems_OneClickAssistantGer.dll
[2011.10.19 17:04:54 | 000,831,144 | ---- | C] () -- C:\Program Files\UninstallerSpa.dll
[2011.10.19 17:04:54 | 000,831,144 | ---- | C] () -- C:\Program Files\UninstallerGer.dll
[2011.10.19 17:04:54 | 000,831,144 | ---- | C] () -- C:\Program Files\UninstallerFre.dll
[2011.10.19 17:04:54 | 000,745,128 | ---- | C] () -- C:\Program Files\UninstallerIta.dll
[2011.10.19 17:04:54 | 000,376,832 | ---- | C] () -- C:\Program Files\WtgCore.dll
[2011.10.19 17:04:54 | 000,204,800 | ---- | C] () -- C:\Program Files\WtgUtil.dll
[2011.10.19 17:04:54 | 000,183,976 | ---- | C] () -- C:\Program Files\WTGSMSPCClient.dll
[2011.10.19 17:04:54 | 000,143,360 | ---- | C] () -- C:\Program Files\WtgDetection.dll
[2011.10.19 17:04:54 | 000,139,264 | ---- | C] () -- C:\Program Files\WtgBluetooth.dll
[2011.10.19 17:04:54 | 000,110,592 | ---- | C] () -- C:\Program Files\WtgDatabase.dll
[2011.10.19 17:04:54 | 000,065,536 | ---- | C] () -- C:\Program Files\WtgDialup.dll
[2011.10.19 17:04:54 | 000,045,056 | ---- | C] () -- C:\Program Files\WtgDriverInstall.dll
[2011.10.19 17:04:54 | 000,024,576 | ---- | C] () -- C:\Program Files\WtgDriverInstallX.dll
[2011.10.19 17:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientSpa.dll
[2011.10.19 17:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientIta.dll
[2011.10.19 17:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientGer.dll
[2011.10.19 17:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientFre.dll
[2011.10.19 17:04:54 | 000,020,136 | ---- | C] () -- C:\Program Files\4GSystems_WTGSMSPCClientEng.dll
[2011.10.19 16:31:32 | 000,258,048 | R--- | C] () -- C:\Windows\SysWow64\sptlib01.dll
[2011.10.19 16:31:32 | 000,253,952 | R--- | C] () -- C:\Windows\SysWow64\sptlib02.dll
[2011.10.19 16:31:32 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.dll
[2011.10.19 16:31:32 | 000,003,456 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.sys
[2011.07.31 22:24:46 | 000,087,582 | ---- | C] () -- C:\Program Files (x86)\_update2g.dat
[2011.07.31 22:24:46 | 000,038,476 | ---- | C] () -- C:\Program Files (x86)\_update2gcd.dat
[2011.07.31 22:24:46 | 000,005,019 | ---- | C] () -- C:\Program Files (x86)\_update2oldblack.dat
[2011.07.31 22:24:46 | 000,003,452 | ---- | C] () -- C:\Program Files (x86)\_update2marine.dat
[2011.07.31 22:24:46 | 000,003,356 | ---- | C] () -- C:\Program Files (x86)\_update2renaissance.dat
[2011.07.31 22:24:46 | 000,003,265 | ---- | C] () -- C:\Program Files (x86)\_update2azure.dat
[2011.07.31 22:24:46 | 000,001,655 | ---- | C] () -- C:\Program Files (x86)\_update2shiny.dat
[2011.07.31 22:24:46 | 000,001,579 | ---- | C] () -- C:\Program Files (x86)\_update2black.dat
[2011.07.31 22:24:46 | 000,001,122 | ---- | C] () -- C:\Program Files (x86)\_update2simple.dat
[2011.07.31 22:24:46 | 000,000,947 | ---- | C] () -- C:\Program Files (x86)\_update2renaissance.green.dat
[2011.07.31 22:24:46 | 000,000,486 | ---- | C] () -- C:\Program Files (x86)\_update2s.dat
[2011.07.31 22:24:46 | 000,000,163 | ---- | C] () -- C:\Program Files (x86)\_update2rare.dat
[2011.07.31 22:24:46 | 000,000,075 | ---- | C] () -- C:\Program Files (x86)\_update2default.dat
[2011.07.31 22:24:01 | 000,000,905 | ---- | C] () -- C:\Program Files (x86)\Uninstall PokerStars.lnk
[2011.07.31 22:24:01 | 000,000,475 | ---- | C] () -- C:\Program Files (x86)\update.ini
[2011.07.31 22:24:01 | 000,000,219 | ---- | C] () -- C:\Program Files (x86)\trace.ini
[2011.07.31 22:24:01 | 000,000,199 | ---- | C] () -- C:\Program Files (x86)\tinfo.dat
[2011.07.31 22:24:01 | 000,000,195 | ---- | C] () -- C:\Program Files (x86)\user.ini
[2011.07.31 22:23:53 | 000,585,728 | ---- | C] () -- C:\Program Files (x86)\PokerStarsUninstall.exe
[2011.07.31 22:23:53 | 000,046,360 | ---- | C] () -- C:\Program Files (x86)\Stub.exe
[2011.07.31 22:23:53 | 000,001,442 | ---- | C] () -- C:\Program Files (x86)\PokerStars.ini
[2011.07.31 22:23:47 | 000,000,707 | ---- | C] () -- C:\Program Files (x86)\fw.ini
[2011.07.21 18:22:14 | 000,000,600 | ---- | C] () -- C:\Users\aläx\AppData\Roaming\winscp.rnd
[2011.05.11 22:50:20 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.03.08 22:49:18 | 000,001,466 | ---- | C] () -- C:\Users\aläx\AppData\Local\RecConfig.xml
[2010.02.17 23:05:59 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\aläx\AppData\Local\lame_enc.dll
[2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\aläx\AppData\Local\vorbisenc.dll
[2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\aläx\AppData\Local\vorbisfile.dll
[2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\aläx\AppData\Local\vorbis.dll
[2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\aläx\AppData\Local\ogg.dll
[2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\aläx\AppData\Local\no23xwrapper.dll
 
