Hallo, ich glaube dass ich das ZeroAccess Rootkit besiegt habe, bitte sagt mir wie ihr folgendes einschätzt:
Ich habe nun folgendes gemacht (der Reihe nach):
1) Mit aktuellem Malwarebytes Vollscan, dann alle ZeroAccess-Fünde (siehe oben in meinem ersten Post) in die Quarantäne verschoben
2) Reboot
3) In MBAM Quarantäne-Inhalte gelöscht, dann zweiter Vollscan: keine Funde mehr!
4) Internet-Verbindung wieder aktiviert und ein wenig gesurft, dann Reboot
5) Dritter MBAM Vollscan: immernoch keine Funde mehr
6) aktueller Combofix von bleepingcompter heruntergeladen
7) Reboot im abgesicherten Modus, Combofix ausgeführt, Ergebnis siehe Combofix.txt
8) Reboot
9) aktueller GMER heruntergeladen und gescannt, siehe gmer.txt
10) aktueller OSAM heruntergeladen und gescannt, alles grün, Save Log ging aber irgendwie nicht (Speichern-Unter Fenster erschien nicht)
11) aswMBR.exe heruntergeladen, aktuelle Virendefinition geupdated und gescannt, Ergebnis siehe aswMBR.txt. Einzig rot markiert war folgende Zeile:
16:36:57.857 \Driver\atapi[0xfffffa8007e5b6b0] -> IRP_MJ_CREATE -> 0xfffffa8007d082c0
Liegt das evtl. an den installierten Daemon Tools?
12) TDSSKiller heruntergeladen und gescannt, keine Funde (siehe tdsskiller.txt)
13) nochmal mit OTL gescannt, siehe OTL_zwei.txt
14) Reboot
15) nochmal mit MABM, immer noch keine Funde
Also im Grunde war seit der Entfernung durch MABM in Schritt 1) nichts mehr aufgetaucht.
Frage A: Wie ist der Rest zu deuten? Das einzige was jetzt nicht 100% perfekt war: dass man mit OSAM irgendwie nicht das Log abspeichern konnte, und die besagte markierte Linie im aswMBR log
Frage B: Sollte ich es in Zukunft irgendwie stets überprüfen um zu klären ob meine Säuberung geklappt hat, oder ist mein Rechner jetzt sauber? Kann ich das noch irgendwie weiter überprüfen?
Frage C: im letzten log (otl_zwei.txt) sind unter "Files Created - No Company Name" ein paar komische files in c:\windows aufgeführt (PEV.exe, MBR.exe, sed.exe, grep.exe, zip.exe). Diese Files sind allesamt aber weg, wenn man danach sucht. Was war das?
Und nochmal generell: warum kam der Hinweis, dass nur ein Neuaufsetzen des System funktioniert, wenn MABM bereits im ersten Schritt anscheinend dafür gesorgt hat dass nichts wieder zurück kam?
Oder sind Windows 7 - Installationen, die auf einem Bootcamp-Macbook laufen, vielleicht irgendwie doch 'immun' gegen ZeroAccess Rootkits, und deswegen ging die Löschung so leicht so dass ja nichtmal Combofix anscheinend was gefunden hat?
Allerbeste Grüße,
Magnus
Combofix.txt
Combofix Logfile: Code:
ComboFix 12-03-01.02 - - 02.03.2012 15:31:56.1.2 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.8168.6734 [GMT 1:00]
ausgeführt von:: c:\users\-\Desktop\DOWNLOAD\ComboFix.exe
SP: Spybot - Search & Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1&1
c:\programdata\1&1\1&1 SmartFax\Settings.xml
c:\users\-\AppData\Roaming\1&1
c:\users\-\AppData\Roaming\1&1\1&1 SmartFax\FaxNumberHistory.xml
c:\users\-\AppData\Roaming\1&1\1&1 SmartFax\Settings.xml
c:\users\-\AppData\Roaming\Help\coredb\storage
c:\windows\IsUn0407.exe
c:\windows\system\vb40032.dll
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-02 bis 2012-03-02 ))))))))))))))))))))))))))))))
.
.
2012-03-02 14:36 . 2012-03-02 14:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-02 00:40 . 2012-03-02 00:40 -------- d-----w- c:\users\-\AppData\Roaming\Malwarebytes
2012-03-02 00:39 . 2012-03-02 00:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-02 00:39 . 2012-03-02 00:39 -------- d-----w- c:\programdata\Malwarebytes
2012-03-02 00:39 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 23:33 . 2012-03-01 23:33 -------- d-----w- c:\users\-\AppData\Roaming\TeamViewer
2012-02-29 21:45 . 2012-02-29 21:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-29 21:26 . 2012-02-29 21:26 -------- d-----w- c:\windows\system32\Macromed
2012-02-17 23:37 . 2012-02-17 23:39 -------- d-----w- c:\program files\EOTfast
2012-02-09 15:41 . 2012-01-10 13:36 4763456 ----a-w- c:\windows\procexp.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-01 00:25 . 2010-08-17 14:54 536592 ----a-w- c:\program files\Core Temp.exe
2002-03-19 16:30 . 2010-08-18 11:25 216576 ----a-w- c:\program files\PowerCalc.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 15:50 1197448 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2008-12-09 495616]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Windows7FirewallControl"="c:\program files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe" [2010-04-09 753664]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"ToolboxFX"="c:\program files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2011-08-04 3225504]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Biet-O-Matic.lnk - c:\program files (x86)\Biet-O-Matic\Biet-O-Matic.exe [2010-8-18 1265664]
SolidWorks Hintergrund-Downloader.lnk - c:\program files (x86)\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe [2010-12-1 1826600]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-08-04 48888]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [x]
R2 AppleTimeSrv;Apple-Time-Server;c:\windows\system32\AppleTimeSrv.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-06 136176]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]
R2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [x]
R2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 McNeelUpdates32;McNeel Update (32-bit);c:\program files (x86)\Rhinoceros 5.0 WIP\System\RhinoVersionCheckSvc32.exe [2011-09-21 96256]
R2 McNeelUpdates64;McNeel Update (64-bit);c:\program files\Rhinoceros 5.0 WIP (64-bit)\System\RhinoVersionCheckSvc64.exe [2010-05-18 94208]
R2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-08-04 130976]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-08-04 1082800]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-08-04 1149864]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-08-04 169624]
