Malsign.Dailytools.3A7

Gast1234 · 29.08.2014, 13:28

---

Gast1234 · 29.08.2014, 13:34

---

Gast1234 · 29.08.2014, 13:54

Code:

ATTFilter

OTL Extras logfile created on: 29.08.2014 13:34:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lara\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,09 Mb Total Physical Memory | 386,70 Mb Available Physical Memory | 38,17% Memory free
1,99 Gb Paging File | 1,00 Gb Available in Paging File | 50,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,79 Gb Total Space | 132,11 Gb Free Space | 61,22% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 3,94 Gb Free Space | 98,58% Space Free | Partition Type: NTFS
 
Computer Name: LARASACER | User Name: Lara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1"
 
[HKEY_USERS\S-1-5-21-1908887682-808319941-1047621281-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7D54838F-8BA7-4C0C-B876-DF0D8B3226E1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F4B09290-BD1E-4831-BBBF-1F416AE63412}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{179AD27C-D9DF-4596-8781-A35F930B0145}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{181EE725-0B6E-4C8C-8B2F-AED79EEB8403}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe | 
"{1B60B4C1-D625-4B8A-B1AA-9EC7AB64AFA2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | 
"{1D316047-0DCD-42DF-AE9F-C0B3F32888E9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe | 
"{27CFEA0A-C17B-44E1-BC94-55F8EB285F3B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{2A2664EB-0BA5-4FFB-9C84-0C6A0FEA5DFC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | 
"{39B14AFD-7EB9-41D5-8B45-2A3E7FCF3F53}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{3AA57530-DC3F-4165-8FB3-C8E25D7C698E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{45F93211-A0F0-4504-9BE2-C35B993E0D00}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{517880C9-A4F2-4DED-A056-61AAA0275E7C}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe | 
"{5255AAED-F3CB-4976-AC09-FA408E38C607}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{717DAE25-0D17-45FE-9E1D-4CD59FDEAFEE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{7BDF5F47-3F22-42C0-829C-5DEEF0E747ED}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{831B0F2B-A208-4BAC-917C-B648A25D409E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe | 
"{8B0570E0-A335-4607-9602-6B0C79833E91}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe | 
"{98CE9485-A44E-438C-AB34-2374A81D1954}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{9ED9F2A3-28EE-4205-A52D-C33EAC858965}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{A03FFFEF-2E2C-4272-A35C-B792FDB30FA6}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{A89D6AC9-042D-43E3-BEB1-5321A8BF56BE}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{AB5ECF61-4AD7-4187-9C1D-143F831EC5AF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe | 
"{CB11B9DA-238E-424A-8B15-5116163912F6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe | 
"{CB41D34C-E3EE-4C53-9362-27502015D338}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{D007A2E8-8C45-4DE7-8E5B-ABDF3103D2A8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{D5E45B96-DA84-468B-9158-283F8AC6161F}" = dir=in | app=c:\program files\jeak.de\qip 2012 jeak-edition\qip.exe | 
"{E30CD09C-ABCB-460E-856C-937564C4FC95}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{E646210E-59E2-40C2-8190-55EB24E87DC5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{F503BC85-AE8D-40A9-8AEA-DBA8CA09CEB7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{F54402A7-6EF2-4630-9DCD-BE1886A87DEE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{F97692D2-3096-4D66-A91C-5580303F9270}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"TCP Query User{2A909A04-3300-4B7D-A563-B648929C63BB}C:\program files\jeak.de\qip 2010\qip.exe" = protocol=6 | dir=in | app=c:\program files\jeak.de\qip 2010\qip.exe | 
"TCP Query User{694529D2-B2AA-443B-97B7-A1529CCC8127}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{7E9BC53B-A2AB-4A2A-A397-4EA931E65507}C:\program files\jeak.de\qip 2010\qip.exe" = protocol=6 | dir=in | app=c:\program files\jeak.de\qip 2010\qip.exe | 
"TCP Query User{9D1E17FE-AE70-435E-8A95-ECF49D4E8818}C:\program files\jeak.de\qip 2012 jeak-edition\qip.exe" = protocol=6 | dir=in | app=c:\program files\jeak.de\qip 2012 jeak-edition\qip.exe | 
"TCP Query User{AAB8A1CA-3CFA-49F2-9CFF-9F258E77A45E}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{1A4A8A21-47EC-4AE1-90EE-0AF0F19894F3}C:\program files\jeak.de\qip 2010\qip.exe" = protocol=17 | dir=in | app=c:\program files\jeak.de\qip 2010\qip.exe | 
"UDP Query User{34BA33AC-3057-4768-8072-EFD419A1E1CB}C:\program files\jeak.de\qip 2012 jeak-edition\qip.exe" = protocol=17 | dir=in | app=c:\program files\jeak.de\qip 2012 jeak-edition\qip.exe | 
"UDP Query User{6946C119-8581-4CB4-863D-0A1C87850865}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{D34FF93D-39BE-45DC-8D4D-245290AF30A7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{EE0CE719-1224-405F-A053-8CD4D4355B75}C:\program files\jeak.de\qip 2010\qip.exe" = protocol=17 | dir=in | app=c:\program files\jeak.de\qip 2010\qip.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 65
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2FBC78B6-125F-4E8C-8B18-2D7A3C2FD306}" = QIP 2012 7221 Jeak-Edition
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59C51498-BEDE-4033-BBEE-16908F1EFB47}" = AVG 2014
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.6.0
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E871D09-064D-3BC9-963B-3AB8ABE1273D}" = Microsoft .NET Framework 4.5.1 (DEU)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.08) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E62AFEB8-BF5A-4287-A19B-198BB17F6276}" = AVG 2014
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"AVG" = AVG 2014
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LManager" = Launch Manager
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.2.1012
"Mozilla Firefox 31.0 (x86 de)" = Mozilla Firefox 31.0 (x86 de)
"Mozilla Thunderbird 24.6.0 (x86 de)" = Mozilla Thunderbird 24.6.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"QIP 2012 7221 Jeak-Edition 4.0.7221" = QIP 2012 7221 Jeak-Edition
"StarterBackgroundChanger" = StarterBackgroundChanger
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.9
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1908887682-808319941-1047621281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.18
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 27.08.2014 13:02:50 | Computer Name = larasacer | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 27.08.2014 16:07:02 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 28.08.2014 02:43:17 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 28.08.2014 06:43:25 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 28.08.2014 07:54:47 | Computer Name = larasacer | Source = Service Control Manager | ID = 7034
Description = Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 28.08.2014 08:16:38 | Computer Name = larasacer | Source = DCOM | ID = 10010
Description = 
 