========== ZeroAccess Check ==========
 
[2011.11.17 08:41:18 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\L
[2013.03.31 21:40:51 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U
[2012.06.02 13:01:02 | 000,002,048 | -HS- | M] () -- C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\L
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.06 20:55:33 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\1&1 Mail & Media GmbH
[2013.01.08 18:13:13 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\APP_NAME_NON_STRING
[2010.09.19 18:00:54 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Ashampoo
[2012.10.28 23:50:16 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\calibre
[2011.09.17 20:44:20 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Canneverbe Limited
[2011.04.04 12:44:51 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\DAEMON Tools Lite
[2012.11.04 11:25:14 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Dropbox
[2012.09.25 16:50:01 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\DVDVideoSoft
[2010.10.31 14:09:54 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Foxit Software
[2010.06.27 12:23:02 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\fretsonfire
[2012.06.22 15:53:24 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\ICQ
[2010.09.01 00:23:13 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Leadertech
[2011.05.04 20:56:33 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Line 6
[2012.09.27 19:03:35 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\MediaMonkey
[2011.11.27 17:38:04 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\mp3DirectCut
[2013.03.12 23:01:46 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Mp3tag
[2012.07.08 14:27:40 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Oghue
[2010.02.21 22:26:31 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\OpenOffice.org
[2012.11.30 00:04:31 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Origin
[2012.04.22 15:30:16 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\PacificPoker
[2013.01.08 18:14:02 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\PDF Architect
[2011.10.19 17:08:14 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Program Files
[2010.11.24 21:06:26 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Samsung
[2011.04.12 15:51:10 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Scribus
[2013.01.10 22:03:52 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Softland
[2013.02.22 22:36:34 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\TS3Client
[2012.01.02 03:25:54 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\ts3overlay
[2012.11.13 16:57:39 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\Windows Live Writer
[2010.02.03 18:56:41 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\_MDLogs
[2013.02.23 00:19:45 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\{13215AB9-2B2E-4F6E-ADF1-1D7048C31288}
[2013.02.23 00:18:54 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Roaming\{8B7C62AE-92BD-48AE-AA5B-FA375BC97E3E}
         

Alt 01.04.2013, 22:01   #14
Penntuete
 
Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) - Standard

Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)



So, hier jetzt der zweite Teil:

