Also, wie angedeutet im Titel friert mein Win7 (32)manchmal ein oder bekommt einen Bluescreen zu Beginn der Startvorgangs (nach dem Booten).
Ein erster Scan mit MalewarebyteAntybyte hat nichts ungewöhnliches ergeben, bei denen von FRST und GMER (s. unten) steige ich leider nicht durch.
Ich würde mich sehr freuen, wenn mir jemand von euch weiter helfen könnte.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015 Ran by Wolf (administrator) on WOLF-PC on 05-03-2015 12:10:32 Running from F:\ Loaded Profiles: Wolf (Available profiles: Wolf) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe () C:\Program Files\Allway Sync\Bin\SyncService.exe () C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (NirSoft) C:\Program Files\NirSoft\Volumouse\volumouse.exe () C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe () C:\Program Files\MiserWare\Granola Personal\granola.exe (Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe () C:\Program Files\Uhr + Desk zeigen\Uhr auf Desktop\CLOCK.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Kazubon) C:\Program Files\Uhr + Desk zeigen\Uhr im Tray + ShowDesktop\tclock.exe (Crystal Dew World) D:\DVD\Betriebs\HARD Disk Tools\HD CrystalDiskInfo5_6_2\DiskInfo.exe (Tracker Software Products Ltd.) C:\Program Files\PDF XView\PDF Viewer\PDFXCview.exe (Nurgo-Software) C:\Program Files\AquaSnap\AquaSnap.Daemon.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [150208 2014-04-20] (IvoSoft) HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION HKLM\...\Policies\Explorer: [NoStrCmpLogical] 1 HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [$Volumouse$] => C:\Program Files\NirSoft\Volumouse\volumouse.exe [33280 2009-08-05] (NirSoft) HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [StrokeIt] => C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe [26248 2010-01-03] () HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [Granola] => C:\Program Files\MiserWare\Granola Personal\granola.exe [887016 2012-02-21] () HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [SkyDrive] => C:\Users\Wolf\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation) HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [Allway Sync] => C:\Program Files\Allway Sync\Bin\syncappw.exe [94416 2014-06-26] () HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [TaskbarNoNotificatio] 0 HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [NoSMMyPictures] 0 HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\MountPoints2: N - N:\LaunchU3.exe Startup: C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bird.lnk ShortcutTarget: bird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) Startup: C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox - Verknüpfung.lnk ShortcutTarget: firefox - Verknüpfung.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL: EldosMountNotificator-cbfs4 - {E36EB56C-F497-4482-B6E7-BCB93F2B6FDA} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll () ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll () ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll () ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {7036EE8C-E7B0-4C46-96E7-08B06DC6E484} => C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BootExecute: autocheck autochk * auto_reactivate C:\bootwiz\asrm.binauto_reactivate \\?\Volume{3d717c7d-d894-11df-8146-806e6f6e6963}\bootwiz\asrm.bin ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-2588859782-1139336777-623044890-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp HKU\S-1-5-21-2588859782-1139336777-623044890-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com URLSearchHook: [S-1-5-21-2588859782-1139336777-623044890-1001] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-2588859782-1139336777-623044890-1001 -> {652FDCC2-5EFA-4C64-9F36-12CDDF3A85E1} URL = http://de.search.yah...p={searchTerms} SearchScopes: HKU\S-1-5-21-2588859782-1139336777-623044890-1001 -> {866E654D-5075-4625-A45A-23EDDCAA7E3C} URL = http://www.google.de...q={searchTerms} BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Program Files\Common Files\BinarySense\hlAPP.dll (BinarySense, Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default FF Homepage: hxxp://www.ighome.