R2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-08-02 199600]
R2 Windows7FirewallService;Windows7FirewallService;c:\program files (x86)\Windows7FirewallControl\Windows7FirewallService.exe [2010-04-09 372736]
R3 ALSysIO;ALSysIO;c:\users\-\AppData\Local\Temp\ALSysIO64.sys [x]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-10-05 87336]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-01 1431888]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-06 136176]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x]
S0 AppleHFS;AppleHFS; [x]
S0 AppleMNT;AppleMNT; [x]
S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [x]
S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [x]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-02 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2011-10-04 14:18]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-06 14:35]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-06 14:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-22 7573024]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-22 1833504]
"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2009-07-22 627504]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-04-10 979344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {83581B17-7BF5-4650-BF23-853A8A0C271A} - hxxps://nextdayoqaos.materialise.com/Upserver/EposActiveX.cab
FF - ProfilePath - c:\users\-\AppData\Roaming\Mozilla\Firefox\Profiles\328hfjeu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Tab Kit: tabkit@jomel.me.uk - %profile%\extensions\tabkit@jomel.me.uk
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
FF - Ext: LeechBlock: {a95d8332-e4b4-6e7f-98ac-20b733364387} - %profile%\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-iPhone PC Suite - c:\program files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe
Wow6432Node-HKU-Default-Run-8E8B8A6D35EC0A0D - c:\timerintray\timerintray.exe
Notify-SDWinLogon - SDWinLogon.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-EFCL SecuLauncher Error Fix v1.1 by TokZic 1.1 - c:\program files (x86)\Rockstar Games\EFLC\Uninstall.exe
AddRemove-Lemmings 2 - The Tribes_is1 - c:\games\Lemmings2\unins000.exe
AddRemove-Lemmings 3 - The Chronicles_is1 - c:\games\Lemmings3\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.032"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.aiff"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ani"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.apd"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.au"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bmp"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cr2"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.crw"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cur"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dcx"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dib"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djvu"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.emf"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.eps"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fpx"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.gif"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icl"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iff"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.int"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2k"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jp2"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpc"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpe"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpeg"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpg"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.kdc"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.lbm"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mp2"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (S-1-5-21-1006039580-3662714632-3488871094-1001)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\winamp.exe"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbm"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcd"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pcx"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pgm"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.png"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ppm"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.psd"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.psp"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ras"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.raw"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgb"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rle"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sgi"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tga"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tif"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.tiff"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ttf"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wav"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbmp"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wmf"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xbm"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xmp"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xpm"
.
[HKEY_USERS\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\SecuROM\License information*]
"datasecu"=hex:e2,a5,8a,13,1b,86,d3,85,d6,fc,ca,ec,e1,46,3e,a1,ee,ce,f0,f3,f5,
4a,99,33,11,f0,dc,38,71,e5,82,b4,e0,09,12,17,9e,ac,a2,94,02,73,0c,ab,fa,9d,\
"rkeysecu"=hex:93,52,33,68,b2,c5,a4,ec,d9,77,5c,9b,88,74,87,ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-02 15:39:07
ComboFix-quarantined-files.txt 2012-03-02 14:39
.
Vor Suchlauf: 5.431.091.200 Bytes frei
Nach Suchlauf: 4.966.277.120 Bytes frei
.
- - End Of File - - 4FFB45484E3BAEF12CD9C311DD22D75A