Code:
ATTFilter
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.03.31 21:55:54 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2013.03.24 17:00:06 | 000,000,000 | ---D | M] -- C:\4gEJsVyiA73
[2009.10.02 08:15:52 | 000,000,000 | ---D | M] -- C:\boot
[2013.04.01 10:41:42 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.02.03 16:50:59 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.11.24 02:00:24 | 000,000,000 | ---D | M] -- C:\HP
[2013.03.31 22:51:14 | 000,000,000 | ---D | M] -- C:\JRT
[2009.10.01 20:04:01 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.04.01 01:33:23 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.04.01 01:33:23 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.03.31 22:42:52 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.02.03 16:50:59 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.03.31 22:01:58 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.02.03 16:52:40 | 000,000,000 | ---D | M] -- C:\Recovery
[2010.02.03 16:57:00 | 000,000,000 | ---D | M] -- C:\SwSetup
[2013.04.01 21:31:35 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.02.03 16:52:50 | 000,000,000 | ---D | M] -- C:\SYSTEM.SAV
[2010.08.08 21:10:14 | 000,000,000 | ---D | M] -- C:\Temp
[2012.11.06 17:40:01 | 000,000,000 | R--D | M] -- C:\Users
[2013.04.01 10:42:46 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
[2013.02.06 14:53:19 | 008,963,608 | ---- | M] (PokerStars) -- C:\Program Files (x86)\PokerStars.exe
[2011.07.31 22:23:53 | 000,816,472 | ---- | M] (PokerStars.com) -- C:\Program Files (x86)\PokerStarsCommunicate.exe
[2011.07.31 22:23:53 | 000,656,728 | ---- | M] ( PokerStars) -- C:\Program Files (x86)\PokerStarsOnlineUpdate.exe
[2011.07.31 22:23:53 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\PokerStarsUninstall.exe
[2013.02.06 14:51:35 | 000,581,208 | ---- | M] (PokerStars) -- C:\Program Files (x86)\PokerStarsUpdate.exe
[2011.07.31 22:23:53 | 000,046,360 | ---- | M] () -- C:\Program Files (x86)\Stub.exe
[2012.04.06 20:54:34 | 000,334,640 | ---- | M] (PokerStars) -- C:\Program Files (x86)\Tracer.exe
 
< %LOCALAPPDATA%\*.exe >
[2012.06.23 03:27:05 | 000,304,128 | ---- | M] () -- C:\Users\aläx\AppData\Local\bardydeab.exe
[2007.01.18 22:09:54 | 000,623,616 | ---- | M] (Ivan Bischof ©2003 - 2005) -- C:\Users\aläx\AppData\Local\No23 Recorder.exe
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
[2013.04.01 01:42:04 | 000,000,000 | ---D | M] -- C:\Windows\installer\{39D0E034-1042-4905-BECB-5502909FCB7C}
[2013.04.01 01:34:43 | 000,000,000 | ---D | M] -- C:\Windows\installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
[2013.04.01 02:29:20 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90110407-6000-11D3-8CFE-0150048383C9}
[2013.04.01 02:14:46 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90120000-0020-0407-0000-0000000FF1CE}
[2013.04.01 02:14:50 | 000,000,000 | ---D | M] -- C:\Windows\installer\{95120000-00AF-0407-0000-0000000FF1CE}
[2013.03.31 21:40:51 | 000,000,000 | ---D | M] -- C:\Windows\installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}
 
< %localappdata%\*. /5 >
[2013.04.01 21:14:11 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Local\LogMeIn Hamachi
[2013.04.01 21:29:38 | 000,000,000 | ---D | M] -- C:\Users\aläx\AppData\Local\Temp
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 5
"ProviderFileName0" = unimdm.tsp -- [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 4
 
< HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 5
"ProviderFileName0" = unimdm.tsp -- [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 4
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S >
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-100
"Group" = NetworkProvider
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\wkssvc.dll,-101
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = BowserMRxSmb10MRxSmb20NSI [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeImperson [Binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00  [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage]
"Bind" = \Device\Smb_Tcpip_{82E069DA-CFB1-4 [Binary data over 200 bytes]
"Route" = "Smb" "Tcpip" "{82E069DA-CFB1-49BC [Binary data over 200 bytes]
"Export" = \Device\LanmanWorkstation_Smb_Tcpi [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\NetworkProvider]
"DeviceName" = \Device\LanmanRedirector
"Name" = Microsoft Windows Network
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-102
"ProviderPath" = %SystemRoot%\System32\ntlanman.dll -- [2010.11.20 14:20:46 | 000,069,120 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"ServiceDll" = %SystemRoot%\System32\wkssvc.dll
"ServiceDllUnloadOnStop" = 1
"EnablePlainTextPassword" = 0
"EnableSecuritySignature" = 1
"RequireSecuritySignature" = 0
"OtherDomains" =  [binary data]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S >
"DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101
"Group" = TDI
"ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\dnsapi.dll,-102
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = Tdxnsi [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00  [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll" = %SystemRoot%\System32\dnsrslvr.dll
"ServiceDllUnloadOnStop" = 1
"extension" = %SystemRoot%\System32\dnsext.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache]
"ShutdownOnIdle" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security]
"Security" = 01 00 14 80 F8 00 00 00 04 01 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 C8 00 08 00 00 00 00 02 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 02 28 00 CD 01 02 00 01 06 00 00 00 00 00 05 50 00 00 00 04 C9 44 AF 94 D9 D3 E5 2B E1 B7 1C 17 84 87 13 6E 1A FA 65 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00  [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0]
"Type" = 4
"Action" = 1
"GUID" = 07 9E 56 B7 21 84 E0 4E AD 10 86 91 5A FD AD 09  [binary data]
"Data0" = 5355UDP [binary data]
"DataType0" = 2
 