Error - 28.08.2014 16:36:33 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 28.08.2014 21:25:47 | Computer Name = larasacer | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 28.08.2014 21:31:23 | Computer Name = larasacer | Source = DCOM | ID = 10010
Description = 
 
Error - 29.08.2014 08:17:59 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
 
< End of report >

Sorry für die Doppel-Posts, aber die Seite hat mir eine Fehlermeldung angezeigt

So hab die Doppelposts rausgenommen

cosinus · 29.08.2014, 14:50

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;www.joosoft.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8897;https=127.0.0.1:8897
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;www.joosoft.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8897;https=127.0.0.1:8897
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;www.joosoft.com
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

:reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"Update-Service-Installer-Service"=-
"DailytoolsInstallerService"=-
"DailytoolsUpdateService"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Gast1234 · 02.09.2014, 11:56

Code:

ATTFilter

========== OTL ==========
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-1908887682-808319941-1047621281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: 4 removed from network.proxy.type
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\\Update-Service-Installer-Service deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\\DailytoolsInstallerService deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\\DailytoolsUpdateService deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com\ deleted successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 09022014_125305

cosinus · 02.09.2014, 12:09

Ok, die restlichen Joosoft/dailytools Einträge sollten damit erlegt sein. Zur Sicherheit nochmal ein eines Kontrollog bitte posten. Zuerst aber bitte das hier auf den Desktop runterladen => http://download.bleepingcomputer.com...7/Dnscache.reg und per Doppelklick ausführen, Abfrage mit ja bestätigen. Das sollte den Dienst "dnscache" reparieren. Starte Windows neu, dann OTL:

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).

Starte bitte die OTL.exe.
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
Setze einen Haken bei Scanne alle Benutzer.
Unter Extra Registry, wähle bitte Use SafeList.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
C:\Windows\system32\*.dll /800
CREATERESTOREPOINT

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Scan Button.
Am Ende des Suchlaufs werden 2 Logdateien erstellt.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Gast1234 · 02.09.2014, 13:58

Alles erledigt.

Code:

ATTFilter

OTL logfile created on: 02.09.2014 13:19:23 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lara\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,09 Mb Total Physical Memory | 258,62 Mb Available Physical Memory | 25,53% Memory free
2,20 Gb Paging File | 0,97 Gb Available in Paging File | 44,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,79 Gb Total Space | 132,44 Gb Free Space | 61,38% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 3,94 Gb Free Space | 98,58% Space Free | Partition Type: NTFS
 