--- --- ---
gmer.txt
GMER Logfile: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-02 16:10:18
Windows 6.1.7600
Running: xk6qokh5.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00236cb70ce6
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\65900742f1c4
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x88 0xD0 0x20 0x3F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE4 0x36 0xF9 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4B 0x2D 0x06 0x77 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00236cb70ce6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\65900742f1c4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x88 0xD0 0x20 0x3F ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE4 0x36 0xF9 0x9A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4B 0x2D 0x06 0x77 ...
---- Files - GMER 1.0.15 ----
File C:\Users\-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2MARDLCY\integrity-local[1].txt 0 bytes
File C:\Users\-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8TMA1NUI\clients[2].txt 0 bytes
---- EOF - GMER 1.0.15 ----
--- --- ---
aswMBR.txt Code:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-02 16:36:27
-----------------------------
16:36:27.219 OS Version: Windows x64 6.1.7600
16:36:27.219 Number of processors: 2 586 0x170A
16:36:27.219 ComputerName: D UserName: -
16:36:28.217 Initialize success
16:36:31.041 AVAST engine defs: 12030200
16:36:38.092 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:36:38.092 Disk 0 Vendor: INTEL_SSDSA2M160G2GC 2CV102HD Size: 152627MB BusType: 3
16:36:38.092 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2
16:36:38.092 Disk 1 Vendor: ST9320421ASG AP81 Size: 305245MB BusType: 3
16:36:38.139 Disk 0 MBR read successfully
16:36:38.139 Disk 0 MBR scan
16:36:38.139 Disk 0 Windows 7 default MBR code
16:36:38.154 Disk 0 Partition 1 00 EE GPT 200 MB offset 1
16:36:38.154 Disk 0 Partition 2 00 AF HFS / HFS+ 51072 MB offset 409640
16:36:38.170 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 101226 MB offset 105269248
16:36:38.217 Disk 0 scanning C:\Windows\system32\drivers
16:36:50.197 Service scanning
16:36:57.077 Modules scanning
16:36:57.654 Disk 0 trace - called modules:
16:36:57.685 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8007d082c0]<<spex.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
16:36:57.732 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007f89060]
16:36:57.779 3 CLASSPNP.SYS[fffff880013a543f] -> nt!IofCallDriver -> [0xfffffa8007e5e580]
16:36:57.826 5 ACPI.sys[fffff88001043781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007e66060]
16:36:57.857 \Driver\atapi[0xfffffa8007e5b6b0] -> IRP_MJ_CREATE -> 0xfffffa8007d082c0
16:36:58.777 AVAST engine scan C:\Windows
16:37:00.696 AVAST engine scan C:\Windows\system32
16:38:09.258 AVAST engine scan C:\Windows\system32\drivers
16:38:12.659 AVAST engine scan C:\Users\-
16:38:31.613 AVAST engine scan C:\ProgramData
16:38:43.812 Scan finished successfully
16:39:49.207 Disk 0 MBR has been saved successfully to "C:\_ablage\abn\MBR.dat"
16:39:49.207 The log file has been saved successfully to "C:\_ablage\abn\aswMBR.txt"
tdsskiller.txt Code:
16:47:50.0384 4856 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
16:47:50.0571 4856 ============================================================
16:47:50.0571 4856 Current date / time: 2012/03/02 16:47:50.0571
16:47:50.0571 4856 SystemInfo:
16:47:50.0571 4856
16:47:50.0571 4856 OS Version: 6.1.7600 ServicePack: 0.0
16:47:50.0571 4856 Product type: Workstation
16:47:50.0571 4856 ComputerName: D
16:47:50.0571 4856 UserName: -
16:47:50.0571 4856 Windows directory: C:\Windows
16:47:50.0571 4856 System windows directory: C:\Windows
16:47:50.0571 4856 Running under WOW64
16:47:50.0571 4856 Processor architecture: Intel x64
16:47:50.0571 4856 Number of processors: 2
16:47:50.0571 4856 Page size: 0x1000
16:47:50.0571 4856 Boot type: Normal boot
16:47:50.0571 4856 ============================================================
16:47:50.0758 4856 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:47:50.0758 4856 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:47:50.0790 4856 \Device\Harddisk0\DR0:
16:47:50.0790 4856 GPT used
16:47:50.0790 4856 \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {9CD18934-D910-43D0-AEC0-9F591D851E5B}, Name: EFI System Partition, StartLBA 0x28, BlocksNum 0x64000
16:47:50.0790 4856 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {48465300-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {DCE57030-3022-4D8F-8AEB-0BCE08D6F9AC}, Name: SYSTEM, StartLBA 0x64028, BlocksNum 0x63C0000
16:47:50.0790 4856 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {96943333-F4AD-41A2-A937-2ACDCD8A2D9C}, Name: BOOTCAMP, StartLBA 0x6464800, BlocksNum 0xC5B5000
16:47:50.0790 4856 \Device\Harddisk1\DR1:
16:47:50.0790 4856 MBR used
16:47:50.0790 4856 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
16:47:50.0790 4856 Initialize success
16:47:50.0790 4856 ============================================================
16:47:54.0970 3820 ============================================================
16:47:54.0970 3820 Scan started
16:47:54.0970 3820 Mode: Manual; SigCheck; TDLFS;
16:47:54.0970 3820 ============================================================
16:47:54.0986 3820 1394ohci - ok
16:47:54.0986 3820 ACPI - ok
16:47:54.0986 3820 AcpiPmi - ok
16:47:55.0002 3820 adp94xx - ok
16:47:55.0002 3820 adpahci - ok
16:47:55.0002 3820 adpu320 - ok
16:47:55.0002 3820 AFD - ok
16:47:55.0002 3820 agp440 - ok
16:47:55.0002 3820 aliide - ok
16:47:55.0017 3820 ALSysIO - ok
16:47:55.0017 3820 amdide - ok
16:47:55.0017 3820 AmdK8 - ok
16:47:55.0017 3820 AmdPPM - ok
16:47:55.0017 3820 amdsata - ok
16:47:55.0017 3820 amdsbs - ok
16:47:55.0033 3820 amdxata - ok
16:47:55.0033 3820 AppID - ok
16:47:55.0033 3820 AppleHFS - ok
16:47:55.0033 3820 AppleMNT - ok