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XView\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @kaspersky.com/content_blocker -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] () FF Plugin: @kaspersky.com/online_banking -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] () FF Plugin: @kaspersky.com/virtual_keyboard -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] () FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XView\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @sun.com/npsopluginmi;version=1.0 -> D:\Lexika\Portable Open Office\OpenOfficePortable\App\openoffice\program No File FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll No File FF user.js: detected! => C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\user.js FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\11-suche.xml FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\google-images.xml FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\google-maps.xml FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\webde-suche.xml FF Extension: MouseControl - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\[email protected] [2015-01-07] FF Extension: EPUBReader - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-21] FF Extension: WOT - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-01-07] FF Extension: Disconnect - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\[email protected] [2015-01-07] FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\[email protected] [2015-01-07] FF Extension: Ghostery - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\[email protected] [2015-01-07] FF Extension: Hide Caption Titlebar Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\[email protected] [2015-01-07] FF Extension: OmniSidebar - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\[email protected] [2015-01-07] FF Extension: The Fox, Only Better - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\[email protected] [2015-01-07] FF Extension: Yet Another Smooth Scrolling - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\[email protected] [2015-01-07] FF Extension: X-notifier - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2015-01-07] FF Extension: NoScript - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-07] FF Extension: Password Exporter - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-01-07] FF Extension: Fasterfox - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2015-01-07] FF Extension: Adblock Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-07] FF Extension: Tab Mix Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-01-07] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2015-02-28] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] FF Extension: Bàn phím ảo - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2015-02-28] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2015-02-28] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2015-02-28] FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] FF Extension: An toàn giao dịch tài chính - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\[email protected] [2015-02-28] FF HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Firefox\Extensions: [{b9aa91db-385d-4c69-8a2f-96790aa9405b}] - c:\program files\copernic\desktopsearch4\firefoxconnector Chrome: ======= CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - No Path Or update_url value CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found] CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - No Path Or update_url value CHR HKLM\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - No Path Or update_url value CHR HKU\S-1-5-21-2588859782-1139336777-623044890-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cnnbdaahphjgdgfhliignpepgnbnfomp] - c:\program files\copernic\desktopsearch4\ChromeConnector\ChromeConnector.crx [Not Found] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S3 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [778000 2013-07-18] (Acronis) S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3906552 2014-08-08] (Acronis) R2 AVP15.