Computer Name: LARASACER | User Name: Lara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.08.29 20:32:49 | 007,141,120 | ---- | M] (Igor Pavlov) -- C:\Programme\AVG\AVG2014\Notification\Launcher.exe
PRC - [2014.08.28 20:09:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lara\Desktop\OTL.exe
PRC - [2014.08.12 18:10:35 | 002,775,576 | ---- | M] () -- C:\Windows\Temp\7zS8F75.tmp\AVG-Secure-Search-Update.exe
PRC - [2014.08.11 14:51:00 | 003,244,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2014\avgidsagent.exe
PRC - [2014.08.11 14:49:02 | 000,846,864 | ---- | M] (AVG Technologies CZ, s.r.o.) -- c:\Programme\AVG\AVG2014\avgrsx.exe
PRC - [2014.08.11 14:45:50 | 000,643,088 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2014\avgcsrvx.exe
PRC - [2014.08.11 14:42:36 | 000,838,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2014\avgnsx.exe
PRC - [2014.08.11 14:42:34 | 005,187,088 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2014\avgui.exe
PRC - [2014.08.11 14:41:40 | 000,657,936 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2014\avgemcx.exe
PRC - [2014.08.11 14:36:28 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2014\avgwdsvc.exe
PRC - [2014.02.06 13:39:33 | 000,022,040 | ---- | M] () -- C:\Windows\Temp\7zS8F75.tmp\Setup.exe
PRC - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.06.26 19:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013.06.26 19:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013.04.22 10:02:06 | 000,822,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.08.10 11:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\dsiwmis.exe
PRC - [2010.08.10 11:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LMworker.exe
PRC - [2010.06.11 15:28:06 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2010.06.11 15:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010.06.11 15:27:54 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2010.06.09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010.06.08 19:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe
PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Registration\GREGsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.06.09 19:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.05.20 08:02:04 | 000,072,200 | ---- | M] () -- C:\Programme\Launch Manager\CdDirIo.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014.08.20 14:11:21 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.08.11 14:51:00 | 003,244,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014.08.11 14:36:28 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014.07.30 14:26:18 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.06.26 19:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013.06.26 19:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.04.22 10:02:06 | 000,822,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.08.10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010.06.11 15:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010.06.08 19:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.05.27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010.01.30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2010.01.08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Registration\GREGsvc.exe -- (GREGService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\L1C62x86.sys -- (L1C)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Lara\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2014.06.30 12:43:12 | 000,121,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2014.06.17 16:22:02 | 000,188,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2014.06.17 16:21:22 | 000,197,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2014.06.17 16:18:00 | 000,241,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2014.06.17 16:17:58 | 000,147,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2014.06.17 16:06:40 | 000,199,960 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2014.06.17 16:06:24 | 000,098,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2014.06.17 16:06:22 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2014.06.17 16:06:20 | 000,021,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2014.01.23 05:20:56 | 000,153,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2014.01.23 05:20:56 | 000,136,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2014.01.23 05:20:56 | 000,130,248 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2014.01.23 05:20:56 | 000,017,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2013.10.02 02:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2013.06.26 19:23:04 | 000,020,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2013.06.26 19:23:00 | 000,197,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2013.06.26 19:23:00 | 000,024,232 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2013.06.26 19:22:58 | 000,583,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.07.15 23:57:36 | 001,906,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010.06.17 08:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.06.03 04:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009.06.03 04:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009.06.03 04:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\..\SearchScopes\{891675E3-89A4-4910-A5B8-2EF8AECF6854}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Lara\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2012.08.02 23:08:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lara\AppData\Roaming\mozilla\Extensions
[2014.07.24 19:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lara\AppData\Roaming\mozilla\Firefox\Profiles\pjgxkiv3.default-1384465885983\extensions
[2014.07.24 19:48:27 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Lara\AppData\Roaming\mozilla\firefox\profiles\pjgxkiv3.default-1384465885983\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.07.30 14:25:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2014.07.30 14:26:25 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - plugin: Error reading preferences file
CHR - Extension: YouTube = C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Mail = C:\Users\Lara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1908887682-808319941-1047621281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lara\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE95E6C1-AB67-4F53-ADCB-E41A5DB92394}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.09.02 12:53:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2014.09.01 20:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014.09.01 20:44:28 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014.09.01 20:43:33 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014.09.01 20:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014.09.01 20:43:32 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014.09.01 20:43:32 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014.08.29 20:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg_Update_0814av
[2014.08.29 14:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2014.08.28 20:09:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lara\Desktop\OTL.exe
[2014.08.28 14:49:36 | 002,352,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014.08.25 21:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014.08.25 19:53:03 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.08.25 19:52:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2014.08.25 19:52:16 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014.08.25 19:52:16 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014.08.25 19:52:16 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014.08.25 19:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\ Malwarebytes Anti-Malware 
[2014.08.25 19:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.08.25 19:50:24 | 000,000,000 | ---D | C] -- C:\Users\Lara\AppData\Local\Programs
[2014.08.25 13:05:29 | 000,000,000 | ---D | C] -- C:\Users\Lara\AppData\Local\Adobe
[2014.08.22 21:08:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.08.22 20:43:18 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014.08.22 20:38:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.08.22 14:11:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014.08.22 13:28:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014.08.22 13:28:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014.08.22 13:28:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014.08.22 13:26:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014.08.22 13:25:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014.08.21 15:18:20 | 000,000,000 | ---D | C] -- C:\FRST
[2014.08.20 14:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014.08.15 13:00:37 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2014.08.15 13:00:32 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2014.08.15 13:00:18 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2014.08.15 13:00:08 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2014.08.13 14:00:22 | 000,219,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2014.08.13 14:00:22 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2014.08.13 14:00:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014.08.13 13:59:42 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014.08.13 13:59:42 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2014.08.13 13:59:42 | 000,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2014.08.13 13:59:16 | 001,810,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.08.13 13:59:16 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014.08.13 13:59:15 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014.08.13 13:59:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014.08.13 13:59:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014.08.13 13:59:00 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014.08.13 13:58:59 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.08.13 13:58:57 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.08.13 13:58:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.08.13 13:58:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.08.13 13:58:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.08.13 13:58:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014.08.13 13:58:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDTAT.DLL
[2014.08.13 13:58:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDRU.DLL
[2014.08.13 13:58:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDYAK.DLL
[2014.08.13 13:58:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDRU1.DLL
[2014.08.13 13:58:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\KBDBASH.DLL
 