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost >
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes]
"LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes]
"LocalServiceNoNetwork" = PLA [binary data] -- [2010.11.20 14:20:54 | 001,508,864 | ---- | M] (Microsoft Corporation)
"rpcss" = RpcSs [binary data]
"LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc]
 
< HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost >
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes]
"LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes]
"LocalServiceNoNetwork" = PLA [binary data] -- [2010.11.20 14:20:54 | 001,508,864 | ---- | M] (Microsoft Corporation)
"rpcss" = RpcSs [binary data]
"LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkService]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\termsvcs]
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\wcssvc]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com >
 
< %SystemRoot%\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
 
< %SystemRoot%\system32\*.tsp /64 >
[2009.07.14 03:38:54 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\hidphone.tsp
[2009.07.14 03:38:54 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kmddsp.tsp
[2009.07.14 03:38:54 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ndptsp.tsp
[2009.07.14 03:38:54 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\remotesp.tsp
[2010.11.20 15:24:24 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\unimdm.tsp
 
< C:\Windows\system32\*.dll /360 >
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 06:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 04:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2013.04.01 01:57:18 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.04.01 01:57:18 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.04.01 01:57:18 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.04.01 01:57:18 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.04.01 01:57:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.04.01 01:57:18 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.04.01 01:57:18 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.04.01 01:57:19 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.04.01 01:57:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
[2012.11.30 04:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
[2012.07.26 19:08:06 | 000,153,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\atl110.dll
[2012.12.16 16:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll
[2012.12.16 16:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdosys.dll
[2012.06.02 06:36:29 | 001,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2012.06.02 06:36:29 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll
[2012.06.02 06:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll
[2013.04.01 01:57:18 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d2d1.dll
[2013.04.01 01:57:18 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10.dll
[2013.04.01 01:57:18 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10core.dll
[2013.04.01 01:57:18 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll
[2013.04.01 01:57:18 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10warp.dll
[2013.04.01 01:57:18 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1.dll
[2013.04.01 01:57:18 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1core.dll
[2013.04.01 01:57:18 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d11.dll
[2013.03.15 20:45:26 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\deployJava1.dll
[2012.10.09 19:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcore6.dll
[2012.10.09 19:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcsvc6.dll
[2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll
[2013.04.01 01:57:18 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll
[2013.04.01 01:57:18 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxgi.dll
[2013.04.01 02:00:06 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll
[2013.04.01 02:00:06 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll
[2013.04.01 02:00:07 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\elshyph.dll
[2012.05.30 08:29:14 | 000,065,536 | ---- | M] (Beepa P/L) -- C:\Windows\system32\frapsvid.dll
[2012.12.07 14:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gameux.dll
[2013.04.01 02:00:06 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardie.dll
[2013.04.01 02:00:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IEAdvpack.dll
[2013.04.01 02:00:06 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll
[2013.04.01 02:00:06 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll
[2013.04.01 02:00:06 | 013,761,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2013.04.01 02:00:06 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll
[2013.04.01 02:00:06 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll
[2013.04.01 02:00:07 | 002,046,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2013.04.01 02:00:06 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll
[2013.04.01 02:00:06 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll
[2013.04.01 02:00:06 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2013.04.01 02:00:07 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imgutil.dll
[2013.04.01 02:00:07 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inseng.dll
[2013.04.01 02:00:07 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
[2013.04.01 02:00:06 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll
[2013.04.01 02:00:07 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2012.08.11 01:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll
[2012.11.30 06:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll
[2012.11.30 06:53:59 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll
[2013.04.01 02:00:06 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll
[2012.07.17 14:49:00 | 000,209,648 | ---- | M] (Microsoft Corp.) -- C:\Windows\system32\LIVESSP.DLL
[2013.04.01 02:00:07 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2013.04.01 02:00:06 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll
[2013.04.01 02:00:07 | 014,317,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2013.04.01 02:00:07 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2013.04.01 02:00:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmler.dll
[2013.04.01 02:00:07 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmlmedia.dll
[2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll
[2013.04.01 02:00:07 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msls31.dll
[2013.04.01 01:57:18 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msmpeg2vdec.dll