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO) R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2014-06-24] () [File not signed] R2 Granola PM Manager; C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe [449264 2012-02-21] () S4 HDDlife HDD Access service; C:\Program Files\Common Files\BinarySense\hldasvc.exe [845640 2012-03-05] (BinarySense, Inc.) S4 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7152200 2014-02-04] (Acronis) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.) S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [24064 2006-11-10] () [File not signed] R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [299408 2012-06-07] (EldoS Corporation) R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [323392 2013-11-15] (EldoS Corporation) S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2011-06-23] (Phoenix Technologies) [File not signed] R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135264 2014-02-20] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112136 2015-03-01] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [34400 2014-04-10] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [644808 2015-03-01] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24672 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2014-03-25] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145888 2014-03-26] (Kaspersky Lab ZAO) S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.) R3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [188392 2010-07-01] (REALTEK SEMICONDUCTOR Corp.) R3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32872 2010-07-01] (REALTEK SEMICONDUCTOR Corp.) R3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [31872 2009-10-05] (Realtek) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-10-15] () [File not signed] S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc) S3 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [889888 2014-08-08] (Acronis International GmbH) R0 tib; C:\Windows\System32\DRIVERS\tib.sys [736192 2014-08-08] (Acronis International GmbH) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [143648 2014-08-08] (Acronis International GmbH) U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2014-04-27] () [File not signed] R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [116000 2014-08-08] (Acronis International GmbH) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [85280 2014-08-08] (Acronis International GmbH) R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [15936 2013-11-15] (EldoS Corporation) U3 ap08fn0l; C:\Windows\system32\Drivers\ap08fn0l.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder) S1 MpKsl2b051bfa; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7FF52F72-A29D-476F-90E8-21A28475066F}\MpKsl2b051bfa.sys [X] S1 MpKsl71523a7c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E11A820F-A7A5-419D-BF81-F92B3426B9D5}\MpKsl71523a7c.sys [X] S1 MpKslc317aad9; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACFA39A4-1875-4AF4-A097-68286B4E215E}\MpKslc317aad9.sys [X] S1 MpKslec0276e2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50430688-CBE9-4D47-BA50-448FDD58657A}\MpKslec0276e2.sys [X] S3 MSI_MSIBIOS_010507; \??\C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [X] S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-05 12:10 - 2015-03-05 12:10 - 00000000 ____D () C:\FRST 2015-03-04 23:45 - 2015-03-04 23:45 - 00000155 _____ () C:\Users\Wolf\Desktop\philosophisch.txt 2015-03-03 00:12 - 2015-03-03 00:12 - 00000405 _____ () C:\Users\Wolf\Desktop\Spect.lnk 2015-03-02 17:59 - 2015-03-03 10:14 - 00373825 _____ () C:\Users\Wolf\Desktop\2015-02-09, Hanna.rar 2015-03-02 14:56 - 2015-03-02 14:56 - 00000249 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\c't Gully.com.URL 2015-03-02 14:52 - 2015-03-03 17:18 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\vlc 2015-03-02 13:36 - 2015-03-02 13:37 - 00013303 _____ () C:\Users\Wolf\Desktop\2015-02-22, Nicole.rar 2015-03-02 12:27 - 2015-03-04 16:30 - 00154141 _____ () C:\Users\Wolf\Desktop\2015-02-10, Roland.rar 2015-03-01 02:07 - 2015-03-01 02:07 - 00002177 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Safe Money.lnk 2015-03-01 02:06 - 2015-03-03 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2015-02-28 