========== Files - Modified Within 30 Days ==========
 
[2014.09.02 13:17:07 | 000,006,748 | ---- | M] () -- C:\Users\Lara\Desktop\Dnscache.reg
[2014.09.02 13:16:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.09.02 12:52:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.09.01 20:42:57 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014.09.01 20:42:54 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014.09.01 20:42:54 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014.09.01 20:42:54 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014.08.29 14:58:10 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2014.08.29 03:33:52 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.08.29 03:33:52 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.08.29 03:24:40 | 000,287,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.08.29 03:22:26 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[2014.08.28 20:09:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lara\Desktop\OTL.exe
[2014.08.28 14:03:09 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014.08.23 02:42:53 | 002,352,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014.08.20 14:11:21 | 000,699,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.08.20 14:11:21 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2014.09.02 13:16:58 | 000,006,748 | ---- | C] () -- C:\Users\Lara\Desktop\Dnscache.reg
[2014.08.29 14:58:10 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2014.08.22 13:28:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014.08.22 13:28:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014.08.22 13:28:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014.08.22 13:28:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014.08.22 13:28:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.18 19:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.04.18 19:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013.04.18 19:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013.04.18 19:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013.04.18 19:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.01.11 13:33:20 | 000,006,144 | ---- | C] () -- C:\Users\Lara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.17 09:19:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers >
"ProviderID0" = 1
"ProviderID1" = 2
"ProviderID2" = 3
"ProviderID3" = 4
"NextProviderID" = 7
"ProviderFileName0" = unimdm.tsp -- [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation)
"ProviderFileName1" = kmddsp.tsp -- [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation)
"ProviderFileName2" = ndptsp.tsp -- [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation)
"ProviderFileName3" = hidphone.tsp -- [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation)
"NumProviders" = 5
"ProviderID4" = 6
"ProviderFilename4" = incvclor0.tsp
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S >
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-100
"Group" = NetworkProvider
"ImagePath" = %SystemRoot%\System32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%systemroot%\system32\wkssvc.dll,-101
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = BowserMRxSmb10MRxSmb20NSI [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeImperson [Binary data over 200 bytes]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 C0 D4 01 00 00 00 00 00 00 00 00 00  [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Linkage]
"Bind" = \Device\Smb_Tcpip_{BC61CEF9-6D33-4 [Binary data over 200 bytes]
"Route" = "Smb" "Tcpip" "{BC61CEF9-6D33-4CF9 [Binary data over 200 bytes]
"Export" = \Device\LanmanWorkstation_Smb_Tcpi [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\NetworkProvider]
"DeviceName" = \Device\LanmanRedirector
"Name" = Microsoft Windows Network
"DisplayName" = @%systemroot%\system32\wkssvc.dll,-102
"ProviderPath" = %SystemRoot%\System32\ntlanman.dll -- [2010.11.20 14:20:46 | 000,069,120 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]
"ServiceDll" = %SystemRoot%\System32\wkssvc.dll -- [2010.11.20 14:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"EnablePlainTextPassword" = 0
"EnableSecuritySignature" = 1
"RequireSecuritySignature" = 0
"OtherDomains" =  [binary data]
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S >
"DisplayName" = @%SystemRoot%\System32\dnsapi.dll,-101
"Group" = TDI
"ImagePath" = %SystemRoot%\system32\svchost.exe -k NetworkService -- [2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation)
"Description" = @%SystemRoot%\System32\dnsapi.dll,-102
"ObjectName" = NT AUTHORITY\NetworkService
"ErrorControl" = 1
"Start" = 2
"Type" = 32
"DependOnService" = Tdxnsi [binary data]
"ServiceSidType" = 1
"RequiredPrivileges" = SeChangeNotifyPrivilegeSeCreateGlobalPrivilege [binary data]
"FailureActions" = 80 51 01 00 00 00 00 00 00 00 00 00 03 00 00 00 14 00 00 00 01 00 00 00 C0 D4 01 00 01 00 00 00 E0 93 04 00 00 00 00 00 00 00 00 00  [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll" = %SystemRoot%\System32\dnsrslvr.dll -- [2011.03.03 07:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation)
"ServiceDllUnloadOnStop" = 1
"extension" = %SystemRoot%\System32\dnsext.dll -- [2009.07.14 03:15:12 | 000,006,656 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache]
"ShutdownOnIdle" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security]
"Security" = 01 00 14 80 F8 00 00 00 04 01 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 C8 00 08 00 00 00 00 02 18 00 9D 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 21 02 00 00 00 02 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 02 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 04 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 14 00 00 00 00 02 14 00 8D 00 02 00 01 01 00 00 00 00 00 05 13 00 00 00 00 02 18 00 CD 00 02 00 01 02 00 00 00 00 00 05 20 00 00 00 2C 02 00 00 00 02 28 00 CD 01 02 00 01 06 00 00 00 00 00 05 50 00 00 00 04 C9 44 AF 94 D9 D3 E5 2B E1 B7 1C 17 84 87 13 6E 1A FA 65 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00  [Binary data over 200 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0]
"Type" = 4
"Action" = 1
"GUID" = 07 9E 56 B7 21 84 E0 4E AD 10 86 91 5A FD AD 09  [binary data]
"Data0" = 5355UDP [binary data]
"DataType0" = 2
 
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost >
"RPCSS" = RpcEptMapperRpcSs [binary data]
"defragsvc" = defragsvc [binary data] -- [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation)
"LocalSystemNetworkRestricted" = UxSmsWdiSystemHostNetmantrkwks [Binary data over 200 bytes]
"LocalService" = nsiWdiServiceHostw32timeEventSy [Binary data over 200 bytes]
"netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes]
"WerSvcGroup" = wersvc [binary data] -- [2009.07.14 03:16:18 | 000,065,024 | ---- | M] (Microsoft Corporation)
"LocalServiceNoNetwork" = DPSPLABFEmpssvcWwanSvc [binary data]
"termsvcs" = TermService [binary data]
"swprv" = swprv [binary data] -- [2009.07.14 03:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation)
"LocalServiceNetworkRestricted" = DHCPeventlogAudioSrvBthHFSrvLm [Binary data over 200 bytes]
"LocalServicePeerNet" = PNRPSvcp2pimsvcp2psvcPnrpAutoReg [binary data]
"NetworkServiceAndNoImpersonation" = KtmRm [binary data]
"regsvc" = RemoteRegistry [binary data]
"LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSfdre [Binary data over 200 bytes]
"DcomLaunch" = PowerPlugPlayDcomLaunch [binary data]
"NetworkServiceNetworkRestricted" = PolicyAgent [binary data]
"NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes]
"sdrsvc" = sdrsvc [binary data] -- [2010.11.20 14:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation)
"WbioSvcGroup" = WbioSrvc [binary data] -- [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation)
"imgsvc" = StiSvc [binary data]
"wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 03:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation)
"AxInstSVGroup" = AxInstSV [binary data] -- [2010.11.20 14:18:06 | 000,088,064 | ---- | M] (Microsoft Corporation)
"secsvcs" = WinDefend [binary data]
"bthsvcs" = bthserv [binary data] -- [2009.07.14 03:15:00 | 000,064,512 | ---- | M] (Microsoft Corporation)
"GPSvcGroup" = GPSvc [binary data] -- [2010.11.20 14:19:09 | 000,593,408 | ---- | M] (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\AxInstSVGroup]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\defragsvc]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\GPSvcGroup]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com >
 