16:47:55.0033 3820 applemtm - ok
16:47:55.0048 3820 applemtp - ok
16:47:55.0048 3820 arc - ok
16:47:55.0048 3820 arcsas - ok
16:47:55.0048 3820 AsyncMac - ok
16:47:55.0064 3820 atapi - ok
16:47:55.0064 3820 b06bdrv - ok
16:47:55.0064 3820 b57nd60a - ok
16:47:55.0064 3820 BCM43XX - ok
16:47:55.0080 3820 Beep - ok
16:47:55.0080 3820 blbdrive - ok
16:47:55.0080 3820 bowser - ok
16:47:55.0080 3820 BrFiltLo - ok
16:47:55.0080 3820 BrFiltUp - ok
16:47:55.0095 3820 BridgeMP - ok
16:47:55.0095 3820 Brserid - ok
16:47:55.0095 3820 BrSerWdm - ok
16:47:55.0095 3820 BrUsbMdm - ok
16:47:55.0095 3820 BrUsbSer - ok
16:47:55.0095 3820 BthEnum - ok
16:47:55.0111 3820 BTHMODEM - ok
16:47:55.0111 3820 BthPan - ok
16:47:55.0111 3820 BTHPORT - ok
16:47:55.0111 3820 BTHUSB - ok
16:47:55.0111 3820 catchme - ok
16:47:55.0111 3820 cdfs - ok
16:47:55.0126 3820 cdrom - ok
16:47:55.0126 3820 circlass - ok
16:47:55.0126 3820 CLFS - ok
16:47:55.0142 3820 CmBatt - ok
16:47:55.0142 3820 cmdide - ok
16:47:55.0142 3820 CNG - ok
16:47:55.0142 3820 Compbatt - ok
16:47:55.0142 3820 CompositeBus - ok
16:47:55.0142 3820 crcdisk - ok
16:47:55.0158 3820 CSC - ok
16:47:55.0158 3820 DfsC - ok
16:47:55.0158 3820 discache - ok
16:47:55.0173 3820 Disk - ok
16:47:55.0173 3820 Dot4 - ok
16:47:55.0173 3820 Dot4Print - ok
16:47:55.0173 3820 dot4usb - ok
16:47:55.0173 3820 drmkaud - ok
16:47:55.0173 3820 DXGKrnl - ok
16:47:55.0189 3820 ebdrv - ok
16:47:55.0189 3820 elxstor - ok
16:47:55.0189 3820 ErrDev - ok
16:47:55.0204 3820 ewusbnet - ok
16:47:55.0204 3820 ew_hwusbdev - ok
16:47:55.0204 3820 exfat - ok
16:47:55.0204 3820 fastfat - ok
16:47:55.0204 3820 fdc - ok
16:47:55.0220 3820 FileInfo - ok
16:47:55.0220 3820 Filetrace - ok
16:47:55.0220 3820 flpydisk - ok
16:47:55.0220 3820 FltMgr - ok
16:47:55.0236 3820 FsDepends - ok
16:47:55.0236 3820 Fs_Rec - ok
16:47:55.0236 3820 fvevol - ok
16:47:55.0236 3820 gagp30kx - ok
16:47:55.0236 3820 GEARAspiWDM - ok
16:47:55.0251 3820 hcw85cir - ok
16:47:55.0251 3820 HdAudAddService - ok
16:47:55.0251 3820 HDAudBus - ok
16:47:55.0251 3820 HidBatt - ok
16:47:55.0251 3820 HidBth - ok
16:47:55.0267 3820 HidIr - ok
16:47:55.0267 3820 HidUsb - ok
16:47:55.0267 3820 HPFXBULKLEDM - ok
16:47:55.0267 3820 HpSAMD - ok
16:47:55.0282 3820 HTTP - ok
16:47:55.0282 3820 huawei_enumerator - ok
16:47:55.0282 3820 hwdatacard - ok
16:47:55.0282 3820 hwpolicy - ok
16:47:55.0282 3820 i8042prt - ok
16:47:55.0298 3820 iaStorV - ok
16:47:55.0298 3820 iirsp - ok
16:47:55.0298 3820 IntcAzAudAddService - ok
16:47:55.0298 3820 intelide - ok
16:47:55.0298 3820 intelppm - ok
16:47:55.0314 3820 IpFilterDriver - ok
16:47:55.0314 3820 IPMIDRV - ok
16:47:55.0314 3820 IPNAT - ok
16:47:55.0314 3820 IRENUM - ok
16:47:55.0314 3820 IRRemoteFlt - ok
16:47:55.0314 3820 isapnp - ok
16:47:55.0329 3820 iScsiPrt - ok
16:47:55.0329 3820 kbdclass - ok
16:47:55.0329 3820 kbdhid - ok
16:47:55.0329 3820 KeyAgent - ok
16:47:55.0329 3820 KeyMagic - ok
16:47:55.0329 3820 KSecDD - ok
16:47:55.0345 3820 KSecPkg - ok
16:47:55.0345 3820 ksthunk - ok
16:47:55.0345 3820 lltdio - ok
16:47:55.0360 3820 LSI_FC - ok
16:47:55.0360 3820 LSI_SAS - ok
16:47:55.0360 3820 LSI_SAS2 - ok
16:47:55.0360 3820 LSI_SCSI - ok
16:47:55.0360 3820 luafv - ok
16:47:55.0360 3820 MacHALDriver - ok
16:47:55.0360 3820 massfilter - ok
16:47:55.0376 3820 MBAMProtector - ok
16:47:55.0376 3820 megasas - ok
16:47:55.0376 3820 MegaSR - ok
16:47:55.0392 3820 Modem - ok
16:47:55.0392 3820 monitor - ok
16:47:55.0392 3820 mouclass - ok
16:47:55.0392 3820 mouhid - ok
16:47:55.0392 3820 mountmgr - ok
16:47:55.0392 3820 mpio - ok
16:47:55.0392 3820 mpsdrv - ok
16:47:55.0407 3820 MRxDAV - ok
16:47:55.0407 3820 mrxsmb - ok
16:47:55.0407 3820 mrxsmb10 - ok
16:47:55.0407 3820 mrxsmb20 - ok
16:47:55.0407 3820 msahci - ok
16:47:55.0407 3820 msdsm - ok
16:47:55.0423 3820 Msfs - ok
16:47:55.0423 3820 mshidkmdf - ok
16:47:55.0423 3820 msisadrv - ok
16:47:55.0423 3820 MSKSSRV - ok
16:47:55.0438 3820 MSPCLOCK - ok
16:47:55.0438 3820 MSPQM - ok
16:47:55.0438 3820 MsRPC - ok
16:47:55.0438 3820 mssmbios - ok
16:47:55.0438 3820 MSTEE - ok
16:47:55.0438 3820 MTConfig - ok
16:47:55.0454 3820 Mup - ok
16:47:55.0454 3820 NativeWifiP - ok
16:47:55.0454 3820 NDIS - ok
16:47:55.0454 3820 NdisCap - ok
16:47:55.0454 3820 NdisTapi - ok
16:47:55.0454 3820 Ndisuio - ok
16:47:55.0470 3820 NdisWan - ok
16:47:55.0470 3820 NDProxy - ok
16:47:55.0470 3820 Netaapl - ok
16:47:55.0470 3820 NetBIOS - ok
16:47:55.0470 3820 NetBT - ok
16:47:55.0485 3820 nfrd960 - ok
16:47:55.0485 3820 Npfs - ok
16:47:55.0485 3820 nsiproxy - ok
16:47:55.0501 3820 Ntfs - ok
16:47:55.0501 3820 Null - ok
16:47:55.0501 3820 NVENETFD - ok
16:47:55.0501 3820 nvlddmkm - ok
16:47:55.0501 3820 nvraid - ok
16:47:55.0501 3820 nvsmu - ok
16:47:55.0501 3820 nvstor - ok
16:47:55.0516 3820 nv_agp - ok
16:47:55.0516 3820 ohci1394 - ok
16:47:55.0516 3820 Parport - ok
16:47:55.0516 3820 partmgr - ok
16:47:55.0532 3820 pci - ok
16:47:55.0532 3820 pciide - ok
16:47:55.0532 3820 pcmcia - ok
16:47:55.0532 3820 pcw - ok
16:47:55.0532 3820 PEAUTH - ok
16:47:55.0548 3820 PptpMiniport - ok
16:47:55.0548 3820 Processor - ok
16:47:55.0563 3820 PROCEXP151 - ok
16:47:55.0563 3820 Psched - ok
16:47:55.0563 3820 ql2300 - ok
16:47:55.0563 3820 ql40xx - ok
16:47:55.0579 3820 QWAVEdrv - ok
16:47:55.0579 3820 RasAcd - ok
16:47:55.0579 3820 RasAgileVpn - ok
16:47:55.0579 3820 Rasl2tp - ok
16:47:55.0579 3820 RasPppoe - ok
16:47:55.0594 3820 RasSstp - ok
16:47:55.0594 3820 rdbss - ok
16:47:55.0594 3820 rdpbus - ok
16:47:55.0594 3820 RDPCDD - ok
16:47:55.0594 3820 RDPDR - ok
16:47:55.0594 3820 RDPENCDD - ok
16:47:55.0610 3820 RDPREFMP - ok
16:47:55.0610 3820 RDPWD - ok
16:47:55.0610 3820 rdyboost - ok
16:47:55.0610 3820 RFCOMM - ok
16:47:55.0626 3820 rspndr - ok
16:47:55.0626 3820 s3cap - ok
16:47:55.0626 3820 sbp2port - ok
16:47:55.0626 3820 scfilter - ok
16:47:55.0641 3820 SDHookDriver - ok