23:56 - 2015-03-05 11:39 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-02-28 23:56 - 2015-03-01 00:52 - 00644808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2015-02-28 23:56 - 2015-03-01 00:52 - 00112136 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2015-02-28 23:56 - 2015-02-28 23:56 - 00000000 ____D () C:\Windows\ELAMBKUP 2015-02-28 23:56 - 2015-02-28 23:56 - 00000000 ____D () C:\Program Files\Kaspersky Lab 2015-02-28 23:56 - 2014-04-10 17:25 - 00034400 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys 2015-02-28 18:03 - 2011-07-05 00:16 - 00125440 _____ (Nenad Hrg SoftwareOK) C:\Users\Wolf\Desktop\D.Ko.exe 2015-02-28 18:01 - 2015-02-28 15:51 - 00000194 _____ () C:\Users\Wolf\Desktop\S2).bat 2015-02-28 16:33 - 2015-02-28 16:33 - 00000124 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\CONVERT - Zamzar.URL 2015-02-28 15:41 - 2015-02-28 15:51 - 00000194 _____ () C:\Users\Wolf\Desktop\Sta.bat 2015-02-28 11:06 - 2015-02-28 11:07 - 00000197 _____ () C:\Windows\system32\2015-02-28-10-06-48.079-AvastVBoxSVC.exe-2264.log 2015-02-27 12:27 - 2015-02-27 12:27 - 00000020 _____ () C:\Users\Wolf\Desktop\2015 Andere.rar 2015-02-27 11:53 - 2015-02-27 11:53 - 00000197 _____ () C:\Windows\system32\2015-02-27-10-53-22.041-AvastVBoxSVC.exe-3256.log 2015-02-27 11:51 - 2015-02-27 11:51 - 00137504 _____ () C:\Windows\Minidump\022715-18546-01.dmp 2015-02-26 22:12 - 2015-02-26 22:13 - 00000197 _____ () C:\Windows\system32\2015-02-26-21-12-30.010-AvastVBoxSVC.exe-3204.log 2015-02-26 16:39 - 2015-03-02 12:28 - 00030714 _____ () C:\Users\Wolf\Desktop\2015-02-25, Lital.rar 2015-02-26 11:04 - 2015-02-26 11:04 - 00000197 _____ () C:\Windows\system32\2015-02-26-10-04-12.025-AvastVBoxSVC.exe-2676.log 2015-02-26 03:21 - 2015-03-05 11:38 - 00000672 _____ () C:\Windows\setupact.log 2015-02-26 03:21 - 2015-02-26 03:21 - 00000000 _____ () C:\Windows\setuperr.log 2015-02-25 22:30 - 2015-02-25 22:30 - 00000000 ____D () C:\Program Files\AquaSnap 2015-02-25 09:21 - 2015-02-25 09:21 - 00000197 _____ () C:\Windows\system32\2015-02-25-08-21-54.091-AvastVBoxSVC.exe-2588.log 2015-02-24 09:43 - 2015-02-24 09:43 - 00000264 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Spektrum.URL 2015-02-24 09:43 - 2015-02-24 09:43 - 00000250 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Der Spiegel.URL 2015-02-24 09:21 - 2015-02-24 09:21 - 00000197 _____ () C:\Windows\system32\2015-02-24-08-21-43.058-AvastVBoxSVC.exe-3656.log 2015-02-22 11:10 - 2015-02-22 11:10 - 00000197 _____ () C:\Windows\system32\2015-02-22-10-10-26.046-AvastVBoxSVC.exe-2916.log 2015-02-21 23:36 - 2015-02-21 23:36 - 00000197 _____ () C:\Windows\system32\2015-02-21-22-36-30.071-AvastVBoxSVC.exe-2656.log 2015-02-21 10:25 - 2015-02-21 10:25 - 00000197 _____ () C:\Windows\system32\2015-02-21-09-25-05.014-AvastVBoxSVC.exe-2956.log 2015-02-19 10:47 - 2015-02-19 10:47 - 00000197 _____ () C:\Windows\system32\2015-02-19-09-47-22.052-AvastVBoxSVC.exe-2524.log 2015-02-18 16:02 - 2015-02-18 16:02 - 00000972 _____ () C:\Users\Wolf\Desktop\HD Tune Pro.lnk 2015-02-18 15:57 - 2015-02-10 16:47 - 00000119 _____ () C:\Users\Wolf\Desktop\Mo 14 Anwalt.txt 2015-02-18 10:03 - 2015-02-18 10:03 - 00000197 _____ () C:\Windows\system32\2015-02-18-09-03-05.091-AvastVBoxSVC.exe-2572.log 2015-02-17 11:39 - 2015-02-17 11:39 - 00000197 _____ () C:\Windows\system32\2015-02-17-10-39-42.032-AvastVBoxSVC.exe-3016.log 2015-02-14 10:00 - 2015-02-14 10:00 - 00000197 _____ () C:\Windows\system32\2015-02-14-09-00-15.003-AvastVBoxSVC.exe-2748.log 2015-02-14 02:08 - 2015-02-14 02:09 - 00000197 _____ () C:\Windows\system32\2015-02-14-01-08-50.088-AvastVBoxSVC.exe-3188.log 2015-02-12 10:28 - 2015-02-12 10:29 - 00000197 _____ () C:\Windows\system32\2015-02-12-09-28-25.096-AvastVBoxSVC.exe-2728.log 2015-02-12 03:23 - 2015-02-12 03:26 - 00000247 _____ () C:\Windows\system32\2015-02-12-02-23-09.056-aswFe.exe-1976.log 2015-02-12 03:15 - 2015-02-12 03:15 - 00000197 _____ () C:\Windows\system32\2015-02-12-02-15-22.041-AvastVBoxSVC.exe-3412.log 2015-02-11 13:00 - 2015-02-11 13:00 - 00000197 _____ () C:\Windows\system32\2015-02-11-12-00-41.034-AvastVBoxSVC.exe-3616.log 2015-02-10 16:43 - 2015-02-10 16:47 - 00000119 _____ () C:\Users\Wolf\Desktop\Termin 3.3. 