< %SystemRoot%\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
 
< C:\Windows\system32\*.dll /800 >
[2014.03.04 11:17:05 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\adprovider.dll
[2013.08.29 03:48:17 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\advapi32.dll
[2014.05.09 09:04:12 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aeinv.dll
[2014.05.09 09:06:23 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aepdu.dll
[2013.08.02 03:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
[2013.08.02 03:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2013.08.02 03:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2013.08.02 03:48:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2013.08.02 03:48:15 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.08.02 03:48:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.08.02 03:48:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
[2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2013.08.02 03:48:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.08.02 02:43:05 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.08.02 02:43:05 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
[2013.08.02 02:43:05 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.13 23:16:42 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.01.13 23:12:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.01.13 23:17:02 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.01.13 23:11:08 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.01.13 23:17:03 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.01.13 23:11:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.01.13 23:11:21 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.01.13 23:11:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
[2013.08.02 02:43:05 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
[2013.02.27 06:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\appinfo.dll
[2013.09.11 22:21:54 | 000,028,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aspnet_counters.dll
[2012.11.06 01:20:50 | 000,168,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\atl110.dll
[2013.06.06 05:01:38 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll
[2013.06.06 05:01:26 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll
[2014.06.03 11:29:40 | 001,805,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\authui.dll
[2012.07.04 23:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll
[2012.07.04 23:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browser.dll
[2014.03.04 11:17:06 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\capiprovider.dll
[2014.06.16 03:40:20 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdd.dll
[2013.05.13 05:08:06 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\certenc.dll
[2013.04.18 19:06:46 | 000,974,848 | ---- | M] () -- C:\Windows\system32\cis-2.4.dll
[2014.03.04 11:17:07 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngprovider.dll
[2013.07.04 13:50:56 | 000,530,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\comctl32.dll
[2014.05.30 09:52:30 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\credssp.dll
[2013.10.04 03:56:25 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\credui.dll
[2013.10.05 21:57:25 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2013.05.10 05:20:54 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptdlg.dll
[2013.07.09 06:46:31 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll
[2013.07.09 06:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll
[2013.03.19 06:48:45 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\csrsrv.dll
[2013.11.26 10:16:50 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d2d1.dll
[2013.01.13 21:46:25 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10.dll
[2013.01.13 22:08:43 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10core.dll
[2013.01.13 21:54:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll
[2013.12.25 01:09:41 | 001,987,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10warp.dll
[2013.01.13 21:48:47 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1.dll
[2013.01.13 22:09:00 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1core.dll
[2013.04.26 01:30:32 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d11.dll
[2013.07.04 13:51:04 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\davclnt.dll
[2013.06.06 06:50:56 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dciman32.dll
[2013.04.18 19:06:08 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\system32\dgderapi.dll
[2012.10.09 19:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcore6.dll
[2012.10.09 19:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcsvc6.dll
[2014.03.04 11:17:08 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dimsroam.dll
[2014.03.04 11:17:08 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpapiprovider.dll
[2012.11.02 07:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll
[2013.04.10 01:34:01 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll
[2013.01.13 22:20:31 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxgi.dll
[2014.07.24 19:48:57 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll
[2014.07.24 19:48:51 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll
[2013.01.13 22:30:34 | 000,906,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\FntCache.dll
[2013.06.06 06:51:29 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\fontsub.dll
[2013.10.12 04:01:25 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\FWPUCLNT.DLL
[2012.12.07 14:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gameux.dll
[2014.08.23 03:46:55 | 000,305,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gdi32.dll
[2014.07.01 00:14:53 | 000,008,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardres.dll
[2014.07.24 19:57:19 | 009,739,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2014.07.24 19:49:37 | 001,802,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2014.07.24 19:47:53 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2013.10.12 04:01:41 | 000,679,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IKEEXT.DLL
[2013.10.19 03:36:59 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll
[2014.03.09 23:47:43 | 000,099,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\infocardapi.dll
[2014.02.04 04:00:39 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iologmsg.dll
[2012.10.03 18:40:35 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iphlpsvc.dll
[2013.04.18 19:06:46 | 000,081,920 | ---- | M] () -- C:\Windows\system32\issacapi_bs-2.3.dll
[2013.04.18 19:06:46 | 000,065,536 | ---- | M] () -- C:\Windows\system32\issacapi_pe-2.3.dll
[2013.04.18 19:06:46 | 000,057,344 | ---- | M] () -- C:\Windows\system32\issacapi_se-2.3.dll
[2014.07.24 19:49:29 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
[2014.07.24 19:58:33 | 001,810,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll
[2014.07.24 19:50:10 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2014.07.09 03:29:31 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KBDBASH.DLL
[2014.07.09 03:29:32 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KBDRU.DLL
[2014.07.09 03:29:32 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KBDRU1.DLL
[2014.07.09 03:29:32 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KBDTAT.DLL
[2014.07.09 03:29:32 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KBDYAK.DLL
[2014.05.30 09:52:36 | 000,550,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll
[2014.03.04 11:17:13 | 000,868,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll
[2014.03.04 11:17:13 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll
[2013.06.06 06:52:14 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\lpk.dll
[2014.06.05 16:26:50 | 001,059,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\lsasrv.dll
[2013.04.18 19:06:46 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MACXMLProto.dll
[2013.04.18 19:06:46 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\system32\MaDRM.dll
[2013.04.18 19:06:46 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaJGUILib.dll
[2013.04.18 19:06:46 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\system32\MAMACExtract.dll
[2013.04.18 19:06:46 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\system32\MaXMLProto.dll
[2012.11.06 01:20:52 | 004,421,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110.dll
[2012.11.06 01:20:52 | 004,456,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfc110u.dll
[2012.11.06 01:20:52 | 000,092,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfcm110.dll
[2012.11.06 01:20:52 | 000,092,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mfcm110u.dll
[2013.04.18 19:06:46 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\system32\MK_Lyric.dll
[2013.04.18 19:06:46 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSCLib.dll
[2013.12.04 04:02:06 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msdrm.dll
[2014.07.24 19:49:18 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2014.07.24 19:48:53 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll
[2013.04.18 19:06:46 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\system32\MSFLib.dll