16:47:55.0641 3820 secdrv - ok
16:47:55.0657 3820 Serenum - ok
16:47:55.0657 3820 Serial - ok
16:47:55.0657 3820 sermouse - ok
16:47:55.0672 3820 sffdisk - ok
16:47:55.0672 3820 sffp_mmc - ok
16:47:55.0672 3820 sffp_sd - ok
16:47:55.0672 3820 sfloppy - ok
16:47:55.0672 3820 SiSRaid2 - ok
16:47:55.0672 3820 SiSRaid4 - ok
16:47:55.0688 3820 Smb - ok
16:47:55.0688 3820 spldr - ok
16:47:55.0704 3820 sptd - ok
16:47:55.0704 3820 srv - ok
16:47:55.0704 3820 srv2 - ok
16:47:55.0704 3820 srvnet - ok
16:47:55.0704 3820 stexstor - ok
16:47:55.0719 3820 storflt - ok
16:47:55.0719 3820 storvsc - ok
16:47:55.0719 3820 swenum - ok
16:47:55.0735 3820 Tcpip - ok
16:47:55.0735 3820 TCPIP6 - ok
16:47:55.0735 3820 tcpipreg - ok
16:47:55.0735 3820 TDPIPE - ok
16:47:55.0735 3820 TDTCP - ok
16:47:55.0750 3820 tdx - ok
16:47:55.0750 3820 TermDD - ok
16:47:55.0750 3820 truecrypt - ok
16:47:55.0766 3820 tssecsrv - ok
16:47:55.0766 3820 tunnel - ok
16:47:55.0766 3820 uagp35 - ok
16:47:55.0766 3820 udfs - ok
16:47:55.0782 3820 uliagpkx - ok
16:47:55.0782 3820 umbus - ok
16:47:55.0782 3820 UmPass - ok
16:47:55.0782 3820 USBAAPL64 - ok
16:47:55.0797 3820 usbaudio - ok
16:47:55.0797 3820 usbccgp - ok
16:47:55.0797 3820 usbcir - ok
16:47:55.0797 3820 usbehci - ok
16:47:55.0797 3820 usbhub - ok
16:47:55.0797 3820 usbohci - ok
16:47:55.0813 3820 usbprint - ok
16:47:55.0813 3820 usbscan - ok
16:47:55.0813 3820 USBSTOR - ok
16:47:55.0813 3820 usbuhci - ok
16:47:55.0813 3820 usbvideo - ok
16:47:55.0828 3820 vdrvroot - ok
16:47:55.0828 3820 vga - ok
16:47:55.0828 3820 VgaSave - ok
16:47:55.0828 3820 vhdmp - ok
16:47:55.0844 3820 viaide - ok
16:47:55.0844 3820 vmbus - ok
16:47:55.0844 3820 VMBusHID - ok
16:47:55.0844 3820 volmgr - ok
16:47:55.0844 3820 volmgrx - ok
16:47:55.0844 3820 volsnap - ok
16:47:55.0860 3820 vsmraid - ok
16:47:55.0860 3820 vwifibus - ok
16:47:55.0860 3820 vwififlt - ok
16:47:55.0860 3820 vwifimp - ok
16:47:55.0875 3820 WacomPen - ok
16:47:55.0875 3820 WANARP - ok
16:47:55.0875 3820 Wanarpv6 - ok
16:47:55.0875 3820 Wd - ok
16:47:55.0891 3820 Wdf01000 - ok
16:47:55.0891 3820 WfpLwf - ok
16:47:55.0891 3820 WIMMount - ok
16:47:55.0906 3820 WinUsb - ok
16:47:55.0906 3820 WmiAcpi - ok
16:47:55.0922 3820 ws2ifsl - ok
16:47:55.0922 3820 WSDPrintDevice - ok
16:47:55.0938 3820 WudfPf - ok
16:47:55.0938 3820 WUDFRd - ok
16:47:55.0938 3820 ZTEusbmdm6k - ok
16:47:55.0953 3820 ZTEusbnet - ok
16:47:55.0953 3820 ZTEusbnmea - ok
16:47:55.0953 3820 ZTEusbser6k - ok
16:47:55.0953 3820 ZTEusbvoice - ok
16:47:55.0969 3820 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:47:55.0984 3820 \Device\Harddisk0\DR0 - ok
16:47:56.0000 3820 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
16:47:56.0031 3820 \Device\Harddisk1\DR1 - ok
16:47:56.0031 3820 Boot (0x1200) (f7e6185c00be66a11cd5a561f3704eda) \Device\Harddisk0\DR0\Partition0
16:47:56.0031 3820 \Device\Harddisk0\DR0\Partition0 - ok
16:47:56.0031 3820 Boot (0x1200) (513ad2c1f6a64999617e25a02dacca8d) \Device\Harddisk0\DR0\Partition1
16:47:56.0031 3820 \Device\Harddisk0\DR0\Partition1 - ok
16:47:56.0047 3820 Boot (0x1200) (b6cf08b75b094548e9a5211690352210) \Device\Harddisk0\DR0\Partition2
16:47:56.0047 3820 \Device\Harddisk0\DR0\Partition2 - ok
16:47:56.0047 3820 Boot (0x1200) (3e97a336f8c466f9be6c7229a702f6c9) \Device\Harddisk1\DR1\Partition0
16:47:56.0047 3820 \Device\Harddisk1\DR1\Partition0 - ok
16:47:56.0047 3820 ============================================================
16:47:56.0047 3820 Scan finished
16:47:56.0047 3820 ============================================================
16:47:56.0047 2148 Detected object count: 0
16:47:56.0047 2148 Actual detected object count: 0
otl_zwei.txt
OTL Logfile: Code:
OTL logfile created on: 02.03.2012 16:51:09 - Run 2
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\-\Desktop\DOWNLOAD
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,33 Gb Available Physical Memory | 66,87% Memory free
15,95 Gb Paging File | 13,25 Gb Available in Paging File | 83,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98,85 Gb Total Space | 4,20 Gb Free Space | 4,25% Space Free | Partition Type: NTFS
Drive E: | 49,88 Gb Total Space | 26,13 Gb Free Space | 52,39% Space Free | Partition Type: HFS
Drive G: | 298,09 Gb Total Space | 5,49 Gb Free Space | 1,84% Space Free | Partition Type: NTFS
Computer Name: D | User Name: - | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.03.02 02:00:03 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\-\Desktop\DOWNLOAD\OTL.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.13 14:53:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011.09.21 09:58:06 | 000,096,256 | ---- | M] (Robert McNeel & Associates) -- C:\Program Files (x86)\Rhinoceros 5.0 WIP\System\RhinoVersionCheckSvc32.exe
PRC - [2011.08.04 15:18:12 | 003,225,504 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2011.08.04 15:17:18 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
PRC - [2011.08.04 15:17:06 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2011.08.04 15:17:04 | 001,149,864 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2011.08.04 15:16:58 | 001,082,800 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2010.10.10 18:15:46 | 001,265,664 | ---- | M] (www.bid-o-matic.org) -- C:\Program Files (x86)\Biet-O-Matic\Biet-O-Matic.exe
PRC - [2010.09.01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.08.02 11:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
PRC - [2010.04.09 14:32:02 | 000,372,736 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe
PRC - [2010.04.09 14:21:56 | 000,753,664 | ---- | M] (Sphinx Software) -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe
PRC - [2008.12.09 12:08:38 | 000,495,616 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
========== Modules (No Company Name) ==========