1830.txt 2015-02-10 11:32 - 2015-02-10 11:32 - 00000247 _____ () C:\Windows\system32\2015-02-10-10-32-25.088-aswFe.exe-668.log 2015-02-10 11:29 - 2015-02-10 11:32 - 00000247 _____ () C:\Windows\system32\2015-02-10-10-29-08.035-aswFe.exe-1044.log 2015-02-10 11:29 - 2015-02-10 11:29 - 00000197 _____ () C:\Windows\system32\2015-02-10-10-29-03.003-AvastVBoxSVC.exe-3932.log 2015-02-10 11:24 - 2015-02-10 11:24 - 00000197 _____ () C:\Windows\system32\2015-02-10-10-24-19.008-AvastVBoxSVC.exe-3336.log 2015-02-09 12:34 - 2015-03-02 23:13 - 06387323 _____ () C:\Users\Wolf\Desktop\2015-02-09, Inge.rar 2015-02-09 12:34 - 2015-03-02 13:35 - 00300287 _____ () C:\Users\Wolf\Desktop\2015-02-09, Lena.rar 2015-02-09 12:33 - 2015-03-04 23:45 - 07235267 _____ () C:\Users\Wolf\Desktop\39-2015 Gesamt.rar 2015-02-09 08:37 - 2015-02-09 08:37 - 00000197 _____ () C:\Windows\system32\2015-02-09-07-37-19.030-AvastVBoxSVC.exe-2864.log 2015-02-08 21:27 - 2015-02-08 21:28 - 00000197 _____ () C:\Windows\system32\2015-02-08-20-27-57.025-AvastVBoxSVC.exe-2172.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-05 12:09 - 2012-09-25 12:18 - 00000000 ___HD () C:\Users\Wolf\Documents\PhraseExpress 2015-03-05 11:55 - 2014-04-22 00:36 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\ClassicShell 2015-03-05 11:45 - 2010-02-09 20:56 - 01611396 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-05 11:43 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-05 11:43 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-05 11:38 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-05 09:36 - 2014-04-16 11:37 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Dropbox 2015-03-05 01:11 - 2012-08-27 21:09 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Skype 2015-03-04 23:45 - 2014-11-08 11:00 - 00001580 _____ () C:\Users\Wolf\Desktop\DesktopOK.ini 2015-03-04 18:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-03-04 18:07 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries 2015-03-04 16:34 - 2010-10-15 21:06 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Mozilla 2015-03-04 02:03 - 2012-08-25 12:04 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Schreib-Lese 2015-03-04 01:51 - 2010-10-15 21:48 - 00000000 ____D () C:\Users\Wolf 2015-03-02 23:55 - 2014-11-08 11:00 - 09733919 _____ () C:\Users\Wolf\Desktop\0 Parmenides.rar 2015-03-02 16:14 - 2011-06-16 02:26 - 00000000 ____D () C:\Program Files\Wise Registry Cleaner 2015-03-01 02:06 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public 2015-03-01 00:36 - 2013-12-12 02:42 - 00000000 ____D () C:\Users\Wolf\AppData\Local\CrashDumps 2015-03-01 00:25 - 2014-09-29 09:12 - 00409334 _____ () C:\Windows\PFRO.log 2015-03-01 00:25 - 2011-07-20 15:34 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-02-28 21:49 - 2014-12-25 11:51 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2015-02-27 11:51 - 2010-12-15 01:05 - 00000000 ____D () C:\Windows\Minidump 2015-02-25 09:34 - 2014-05-01 23:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-02-21 00:32 - 2014-09-11 23:49 - 00007852 _____ () C:\Windows\WindowsUpdate.log 2015-02-20 23:36 - 2010-10-28 21:46 - 00007627 _____ () C:\Users\Wolf\AppData\Local\resmon.resmoncfg 2015-02-19 01:22 - 2011-10-04 00:18 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoTV-Kram 2015-02-16 00:05 - 2013-07-10 00:19 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Ditto 2015-02-09 19:53 - 2014-11-08 11:00 - 10514861 _____ () C:\Users\Wolf\Desktop\0 HERAKLIT.RAR 2015-02-09 08:34 - 2014-11-26 20:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-08 23:07 - 2014-08-13 11:30 - 00000000 ____D () C:\Users\Wolf\AppData\Local\Adobe 2015-02-08 23:07 - 2012-04-25 10:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-02-08 23:07 - 2011-05-16 10:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2010-11-06 05:08 - 2011-07-09 16:29 - 6619136 _____ (© onlinetvrecorder.com) C:\Program Files\2009Decoder.exe 2014-08-11 20:25 - 2014-08-11 20:36 - 0000084 _____ () C:\Program Files\ACRONISDDIENST STARTET.vbs 2010-10-27 16:33 - 1998-09-25 14:37 - 0006054 _____ () C:\Program Files\agb.rtf 2011-12-02 23:09 - 2009-04-02 16:47 - 0648064 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\autoruns.exe 