[2014.07.24 20:07:38 | 012,356,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2014.07.24 19:48:36 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2014.06.03 11:29:50 | 002,363,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll
[2013.10.30 04:19:52 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msieftp.dll
[2014.06.03 11:29:50 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msihnd.dll
[2013.04.18 19:06:46 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\system32\MSLUR71.dll
[2013.01.04 08:11:21 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msmpeg2vdec.dll
[2013.10.02 02:14:58 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MsRdpWebAccess.dll
[2014.01.09 04:22:42 | 005,694,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll
[2014.05.30 09:52:40 | 000,259,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msv1_0.dll
[2012.11.06 01:20:52 | 000,535,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp110.dll
[2013.09.11 22:21:54 | 000,501,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp110_clr0400.dll
[2013.09.11 22:21:54 | 000,018,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr100_clr0400.dll
[2012.11.06 01:20:52 | 000,875,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr110.dll
[2013.09.11 22:21:54 | 000,863,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr110_clr0400.dll
[2013.09.08 04:03:58 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mswsock.dll
[2014.03.26 16:27:50 | 001,237,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2014.03.26 16:25:14 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3r.dll
[2014.03.26 16:27:50 | 001,389,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2014.03.26 16:25:14 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6r.dll
[2013.04.18 19:06:46 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\system32\MTTELECHIP.dll
[2013.04.18 19:06:46 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\system32\MTXSYNCICON.dll
[2013.04.18 19:06:46 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzaf1.dll
[2013.04.18 19:06:46 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\system32\muzapp.dll
[2013.04.18 19:06:46 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\system32\muzwmts.dll
[2014.05.30 09:52:41 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll
[2012.10.03 18:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncsi.dll
[2012.07.04 23:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2012.10.03 18:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netcorehc.dll
[2012.10.03 18:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netevent.dll
[2012.10.03 18:42:26 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nlaapi.dll
[2012.10.03 18:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nlasvc.dll
[2013.10.12 04:03:08 | 000,656,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\nshwfp.dll
[2013.08.29 03:50:30 | 001,289,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntdll.dll
[2014.03.04 11:17:19 | 000,538,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\objsel.dll
[2013.07.20 12:33:12 | 000,102,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
[2014.06.06 11:44:17 | 000,509,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qedit.dll
[2014.05.08 11:06:54 | 002,742,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcorets.dll
[2012.08.23 13:12:17 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpendp_winip.dll
[2014.05.08 11:06:54 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\RdpGroupPolicyExtension.dll
[2012.08.23 16:48:14 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpudd.dll
[2013.10.02 01:08:10 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdvidcrl.dll
[2013.04.18 19:08:14 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\system32\Redemption.dll
[2014.07.14 03:42:02 | 000,654,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rpcrt4.dll
[2013.08.28 02:57:20 | 000,434,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scavengeui.dll
[2014.05.30 09:52:45 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2013.10.12 04:03:31 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scrrun.dll
[2013.12.04 04:03:08 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secproc.dll
[2013.12.04 04:03:20 | 000,423,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secproc_isv.dll
[2013.12.04 04:03:20 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secproc_ssp.dll
[2013.12.04 04:03:20 | 000,087,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secproc_ssp_isv.dll
[2014.04.12 04:12:06 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll
[2013.06.26 19:23:00 | 001,084,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sftldr.dll
[2013.07.26 03:55:59 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shdocvw.dll
[2014.06.25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2013.10.04 03:58:50 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\SmartcardCredentialProvider.dll
[2014.04.12 04:12:09 | 000,100,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll
[2014.04.12 04:12:09 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspisrv.dll
[2012.09.26 00:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll
[2013.08.29 03:50:16 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tdh.dll
[2013.10.02 01:58:48 | 000,053,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tsgqec.dll
[2014.05.30 09:52:49 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\TSpkg.dll
[2013.10.02 01:45:04 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\TsUsbGDCoInstaller.dll
[2013.10.02 02:30:38 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
[2013.09.25 03:57:53 | 000,792,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\TSWorkspace.dll
[2014.07.16 04:46:02 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2013.01.13 21:53:14 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\UIAnimation.dll
[2014.07.24 19:50:29 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2014.07.24 19:52:27 | 001,137,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2014.04.25 04:06:17 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\usp10.dll
[2014.07.24 19:49:38 | 000,421,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2012.11.06 01:20:52 | 000,252,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vccorlib110.dll
[2012.11.06 01:20:52 | 000,125,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vcomp110.dll
[2012.07.26 04:46:47 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wdfres.dll
[2014.05.30 09:52:51 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wdigest.dll
[2013.07.04 13:57:28 | 000,205,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WebClnt.dll
[2014.01.29 04:06:47 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wer.dll
[2013.04.26 06:55:21 | 000,492,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll
[2014.03.04 11:17:38 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wincredprovider.dll
[2014.09.01 20:42:57 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\WindowsAccessBridge.dll
[2014.02.04 04:04:22 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecs.dll
[2013.01.13 21:53:58 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecsExt.dll
[2014.07.24 19:51:52 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2013.08.02 03:50:36 | 000,169,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\winsrv.dll
[2013.07.09 06:52:10 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2013.10.02 02:14:20 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wksprtPS.dll
[2013.05.10 06:56:08 | 011,410,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmp.dll
[2013.11.23 20:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMPhoto.dll
[2013.05.10 06:56:15 | 012,625,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmploc.DLL
[2013.07.25 10:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMVDECOD.DLL
[2012.12.07 14:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wpc.dll
[2014.05.14 18:23:38 | 000,581,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuapi.dll
[2014.05.14 18:23:32 | 001,973,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuaueng.dll
[2014.05.14 18:17:15 | 002,425,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wucltux.dll
[2012.07.26 05:20:40 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFCoinstaller.dll
[2012.07.26 05:20:40 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFPlatform.dll
[2012.07.26 05:20:40 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFSvc.dll
[2012.07.26 05:20:40 | 000,613,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WUDFx.dll
[2014.05.14 18:17:10 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wudriver.dll
[2014.05.14 18:23:42 | 000,036,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups.dll
[2014.05.14 18:23:42 | 000,045,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wups2.dll
[2014.05.14 09:23:04 | 000,179,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wuwebv.dll
[2013.03.19 05:33:33 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wwanprotdim.dll
[2014.01.28 04:07:07 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wwansvc.dll
[2013.01.13 20:34:58 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsGdiConverter.dll
[2013.01.13 19:26:42 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsPrint.dll
 