[2012.05.05 11:54:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MSMPIDE.DLL
[2013.04.01 02:00:07 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msrating.dll
[2012.07.26 19:08:06 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp110.dll
[2012.07.26 19:08:06 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr110.dll
[2012.11.01 06:47:54 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2012.11.01 06:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2012.11.20 06:51:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll
[2012.10.03 18:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncsi.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2012.10.03 18:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netcorehc.dll
[2012.10.03 18:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netevent.dll
[2013.03.15 20:45:26 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\npDeployJava1.dll
[2013.01.04 04:47:33 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntvdm64.dll
[2013.04.01 02:00:07 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll
[2013.04.01 02:00:07 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pngfilt.dll
[2012.06.02 06:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2012.06.02 06:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll
[2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2012.12.27 20:28:14 | 000,012,067 | ---- | M] () -- C:\Windows\system32\SIntf16.dll
[2012.12.27 20:28:14 | 000,017,212 | ---- | M] () -- C:\Windows\system32\SIntf32.dll
[2012.12.27 20:28:14 | 000,021,840 | ---- | M] () -- C:\Windows\system32\SIntfNT.dll
[2012.09.12 16:07:44 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sirenacm.dll
[2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\srclient.dll
[2012.06.02 06:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll
[2012.09.26 00:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll
[2012.11.09 06:42:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2013.04.01 01:57:18 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\UIAnimation.dll
[2013.04.01 02:00:06 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2013.04.01 02:00:07 | 001,129,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2012.11.22 06:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\usp10.dll
[2013.04.01 02:00:07 | 000,523,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2012.07.26 19:08:06 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vccorlib110.dll
[2012.07.26 19:08:06 | 000,115,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vcomp110.dll
[2013.04.01 02:00:07 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webcheck.dll
[2012.11.09 06:43:04 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll
[2013.03.15 20:45:28 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\WindowsAccessBridge-32.dll
[2013.04.01 01:57:18 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecs.dll
[2013.04.01 01:57:18 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecsExt.dll
[2013.04.01 02:00:07 | 001,766,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2012.08.24 18:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2013.04.01 01:57:18 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMPhoto.dll
[2013.01.04 06:51:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wow32.dll
[2012.12.07 14:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wpc.dll
[2013.04.01 01:57:18 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsGdiConverter.dll
[2013.04.01 01:57:18 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsPrint.dll
[2012.07.05 14:21:30 | 000,107,212 | ---- | M] () -- C:\Windows\system32\zlib1.dll
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
< C:\Windows\SysNative\*.dll /360 >
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 07:38:44 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 07:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 07:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 07:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 07:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 07:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.04.01 01:57:18 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.04.01 01:57:18 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.04.01 01:57:18 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.04.01 01:57:18 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.04.01 01:57:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.04.01 01:57:19 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.04.01 01:57:19 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.04.01 01:57:19 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.04.01 01:57:19 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2012.11.30 07:38:45 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.07.26 15:22:10 | 000,177,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\atl110.dll
[2012.12.16 16:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 19:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.07.05 00:13:27 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.07.05 00:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browser.dll
[2012.06.06 08:02:54 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.06.02 07:41:27 | 001,464,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.02 07:41:28 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.02 07:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsvc.dll
[2013.04.01 01:57:18 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.04.01 01:57:18 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.04.01 01:57:18 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.04.01 01:57:18 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.04.01 01:57:18 | 002,565,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.04.01 01:57:18 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.04.01 01:57:18 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.04.01 01:57:18 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.03.19 03:47:06 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.10.09 20:17:13 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.10.09 20:17:13 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.10.03 13:50:16 | 000,020,872 | ---- | M] (Softland) -- C:\Windows\SysNative\dopdfmi7.dll
[2012.10.03 13:50:18 | 000,025,480 | ---- | M] (Softland) -- C:\Windows\SysNative\dopdfmn7.dll
[2012.11.02 07:59:11 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013.04.01 01:57:18 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.04.01 01:57:18 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.04.01 02:00:06 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.01 02:00:06 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.01 02:00:07 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.04.01 01:57:18 | 001,175,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll
[2012.05.30 08:29:18 | 000,071,680 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll
[2012.12.07 15:15:31 | 002,746,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.04.01 02:00:06 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.01 02:00:06 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.01 02:00:06 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.01 02:00:06 | 000,270,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2013.04.01 02:00:06 | 015,407,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2013.04.01 02:00:06 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.01 02:00:06 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.01 02:00:06 | 002,647,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2013.04.01 02:00:06 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.01 02:00:06 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.01 02:00:06 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.01 02:00:06 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.01 02:00:06 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.10.03 19:42:16 | 000,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iphlpsvc.dll
[2013.04.01 02:00:06 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.01 02:00:06 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.01 02:00:06 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2012.08.11 02:56:03 | 000,715,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kerberos.dll
[2012.11.30 07:41:07 | 001,161,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.11.30 07:41:07 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.04.01 02:00:06 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.07.17 15:14:44 | 000,253,184 | ---- | M] (Microsoft Corp.) -- C:\Windows\SysNative\LIVESSP.DLL
[2012.05.14 07:26:34 | 000,956,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013.04.01 02:00:06 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.01 02:00:06 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2013.04.01 02:00:06 | 019,221,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2013.04.01 02:00:06 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.01 02:00:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.01 02:00:06 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2012.04.07 14:31:40 | 003,216,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2013.04.01 02:00:06 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.04.01 01:57:18 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.04.01 02:00:06 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.07.26 15:22:10 | 000,661,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
[2012.07.26 15:22:10 | 000,828,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
[2012.11.01 07:43:42 | 001,882,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3.dll
[2012.11.01 07:43:42 | 002,002,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6.dll
[2012.11.20 07:48:49 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.10.03 19:44:16 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.07.05 00:16:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.10.03 19:44:17 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.10.03 19:44:17 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.10.03 19:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nlaapi.dll
[2012.10.03 19:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nlasvc.dll
[2013.03.19 03:47:06 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.11.30 07:43:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.04.01 02:00:06 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.10.28 19:32:34 | 000,103,936 | ---- | M] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2013.04.01 02:00:06 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.05.01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\profsvc.dll
[2012.04.26 07:41:55 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.04.26 07:41:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.02 07:45:31 | 000,340,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\schannel.dll
[2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shell32.dll
[2012.05.05 10:36:55 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.09.26 00:46:17 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.09 07:45:09 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tzres.dll
[2013.04.01 01:57:18 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.04.01 02:00:06 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.01 02:00:06 | 001,365,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2012.11.22 07:44:23 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.04.01 02:00:06 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.07.26 15:22:10 | 000,354,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
[2012.07.26 15:22:10 | 000,124,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vcomp110.dll
[2012.07.26 04:36:08 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013.04.01 02:00:06 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\webcheck.dll
[2012.11.09 07:45:32 | 000,750,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.03.19 03:47:08 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.04.01 01:57:18 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.04.01 01:57:18 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.04.01 02:00:06 | 002,240,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2013.01.04 07:46:09 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.08.24 20:05:07 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013.04.01 01:57:18 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2012.11.30 07:45:35 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.11.30 07:45:35 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.11.30 07:45:35 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.07 15:20:16 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.03 00:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuaueng.dll
[2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.07.26 05:08:14 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.07.26 05:08:14 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.07.26 05:08:14 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFSvc.dll
[2012.07.26 05:08:14 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.04.01 01:57:18 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.04.01 01:57:18 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
 