MOD - [2011.07.26 10:56:16 | 000,576,512 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2010.09.01 07:39:28 | 000,095,528 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.09.01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.07.23 03:54:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010.12.01 14:47:44 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010.10.05 09:07:08 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2010.05.18 19:06:38 | 000,094,208 | ---- | M] (Robert McNeel & Associates) [Auto | Running] -- C:\Program Files\Rhinoceros 5.0 WIP (64-bit)\System\RhinoVersionCheckSvc64.exe -- (McNeelUpdates64)
SRV:64bit: - [2009.07.22 10:16:56 | 000,110,896 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Windows\SysNative\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV:64bit: - [2009.07.22 10:16:54 | 000,174,384 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.09.21 09:58:06 | 000,096,256 | ---- | M] (Robert McNeel & Associates) [Auto | Running] -- C:\Program Files (x86)\Rhinoceros 5.0 WIP\System\RhinoVersionCheckSvc32.exe -- (McNeelUpdates32) McNeel Update (32-bit)
SRV - [2011.08.04 15:17:18 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService)
SRV - [2011.08.04 15:17:06 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe -- (SDWSCService)
SRV - [2011.08.04 15:17:04 | 001,149,864 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)
SRV - [2011.08.04 15:16:58 | 001,082,800 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)
SRV - [2010.12.01 14:55:50 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.12.01 14:50:28 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010.10.25 13:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010.08.02 11:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.07.26 16:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010.04.09 14:32:02 | 000,372,736 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.09.23 20:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.02.18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.12.14 20:28:30 | 000,022,040 | ---- | M] (Hewlett Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hppdbulkio.sys -- (HPFXBULKLEDM)
DRV:64bit: - [2010.10.21 21:51:00 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.08.18 14:33:20 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.04.19 21:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010.04.09 08:24:32 | 000,076,288 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010.04.07 10:05:00 | 000,250,368 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010.03.25 03:08:46 | 000,120,704 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010.03.20 04:56:56 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2009.07.22 10:17:04 | 000,012,856 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AppleMNT.sys -- (AppleMNT)
DRV:64bit: - [2009.07.22 10:17:02 | 000,067,640 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AppleHFS.sys -- (AppleHFS)
DRV:64bit: - [2009.07.22 10:17:02 | 000,019,000 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV:64bit: - [2009.07.22 10:17:00 | 000,015,416 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KeyAgent.sys -- (KeyAgent)
DRV:64bit: - [2009.07.22 10:12:27 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.07.22 10:11:38 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV:64bit: - [2009.07.22 10:11:25 | 000,037,888 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtp.sys -- (applemtp)
DRV:64bit: - [2009.07.22 10:11:25 | 000,012,288 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtm.sys -- (applemtm)
DRV:64bit: - [2009.07.22 10:11:20 | 000,029,184 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyMagic.sys -- (KeyMagic)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.09 13:38:26 | 000,167,424 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.04.09 13:38:26 | 000,011,776 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV - [2011.08.04 15:17:12 | 000,048,888 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys -- (SDHookDriver)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1006039580-3662714632-3488871094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1006039580-3662714632-3488871094-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 9B A4 09 90 05 CC 01 [binary data]
IE - HKU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKU\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: tabkit@jomel.me.uk:0.6
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.5.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.23 14:31:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.23 14:31:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.24 16:38:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2010.08.15 23:14:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\-\AppData\Roaming\mozilla\Extensions
[2010.08.15 23:14:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\-\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.02 02:30:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\-\AppData\Roaming\mozilla\Firefox\Profiles\328hfjeu.default\extensions
[2011.04.28 11:22:24 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Users\-\AppData\Roaming\mozilla\Firefox\Profiles\328hfjeu.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2011.10.25 17:30:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\-\AppData\Roaming\mozilla\Firefox\Profiles\328hfjeu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.16 12:42:44 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\-\AppData\Roaming\mozilla\Firefox\Profiles\328hfjeu.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.03.16 15:36:19 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\-\AppData\Roaming\mozilla\Firefox\Profiles\328hfjeu.default\extensions\2020Player@2020Technologies.com
[2010.11.03 20:52:08 | 000,000,000 | ---D | M] (Tab Kit) -- C:\Users\-\AppData\Roaming\mozilla\Firefox\Profiles\328hfjeu.default\extensions\tabkit@jomel.me.uk