<           >

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 02.09.2014 13:19:24 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lara\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,09 Mb Total Physical Memory | 258,62 Mb Available Physical Memory | 25,53% Memory free
2,20 Gb Paging File | 0,97 Gb Available in Paging File | 44,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,79 Gb Total Space | 132,44 Gb Free Space | 61,38% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 3,94 Gb Free Space | 98,58% Space Free | Partition Type: NTFS
 
Computer Name: LARASACER | User Name: Lara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1"
 
[HKEY_USERS\S-1-5-21-1908887682-808319941-1047621281-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7D54838F-8BA7-4C0C-B876-DF0D8B3226E1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F4B09290-BD1E-4831-BBBF-1F416AE63412}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{179AD27C-D9DF-4596-8781-A35F930B0145}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{181EE725-0B6E-4C8C-8B2F-AED79EEB8403}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe | 
"{1B60B4C1-D625-4B8A-B1AA-9EC7AB64AFA2}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | 
"{1D316047-0DCD-42DF-AE9F-C0B3F32888E9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe | 
"{27CFEA0A-C17B-44E1-BC94-55F8EB285F3B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{2A2664EB-0BA5-4FFB-9C84-0C6A0FEA5DFC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | 
"{39B14AFD-7EB9-41D5-8B45-2A3E7FCF3F53}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{3AA57530-DC3F-4165-8FB3-C8E25D7C698E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{45F93211-A0F0-4504-9BE2-C35B993E0D00}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{517880C9-A4F2-4DED-A056-61AAA0275E7C}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe | 
"{5255AAED-F3CB-4976-AC09-FA408E38C607}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{717DAE25-0D17-45FE-9E1D-4CD59FDEAFEE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{7BDF5F47-3F22-42C0-829C-5DEEF0E747ED}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{831B0F2B-A208-4BAC-917C-B648A25D409E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe | 
"{8B0570E0-A335-4607-9602-6B0C79833E91}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe | 
"{98CE9485-A44E-438C-AB34-2374A81D1954}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{9ED9F2A3-28EE-4205-A52D-C33EAC858965}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{A03FFFEF-2E2C-4272-A35C-B792FDB30FA6}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{A89D6AC9-042D-43E3-BEB1-5321A8BF56BE}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{AB5ECF61-4AD7-4187-9C1D-143F831EC5AF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe | 
"{CB11B9DA-238E-424A-8B15-5116163912F6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe | 
"{CB41D34C-E3EE-4C53-9362-27502015D338}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{D007A2E8-8C45-4DE7-8E5B-ABDF3103D2A8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{D5E45B96-DA84-468B-9158-283F8AC6161F}" = dir=in | app=c:\program files\jeak.de\qip 2012 jeak-edition\qip.exe | 
"{E30CD09C-ABCB-460E-856C-937564C4FC95}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{E646210E-59E2-40C2-8190-55EB24E87DC5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{F503BC85-AE8D-40A9-8AEA-DBA8CA09CEB7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{F54402A7-6EF2-4630-9DCD-BE1886A87DEE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{F97692D2-3096-4D66-A91C-5580303F9270}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"TCP Query User{2A909A04-3300-4B7D-A563-B648929C63BB}C:\program files\jeak.de\qip 2010\qip.exe" = protocol=6 | dir=in | app=c:\program files\jeak.de\qip 2010\qip.exe | 
"TCP Query User{694529D2-B2AA-443B-97B7-A1529CCC8127}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{7E9BC53B-A2AB-4A2A-A397-4EA931E65507}C:\program files\jeak.de\qip 2010\qip.exe" = protocol=6 | dir=in | app=c:\program files\jeak.de\qip 2010\qip.exe | 
"TCP Query User{9D1E17FE-AE70-435E-8A95-ECF49D4E8818}C:\program files\jeak.de\qip 2012 jeak-edition\qip.exe" = protocol=6 | dir=in | app=c:\program files\jeak.de\qip 2012 jeak-edition\qip.exe | 
"TCP Query User{AAB8A1CA-3CFA-49F2-9CFF-9F258E77A45E}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{1A4A8A21-47EC-4AE1-90EE-0AF0F19894F3}C:\program files\jeak.de\qip 2010\qip.exe" = protocol=17 | dir=in | app=c:\program files\jeak.de\qip 2010\qip.exe | 
"UDP Query User{34BA33AC-3057-4768-8072-EFD419A1E1CB}C:\program files\jeak.de\qip 2012 jeak-edition\qip.exe" = protocol=17 | dir=in | app=c:\program files\jeak.de\qip 2012 jeak-edition\qip.exe | 
"UDP Query User{6946C119-8581-4CB4-863D-0A1C87850865}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{D34FF93D-39BE-45DC-8D4D-245290AF30A7}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{EE0CE719-1224-405F-A053-8CD4D4355B75}C:\program files\jeak.de\qip 2010\qip.exe" = protocol=17 | dir=in | app=c:\program files\jeak.de\qip 2010\qip.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2FBC78B6-125F-4E8C-8B18-2D7A3C2FD306}" = QIP 2012 7221 Jeak-Edition
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59C51498-BEDE-4033-BBEE-16908F1EFB47}" = AVG 2014
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.6.0
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E871D09-064D-3BC9-963B-3AB8ABE1273D}" = Microsoft .NET Framework 4.5.1 (DEU)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.08) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E62AFEB8-BF5A-4287-A19B-198BB17F6276}" = AVG 2014
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"AVG" = AVG 2014
"Defraggler" = Defraggler
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESET Online Scanner" = ESET Online Scanner v3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"LManager" = Launch Manager
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.2.1012
"Mozilla Firefox 31.0 (x86 de)" = Mozilla Firefox 31.0 (x86 de)
"Mozilla Thunderbird 24.6.0 (x86 de)" = Mozilla Thunderbird 24.6.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"QIP 2012 7221 Jeak-Edition 4.0.7221" = QIP 2012 7221 Jeak-Edition
"StarterBackgroundChanger" = StarterBackgroundChanger
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.9
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1908887682-808319941-1047621281-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.18
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 28.08.2014 08:16:38 | Computer Name = larasacer | Source = DCOM | ID = 10010
Description = 
 