< C:\Windows\SysWOW64\*.dll /360 >
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 06:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 06:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 06:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 06:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 04:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 04:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
[2013.04.01 01:57:18 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.04.01 01:57:18 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.04.01 01:57:18 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.04.01 01:57:18 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.04.01 01:57:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.04.01 01:57:18 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.04.01 01:57:18 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.04.01 01:57:19 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.04.01 01:57:18 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
[2012.11.30 04:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
[2012.07.26 19:08:06 | 000,153,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl110.dll
[2012.12.16 16:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\atmfd.dll
[2012.12.16 16:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWOW64\atmlib.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\browcli.dll
[2012.06.06 07:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cdosys.dll
[2012.06.02 06:36:29 | 001,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
[2012.06.02 06:36:29 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll
[2012.06.02 06:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsvc.dll
[2013.04.01 01:57:18 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll
[2013.04.01 01:57:18 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll
[2013.04.01 01:57:18 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll
[2013.04.01 01:57:18 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10level9.dll
[2013.04.01 01:57:18 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10warp.dll
[2013.04.01 01:57:18 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll
[2013.04.01 01:57:18 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll
[2013.04.01 01:57:18 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d11.dll
[2013.03.15 20:45:26 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\deployJava1.dll
[2012.10.09 19:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcore6.dll
[2012.10.09 19:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll
[2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dpnet.dll
[2013.04.01 01:57:18 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll
[2013.04.01 01:57:18 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll
[2013.04.01 02:00:06 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxtmsft.dll
[2013.04.01 02:00:06 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxtrans.dll
[2013.04.01 02:00:07 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\elshyph.dll
[2012.05.30 08:29:14 | 000,065,536 | ---- | M] (Beepa P/L) -- C:\Windows\SysWOW64\frapsvid.dll
[2012.12.07 14:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gameux.dll
[2013.04.01 02:00:06 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\icardie.dll
[2013.04.01 02:00:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IEAdvpack.dll
[2013.04.01 02:00:06 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieapfltr.dll
[2013.04.01 02:00:06 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iedkcs32.dll
[2013.04.01 02:00:06 | 013,761,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll
[2013.04.01 02:00:06 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iepeers.dll
[2013.04.01 02:00:06 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iernonce.dll
[2013.04.01 02:00:07 | 002,046,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
[2013.04.01 02:00:06 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iesetup.dll
[2013.04.01 02:00:06 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iesysprep.dll
[2013.04.01 02:00:06 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieui.dll
[2013.04.01 02:00:07 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imgutil.dll
[2013.04.01 02:00:07 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\inseng.dll
[2013.04.01 02:00:07 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript.dll
[2013.04.01 02:00:06 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript9.dll
[2013.04.01 02:00:07 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jsproxy.dll
[2012.08.11 01:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kerberos.dll
[2012.11.30 06:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
[2012.11.30 06:53:59 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
[2013.04.01 02:00:06 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\licmgr10.dll
[2012.07.17 14:49:00 | 000,209,648 | ---- | M] (Microsoft Corp.) -- C:\Windows\SysWOW64\LIVESSP.DLL
[2013.04.01 02:00:07 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msfeeds.dll
[2013.04.01 02:00:06 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msfeedsbs.dll
[2013.04.01 02:00:07 | 014,317,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtml.dll
[2013.04.01 02:00:07 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmled.dll
[2013.04.01 02:00:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmler.dll
[2013.04.01 02:00:07 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmlmedia.dll
[2012.04.07 13:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
[2013.04.01 02:00:07 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll
[2013.04.01 01:57:18 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msmpeg2vdec.dll
[2012.05.05 11:54:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MSMPIDE.DLL
[2013.04.01 02:00:07 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msrating.dll
[2012.07.26 19:08:06 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp110.dll
[2012.07.26 19:08:06 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr110.dll
[2012.11.01 06:47:54 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3.dll
[2012.11.01 06:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml6.dll
[2012.11.20 06:51:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll
[2012.10.03 18:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncsi.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll
[2012.10.03 18:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netcorehc.dll
[2012.10.03 18:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netevent.dll
[2013.03.15 20:45:26 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\npDeployJava1.dll
[2013.01.04 04:47:33 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntvdm64.dll
[2013.04.01 02:00:07 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\occache.dll
[2013.04.01 02:00:07 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pngfilt.dll
[2012.06.02 06:40:39 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll
[2012.06.02 06:40:42 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
[2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
[2012.12.27 20:28:14 | 000,012,067 | ---- | M] () -- C:\Windows\SysWOW64\SIntf16.dll
[2012.12.27 20:28:14 | 000,017,212 | ---- | M] () -- C:\Windows\SysWOW64\SIntf32.dll
[2012.12.27 20:28:14 | 000,021,840 | ---- | M] () -- C:\Windows\SysWOW64\SIntfNT.dll
[2012.09.12 16:07:44 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sirenacm.dll
[2012.05.05 09:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
[2012.06.02 06:34:09 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
[2012.09.26 00:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\synceng.dll
[2012.11.09 06:42:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\tzres.dll
[2013.04.01 01:57:18 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\UIAnimation.dll
[2013.04.01 02:00:06 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\url.dll
[2013.04.01 02:00:07 | 001,129,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
[2012.11.22 06:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
[2013.04.01 02:00:07 | 000,523,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vbscript.dll
[2012.07.26 19:08:06 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vccorlib110.dll
[2012.07.26 19:08:06 | 000,115,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vcomp110.dll
[2013.04.01 02:00:07 | 000,204,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webcheck.dll
[2012.11.09 06:43:04 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\win32spl.dll
[2013.03.15 20:45:28 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
[2013.04.01 01:57:18 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
[2013.04.01 01:57:18 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecsExt.dll
[2013.04.01 02:00:07 | 001,766,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
[2012.08.24 18:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
[2013.04.01 01:57:18 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WMPhoto.dll
[2013.01.04 06:51:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wow32.dll
[2012.12.07 14:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wpc.dll
[2013.04.01 01:57:18 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\XpsGdiConverter.dll
[2013.04.01 01:57:18 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\XpsPrint.dll
[2012.07.05 14:21:30 | 000,107,212 | ---- | M] () -- C:\Windows\SysWOW64\zlib1.dll