[2012.03.02 02:30:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.08.18 10:24:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.08.18 10:24:43 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.08.16 00:58:55 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.10.25 17:30:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.25 17:30:48 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.25 17:30:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.25 17:30:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.25 17:30:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.03.02 15:36:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-1006039580-3662714632-3488871094-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apple_KbdMgr] C:\Programme\Boot Camp\Bootcamp.exe (Apple Inc.)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ToolboxFX] C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Windows7FirewallControl] C:\Program Files (x86)\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKU\S-1-5-21-1006039580-3662714632-3488871094-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1006039580-3662714632-3488871094-1001..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1006039580-3662714632-3488871094-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1006039580-3662714632-3488871094-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1006039580-3662714632-3488871094-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {83581B17-7BF5-4650-BF23-853A8A0C271A} https://nextdayoqaos.materialise.com/Upserver/EposActiveX.cab (Materialise Stl File Analyzer Uploader)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C554496-6A23-4C87-8C20-567508FDD6D9}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{973001BC-6CF8-4861-8114-1025CA761379}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8DC4135-A501-4687-B640-A9697A271355}: DhcpNameServer = 139.7.30.126 139.7.30.125
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012.03.02 15:45:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.03.02 15:39:09 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.03.02 15:30:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.03.02 15:30:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.03.02 15:30:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.03.02 15:20:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.03.02 15:16:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.02 01:40:05 | 000,000,000 | ---D | C] -- C:\Users\-\AppData\Roaming\Malwarebytes
[2012.03.02 01:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.02 01:39:54 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.02 01:39:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.02 01:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.02 00:37:20 | 000,000,000 | ---D | C] -- C:\Users\-\AppData\Roaming\Help
[2012.03.02 00:33:16 | 000,000,000 | ---D | C] -- C:\Users\-\AppData\Roaming\TeamViewer
[2012.02.29 22:45:11 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.02.29 22:26:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.02.18 00:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\EOTfast
[2012.02.09 16:41:09 | 004,763,456 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Windows\procexp.exe
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.03.02 16:25:27 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.02 15:53:51 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.02 15:53:51 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.02 15:49:59 | 006,641,392 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.02 15:49:59 | 002,419,624 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.02 15:49:59 | 002,044,584 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.02 15:49:59 | 001,832,244 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.02 15:49:59 | 000,005,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.02 15:45:45 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012.03.02 15:45:44 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.02 15:45:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.02 15:45:33 | 2128,383,999 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.02 15:36:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.03.02 01:39:55 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.29 22:45:11 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.02.29 13:22:00 | 000,421,888 | ---- | M] () -- C:\Users\-\Documents\vdk_projekt3.indd
[2012.02.29 13:15:16 | 000,000,000 | ---- | M] () -- C:\Users\-\Documents\~vdk_projekt1~t7lzau.idlk
[2012.02.29 12:59:39 | 000,000,000 | ---- | M] () -- C:\Users\-\Documents\~vdk_projekt3~wguwp_.idlk
[2012.02.29 12:57:07 | 000,479,232 | ---- | M] () -- C:\Users\-\Documents\vdk_projekt2b.indd
[2012.02.29 12:55:20 | 000,327,680 | ---- | M] () -- C:\Users\-\Documents\vdk_projekt2.indd
[2012.02.29 12:55:06 | 000,466,944 | ---- | M] () -- C:\Users\-\Documents\vdk_projekt1b.indd
[2012.02.29 12:28:17 | 000,561,152 | ---- | M] () -- C:\Users\-\Documents\vdk_projekt1.indd
[2012.02.27 17:36:31 | 000,577,536 | ---- | M] () -- C:\Users\-\Documents\karlbraun_invoice_wb_2012_004.indd
[2012.02.27 17:28:50 | 000,585,728 | ---- | M] () -- C:\Users\-\Documents\karlbraun_invoice_wb_2012_002.indd
[2012.02.27 16:26:54 | 000,557,056 | ---- | M] () -- C:\Users\-\Documents\karlbraun_invoice_wb_2012_003.indd
[2012.02.27 15:59:28 | 000,569,344 | ---- | M] () -- C:\Users\-\Documents\karlbraun_invoice_wb_2012_001.indd
[2012.02.27 15:12:04 | 000,000,978 | ---- | M] () -- C:\Program Files\CoreTemp.ini
[2012.02.26 23:21:36 | 004,571,767 | ---- | M] () -- C:\Users\-\Desktop\flite.jpg
[2012.02.24 17:28:01 | 011,610,024 | ---- | M] () -- C:\Users\-\Desktop\cyclocross.psd
[2012.02.24 16:05:00 | 000,503,731 | ---- | M] () -- C:\Users\-\Desktop\vergleich.jpg