Error - 28.08.2014 16:36:33 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 28.08.2014 21:25:47 | Computer Name = larasacer | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 28.08.2014 21:31:23 | Computer Name = larasacer | Source = DCOM | ID = 10010
Description = 
 
Error - 29.08.2014 08:17:59 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 29.08.2014 14:26:41 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 30.08.2014 03:10:19 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 31.08.2014 09:46:54 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 31.08.2014 13:14:37 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 01.09.2014 14:30:55 | Computer Name = larasacer | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
 
< End of report >

cosinus · 02.09.2014, 14:20

Sieht gut aus. Rechner wieder ok?

Gast1234 · 02.09.2014, 14:31

Bis jetzt läuft alles gut =)
Tausend Dank!

cosinus · 02.09.2014, 14:32

Dann wären wir durch!

Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Es empfiehlt sich Malwarebytes Anti-Malware zu behalten und damit wöchentlich nach Malware zu scannen.

Helfen kann dir dabei delfix:

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Gast1234 · 02.09.2014, 20:11

Code:

ATTFilter

# DelFix v10.8 - Datei am 02/09/2014 um 20:53:17 erstellt
# Aktualisiert am 29/07/2014 von Xplode
# Benutzer : Lara - LARASACER
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\Qoobox
Gelöscht : C:\_OTL
Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\ComboFix.txt
Gelöscht : C:\Windows\grep.exe
Gelöscht : C:\Windows\PEV.exe
Gelöscht : C:\Windows\NIRCMD.exe
Gelöscht : C:\Windows\MBR.exe
Gelöscht : C:\Windows\SED.exe
Gelöscht : C:\Windows\SWREG.exe
Gelöscht : C:\Windows\SWSC.exe
Gelöscht : C:\Windows\SWXCACLS.exe
Gelöscht : C:\Windows\Zip.exe
Gelöscht : HKLM\SOFTWARE\OldTimer Tools
Gelöscht : HKLM\SOFTWARE\AdwCleaner
Gelöscht : HKLM\SOFTWARE\Swearware
Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #287 [Entfernt Atheros Communications Inc.(R) AR81Family Gigabit/Fast ¨±ûv | 08/28/2014 12:16:57]
Gelöscht : RP #288 [Windows Update | 08/29/2014 01:01:10]
Gelöscht : RP #289 [OTL Restore Point - 29.08.2014 13:41:27 | 08/29/2014 11:41:39]
Gelöscht : RP #290 [Installed Java 7 Update 67 | 09/01/2014 18:38:09]
Gelöscht : RP #291 [OTL Restore Point - 02.09.2014 13:28:31 | 09/02/2014 11:28:33]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########

Danke vielmals

02.09.2014, 14:20	#38
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malsign.Dailytools.3A7 Sieht gut aus. Rechner wieder ok? __________________ Logfiles bitte immer in CODE-Tags posten

Malsign.Dailytools.3A7

Log-Analyse und Auswertung: Malsign.Dailytools.3A7