< End of report >
         

Alt 01.04.2013, 22:47   #15
DerJazzer
/// Malwareteam
 
Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) - Standard

Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)



Das sieht schon besser aus.

Wir entfernen jetzt noch ein paar Reste und dann will ich noch was nachschauen:

Schritt 1

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\aläx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
[2012.06.23 03:27:05 | 000,304,128 | ---- | C] () -- C:\Users\aläx\AppData\Local\bardydeab.exe
[2011.11.17 08:41:18 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\L
[2013.03.31 21:40:51 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U
[2012.06.02 13:01:02 | 000,002,048 | -HS- | M] () -- C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\@
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\L
[2011.11.17 08:41:18 | 000,000,000 | -HSD | M] -- C:\Users\aläx\AppData\Local\{a58d89ea-274e-7379-3f6b-421fcb5ec1a7}\U
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2013.03.24 17:00:06 | 000,000,000 | ---D | M] -- C:\4gEJsVyiA73
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 2

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


Schritt 3

Starte bitte die OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Bitte poste in deiner nächsten Antwort
  • OTL-Fixlog
  • MBAR-Log
  • OTL.txt & Extras.txt
__________________
Keep Jazzing!

DerJazzer

Imperare sibi maximum imperium est. ©Seneca

Wenn du uns unterstützen möchtest | http://www.anaesthesist-werden.de/

Antwort

Themen zu Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)
adobe, antivir, appdata, autorun, avira, bho, converter, encrypt, excel, firefox, format, home, logfile, mp3, ntdll.dll, origin, problem, programm, realtek, recycle.bin, registry, rundll, scan, search the web, software, stick, teamspeak, temp, trojaner, virus, wallpapers, windows



Ähnliche Themen: Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)


  1. BKA Virus auf Android 4.1.1 taucht immer wieder auf! Auch nach Full-Wipe
    Smartphone, Tablet & Handy Security - 06.06.2015 (8)
  2. Windows 7: Avira meldet immer wieder ADWARE/Adware.Gen4 bzw. .Gen7, zudem taucht Optimizer Pro immer wieder auf
    Log-Analyse und Auswertung - 14.12.2014 (9)
  3. Snap.do lässt sich nicht deinstallieren - taucht immer wieder in allen Browsern auf - Win 8.1 x64
    Log-Analyse und Auswertung - 23.10.2014 (15)
  4. SpeedChecker gefunden - gelöscht, taucht aber immer wieder auf
    Plagegeister aller Art und deren Bekämpfung - 16.09.2014 (13)
  5. Laptop ruckelt nur noch, Iminent lässt sich nicht löschen und Radio schaltet sich alleine an und aus und lässt sich ebenfalls nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 27.06.2014 (3)
  6. Bitcoin Virus, wincpu.exe stellt sich immer wieder her : Benutzer/appdata/local/temp/64
    Plagegeister aller Art und deren Bekämpfung - 07.05.2014 (11)
  7. Windows 7: GoogleChrome Erweiterung "DownSave5.2" taucht nach Löschen immer wieder auf
    Log-Analyse und Auswertung - 10.01.2014 (9)
  8. Der Virus ADWARE/Adware.Gen7 taucht immer wieder auf!
    Plagegeister aller Art und deren Bekämpfung - 27.12.2013 (3)
  9. HDD sauber - aber eine Datei lässt sich ums Verrecken nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 16.10.2011 (43)
  10. Kaspersky 2012 Sec. Findet Trojaner lässt sich aber nicht löschen.
    Plagegeister aller Art und deren Bekämpfung - 23.09.2011 (14)
  11. Avira zeigt Virus an, dieser taucht aber nach Löschversuch immer wieder auf. Trojaner vermutet.
    Log-Analyse und Auswertung - 18.02.2011 (1)
  12. "service.exe" in C:\TEMP\ von Norton gefunden, taucht aber immer wieder auf!
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (26)
  13. Virus:Win32/Alureon.H lässt sich nicht löschen, bzw. ist immer wieder da
    Plagegeister aller Art und deren Bekämpfung - 02.08.2010 (12)
  14. Trojaner gefunden Trojan.PR.Ranky.YU veruscht zu löschen aber kommt immer wieder
    Log-Analyse und Auswertung - 12.04.2010 (39)
  15. mBam findet verdächtige Dateien kehren nach löschen aber immer wieder
    Plagegeister aller Art und deren Bekämpfung - 28.08.2009 (8)
  16. TR/Crypt.XPACK.gen wird von AV erkannt, taucht aber immer wieder auf. Hier der Log...
    Log-Analyse und Auswertung - 09.06.2008 (5)
  17. Norton findet Bedrohung...lässt sich aber nicht löschen-> bitte um Hilfe!!!
    Plagegeister aller Art und deren Bekämpfung - 19.04.2005 (1)

Zum Thema Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) - Hi! Habe schon seit längerem das Problem, dass auf meinem Laptop im Ordner C:\Users\NAME\AppData immer wieder ein Virus von Avira AntiVir gemeldet wird. Die letzten beiden Meldungen waren z.B.: In - Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf)...
Archiv
Du betrachtest: Virus in C:\User\NAME\AppData (lässt sich löschen, aber taucht immer wieder auf) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.