2013-09-01 11:34 - 2010-02-26 21:43 - 0293376 _____ (Gopal Adhikari) C:\Program Files\Context Menu Editor.exe 2010-10-27 16:33 - 2010-10-27 16:33 - 0002204 _____ () C:\Program Files\DeIsL1.isu 2011-11-19 01:55 - 2011-11-19 01:56 - 0001685 _____ () C:\Program Files\DeIsL2.isu 2010-10-27 16:33 - 2000-02-13 15:33 - 0017395 _____ () C:\Program Files\digibib.cnt 2010-10-27 16:33 - 2000-02-13 15:33 - 0752400 _____ () C:\Program Files\DIGIBIB.HLP 2010-10-27 16:33 - 2010-10-27 16:34 - 0004981 _____ () C:\Program Files\digibib.ini 2010-10-27 16:33 - 2000-02-13 22:41 - 1733120 _____ () C:\Program Files\Digibib2.exe 2011-08-08 17:59 - 2011-05-25 08:25 - 0007878 _____ () C:\Program Files\EULA.txt 2013-07-16 01:09 - 2013-07-16 01:00 - 0005892 _____ () C:\Program Files\Ghost für Remoce Torrent.gms 2011-11-19 01:55 - 1997-01-04 12:23 - 0246272 _____ () C:\Program Files\Gmouse.exe 2011-11-19 01:55 - 1997-01-04 12:20 - 0006909 _____ () C:\Program Files\GMOUSE.HLP 2010-10-20 17:17 - 2010-10-20 17:17 - 0890208 _____ (techPowerUp (www.techpowerup.com)) C:\Program Files\GPU-Z.0.4.7.exe 2013-06-07 23:36 - 2013-06-07 23:35 - 0023092 _____ () C:\Program Files\Kill BoxCrypt und Dropbox.exe 2013-06-07 23:22 - 2013-06-07 23:23 - 0023080 _____ () C:\Program Files\Kill BoxCryptor.exe 2013-08-01 09:56 - 2013-08-01 09:59 - 0000048 _____ () C:\Program Files\Kill DesktopOK.bat 2014-04-18 02:32 - 2014-04-17 18:22 - 0023083 _____ () C:\Program Files\Kill HddGuard.exe 2014-04-18 01:18 - 2014-04-18 01:11 - 0023079 _____ () C:\Program Files\Kill Onedrive, ehe. Skydrive.exe 2014-08-01 12:57 - 2014-07-30 14:23 - 0000028 _____ () C:\Program Files\Kill unsecapp.bat 2011-08-08 17:59 - 2011-05-25 08:25 - 0015511 _____ () C:\Program Files\license.txt 2010-10-27 16:33 - 1998-03-08 22:51 - 0001663 _____ () C:\Program Files\lizenz.txt 2010-10-27 16:33 - 1998-09-27 14:09 - 0000352 _____ () C:\Program Files\makros.txt 2011-12-05 08:47 - 2011-11-30 21:06 - 0033792 _____ (Nenad Hrg (SoftwareOK.com)) C:\Program Files\OneLoupe.exe 2011-05-16 10:10 - 2011-05-10 22:45 - 0172032 _____ (Jorgen Bosman) C:\Program Files\poweroff_deutsch.exe 2010-10-20 13:25 - 2010-10-20 13:25 - 3887480 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\procexp1204.exe 2011-08-08 17:59 - 2011-05-25 08:25 - 0002773 _____ () C:\Program Files\Setup.cfg 2010-11-06 05:08 - 2010-10-12 16:46 - 0364544 _____ (© onlinetvrecorder.com) C:\Program Files\Updater.exe 2010-10-27 16:33 - 1999-12-14 17:48 - 0003489 _____ () C:\Program Files\www.txt 2010-10-27 16:33 - 1996-02-07 08:07 - 0024576 _____ (Stirling) C:\Program Files\_ISREG32.DLL 2012-08-25 21:54 - 2012-08-25 21:55 - 0000564 _____ () C:\Users\Wolf\AppData\Roaming\pcwSIcon.ini 2014-07-15 16:11 - 2014-07-16 12:35 - 0007741 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bak 2011-07-26 23:42 - 2014-07-15 16:17 - 0007764 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bk! 2014-07-16 12:35 - 2014-07-15 16:11 - 0007555 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bko 2011-07-26 23:37 - 2014-07-16 12:40 - 0008353 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.ini 2010-11-22 18:48 - 2010-11-22 18:48 - 0000036 _____ () C:\Users\Wolf\AppData\Local\housecall.guid.cache 2014-11-12 18:09 - 2014-11-12 18:17 - 0000026 _____ () C:\Users\Wolf\AppData\Local\isoworkshop.ini 2010-10-28 21:46 - 2015-02-20 23:36 - 0007627 _____ () C:\Users\Wolf\AppData\Local\resmon.resmoncfg 2012-12-01 17:46 - 2012-12-01 17:47 - 0017408 _____ () C:\Users\Wolf\AppData\Local\WebpageIcons.db 2010-10-25 20:52 - 2010-10-25 20:53 - 0000367 _____ () C:\ProgramData\hpzinstall.log 2011-04-28 13:54 - 2011-04-28 13:54 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Some content of TEMP: ==================== C:\Users\Wolf\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwzngio.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-25 17:47 ==================== End Of Log ============================
GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-03-05 13:41:18 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 ST31000524AS rev.JC4B 931,51GB Running: Gmer-19357.exe; Driver: C:\Users\Wolf\AppData\Local\Temp\kwtdqpob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAdjustPrivilegesToken [0x8AB0E0A0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAlpcConnectPort [0x8AB0E020] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAlpcSendWaitReceivePort [0x8AB0E030] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwConnectPort [0x8AB0E050] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateSection [0x8AB0E000] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateSymbolicLinkObject [0x8AB0E410] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateThread [0x8AB0E100] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateThreadEx [0x8AB0E040] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDebugActiveProcess [0x8AB0E140] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDeviceIoControlFile [0x8AB0E1E0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDuplicateObject [0x8AB0E170] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwLoadDriver [0x8AB0E150] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwMapViewOfSection [0x8AB0E180] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenProcess [0x8AB0E080] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenSection [0x8AB0E070] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenThread [0x8AB0E090] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwProtectVirtualMemory [0x8AB0E0C0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueryIntervalProfile [0x8AB0E470] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueueApcThread [0x8AB0E120] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwRequestWaitReplyPort [0x8AB0E1D0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwResumeProcess [0x8AB0E490] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwResumeThread [0x8AB0E1A0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSecureConnectPort [0x8AB0E060] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetContextThread [0x8AB0E110] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetInformationObject [0x8AB0E0B0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetInformationToken [0x8AB0E010] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetSystemInformation [0x8AB0E160] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSuspendProcess [0x8AB0E1C0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSuspendThread [0x8AB0E1B0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSystemDebugControl [0x8AB0E130] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwTerminateProcess [0x8AB0E0D0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwTerminateThread [0x8AB0E0E0] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwUnmapViewOfSection [0x8AB0E190] SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwWriteVirtualMemory [0x8AB0E0F0] ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!ZwRollbackEnlistment + 1401 830789C9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830984E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 139F 8309F75C 4 Bytes [A0, E0, B0, 8A] .text ntoskrnl.exe!KeRemoveQueueEx + 13C7 8309F784 4 Bytes [20, E0, B0, 8A] {AND AL, AH; MOV AL, 0x8a} .text ntoskrnl.exe!KeRemoveQueueEx + 140B 8309F7C8 4 Bytes [30, E0, B0, 8A] {XOR AL, AH; MOV AL, 0x8a} .text ntoskrnl.exe!KeRemoveQueueEx + 145B 8309F818 4 Bytes [50, E0, B0, 8A] .text ntoskrnl.exe!KeRemoveQueueEx + 14BF 8309F87C 4 Bytes [00, E0, B0, 8A] {ADD AL, AH; MOV AL, 0x8a} .text ... ? System32\Drivers\spnp.sys Das System kann den angegebenen Pfad nicht finden. ! ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [748F24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [748D562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [748D56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [748F2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [748E85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [748E4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [748E5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [748E51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [748E6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [748E8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [748E8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [748E90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [748EE