[2012.02.23 14:30:35 | 005,558,128 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.21 15:09:10 | 002,952,055 | ---- | M] () -- C:\Users\-\Desktop\RhinoCrashDump.dmp
[2012.02.21 15:09:10 | 000,000,000 | ---- | M] () -- C:\Users\-\Desktop\RhinoCrashDump.3dm
[2012.02.18 14:49:34 | 000,000,132 | ---- | M] () -- C:\Users\-\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.02.17 14:18:01 | 000,585,728 | ---- | M] () -- C:\Users\-\Documents\karlbraun_invoice_kc_2012_001B.indd
[2012.02.16 10:47:01 | 000,448,523 | ---- | M] () -- C:\Users\-\Documents\karlbraun_invoice_kc_2012_001B.pdf
[2012.02.14 18:25:21 | 000,679,936 | ---- | M] () -- C:\Users\-\Documents\testamentas.indd
[2012.02.12 19:23:50 | 000,109,751 | ---- | M] () -- C:\Users\-\Desktop\Screen shot 2012-02-12 at 19.23.30.png
[2012.02.12 16:42:10 | 000,538,402 | ---- | M] () -- C:\Users\-\Desktop\Screen shot 2012-01-05 at 13.55.24.png
[2012.02.06 14:38:13 | 000,577,536 | ---- | M] () -- C:\Users\-\Documents\karlbraun_invoice_kc_2012_001.indd
[2012.02.06 14:32:55 | 000,446,842 | ---- | M] () -- C:\Users\-\Documents\karlbraun_invoice_kc_2012_001.pdf
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.03.02 15:30:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.02 15:30:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.02 15:30:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.02 15:30:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.02 15:30:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.02 01:39:55 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.29 13:15:16 | 000,000,000 | ---- | C] () -- C:\Users\-\Documents\~vdk_projekt1~t7lzau.idlk
[2012.02.29 12:59:39 | 000,421,888 | ---- | C] () -- C:\Users\-\Documents\vdk_projekt3.indd
[2012.02.29 12:59:39 | 000,000,000 | ---- | C] () -- C:\Users\-\Documents\~vdk_projekt3~wguwp_.idlk
[2012.02.29 12:56:14 | 000,479,232 | ---- | C] () -- C:\Users\-\Documents\vdk_projekt2b.indd
[2012.02.29 12:55:20 | 000,327,680 | ---- | C] () -- C:\Users\-\Documents\vdk_projekt2.indd
[2012.02.29 12:28:31 | 000,466,944 | ---- | C] () -- C:\Users\-\Documents\vdk_projekt1b.indd
[2012.02.29 11:37:09 | 000,561,152 | ---- | C] () -- C:\Users\-\Documents\vdk_projekt1.indd
[2012.02.27 16:27:15 | 000,577,536 | ---- | C] () -- C:\Users\-\Documents\karlbraun_invoice_wb_2012_004.indd
[2012.02.27 16:14:07 | 000,557,056 | ---- | C] () -- C:\Users\-\Documents\karlbraun_invoice_wb_2012_003.indd
[2012.02.27 16:02:18 | 000,585,728 | ---- | C] () -- C:\Users\-\Documents\karlbraun_invoice_wb_2012_002.indd
[2012.02.27 15:52:04 | 000,569,344 | ---- | C] () -- C:\Users\-\Documents\karlbraun_invoice_wb_2012_001.indd
[2012.02.26 01:48:13 | 004,571,767 | ---- | C] () -- C:\Users\-\Desktop\flite.jpg
[2012.02.24 17:28:00 | 011,610,024 | ---- | C] () -- C:\Users\-\Desktop\cyclocross.psd
[2012.02.24 16:04:58 | 000,503,731 | ---- | C] () -- C:\Users\-\Desktop\vergleich.jpg
[2012.02.16 10:46:57 | 000,448,523 | ---- | C] () -- C:\Users\-\Documents\karlbraun_invoice_kc_2012_001B.pdf
[2012.02.16 10:46:06 | 000,585,728 | ---- | C] () -- C:\Users\-\Documents\karlbraun_invoice_kc_2012_001B.indd
[2012.02.14 16:35:20 | 000,679,936 | ---- | C] () -- C:\Users\-\Documents\testamentas.indd
[2012.02.12 19:23:48 | 000,109,751 | ---- | C] () -- C:\Users\-\Desktop\Screen shot 2012-02-12 at 19.23.30.png
[2012.02.12 16:42:00 | 000,538,402 | ---- | C] () -- C:\Users\-\Desktop\Screen shot 2012-01-05 at 13.55.24.png
[2012.02.09 16:41:09 | 000,072,268 | ---- | C] () -- C:\Windows\procexp.chm
[2012.02.06 14:32:47 | 000,446,842 | ---- | C] () -- C:\Users\-\Documents\karlbraun_invoice_kc_2012_001.pdf
[2012.02.06 14:06:21 | 000,577,536 | ---- | C] () -- C:\Users\-\Documents\karlbraun_invoice_kc_2012_001.indd
[2011.10.02 10:52:19 | 000,007,607 | ---- | C] () -- C:\Users\-\AppData\Local\Resmon.ResmonCfg
[2011.08.19 09:02:10 | 000,000,014 | ---- | C] () -- C:\Windows\hpmssnpjt.ini
[2011.05.16 16:05:32 | 000,000,021 | ---- | C] () -- C:\Windows\SysWow64\CGCRI.DAT
[2011.03.29 09:34:25 | 000,212,958 | ---- | C] () -- C:\Windows\hpwins11.dat
[2011.03.29 09:34:25 | 000,000,392 | ---- | C] () -- C:\Windows\hpwmdl11.dat
[2011.01.04 11:50:42 | 000,000,028 | ---- | C] () -- C:\Windows\pdf995.ini
[2010.12.10 21:53:40 | 000,166,096 | ---- | C] () -- C:\Windows\SysWow64\AirfoilInject3.dll
[2010.12.01 14:55:27 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010.11.02 17:45:35 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010.10.28 10:40:14 | 000,000,046 | ---- | C] () -- C:\Windows\VID_DirectX.INI
[2010.10.27 12:14:40 | 000,008,960 | ---- | C] () -- C:\Windows\SysWow64\drivers\GF0012.SYS
[2010.10.23 17:14:43 | 000,001,456 | ---- | C] () -- C:\Users\-\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010.10.01 12:39:42 | 000,000,132 | ---- | C] () -- C:\Users\-\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010.09.27 11:40:31 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2010.09.27 11:40:31 | 000,000,140 | ---- | C] () -- C:\Windows\wpd99.drv
[2010.09.23 13:18:30 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.09.09 20:56:14 | 000,000,132 | ---- | C] () -- C:\Users\-\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.08.18 19:08:23 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2010.08.18 17:08:25 | 000,000,011 | ---- | C] () -- C:\Program Files\Plugins.ini
[2010.08.18 12:25:37 | 000,216,576 | ---- | C] () -- C:\Program Files\PowerCalc.exe
[2010.08.17 15:54:22 | 000,000,978 | ---- | C] () -- C:\Program Files\CoreTemp.ini
[2010.08.17 15:54:19 | 000,536,592 | ---- | C] () -- C:\Program Files\Core Temp.exe
[2010.08.16 22:18:45 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.08.16 20:43:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.08.16 00:18:20 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010.08.15 22:52:46 | 000,027,459 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.08.15 22:45:18 | 000,027,459 | ---- | C] () -- C:\ProgramData\nvModes.dat
< End of report >
--- --- --- |