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [748E4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748F24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748D562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748D56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [748F2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748E85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748E4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748E5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748E51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [748E6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748E8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [748E8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748E90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [748EE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [748E4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs 858941F8 AttachedDevice \FileSystem\Ntfs \Ntfs cbfs4.sys Device \Driver\volmgr \Device\VolMgrControl 858901F8 Device \Driver\usbuhci \Device\USBPDO-0 8695F1F8 Device \Driver\usbuhci \Device\USBPDO-1 8695F1F8 Device \Driver\usbehci \Device\USBPDO-2 86930500 Device \Driver\usbuhci \Device\USBPDO-3 8695F1F8 Device \Driver\PCI_PNP3664 \Device\00000060 spnp.sys Device \Driver\usbuhci \Device\USBPDO-4 8695F1F8 AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys Device \Driver\usbuhci \Device\USBPDO-5 8695F1F8 Device \Driver\usbuhci \Device\USBPDO-6 8695F1F8 Device \Driver\volmgr \Device\HarddiskVolume1 858901F8 Device \Driver\usbehci \Device\USBPDO-7 86930500 Device \Driver\volmgr \Device\HarddiskVolume2 858901F8 Device \Driver\atapi \Device\Ide\IdePort0 858921F8 Device \Driver\atapi \Device\Ide\IdePort1 858921F8 Device \Driver\atapi \Device\Ide\IdePort2 858921F8 Device \Driver\atapi \Device\Ide\IdePort3 858921F8 Device \Driver\atapi \Device\Ide\IdePort4 858921F8 Device \Driver\atapi \Device\Ide\IdePort5 858921F8 Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-4 858921F8 Device \Driver\volmgr \Device\HarddiskVolume3 858901F8 Device \Driver\volmgr \Device\HarddiskVolume4 858901F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 868531F8 Device \Driver\sptd \Device\2050136112 spnp.sys AttachedDevice \Driver\tdx \Device\Udp kltdi.sys AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys Device \Driver\usbuhci \Device\USBFDO-0 8695F1F8 Device \Driver\usbuhci \Device\USBFDO-1 8695F1F8 Device \Driver\usbehci \Device\USBFDO-2 86930500 Device \Driver\usbuhci \Device\USBFDO-3 8695F1F8 Device \Driver\usbuhci \Device\USBFDO-4 8695F1F8 Device \Driver\usbuhci \Device\USBFDO-5 8695F1F8 Device \Driver\usbuhci \Device\USBFDO-6 8695F1F8 Device \Driver\usbehci \Device\USBFDO-7 86930500 Device \Driver\ap08fn0l \Device\Scsi\ap08fn0l1 86A5F500 ---- Trace I/O - GMER 2.1 ---- Trace ntoskrnl.exe CLASSPNP.SYS disk.sys vidsflt.sys halacpi.dll ACPI.sys >>UNKNOWN [0x858921f8]<< 858921f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86713518] 86713518 Trace 3 CLASSPNP.SYS[8afcf59e] -> nt!IofCallDriver -> [0x86712478] 86712478 Trace 5 vidsflt.sys[8a59f130] -> nt!IofCallDriver -> [0x86643918] 86643918 Trace 7 ACPI.sys[8a5443d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0x86650030] 86650030 Trace \Driver\atapi[0x8661a030] -> IRP_MJ_CREATE -> 0x858921f8 858921f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB0 0xC2 0x98 0xB5 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD7 0x25 0x55 0x25 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6B 0xAD 0x1F 0x16 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x16 0x7B 0xA2 0x6A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x16 0x7B 0xA2 0x6A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x6B 0xAD 0x1F 0x16 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB0 0xC2 0x98 0xB5 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD7 0x25 0x55 0x25 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6B 0xAD 0x1F 0x16 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x16 0x7B 0xA2 0x6A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x16 0x7B 0xA2 0x6A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x6B 0xAD 0x1F 0x16 ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----