Also, wie angedeutet im Titel friert mein Win7 (32)manchmal ein oder bekommt einen Bluescreen zu Beginn der Startvorgangs (nach dem Booten).
Ein erster Scan mit MalewarebyteAntybyte hat nichts ungewöhnliches ergeben, bei denen von FRST und GMER (s. unten) steige ich leider nicht durch.
Ich würde mich sehr freuen, wenn mir jemand von euch weiter helfen könnte.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by Wolf (administrator) on WOLF-PC on 05-03-2015 12:10:32
Running from F:\
Loaded Profiles: Wolf (Available profiles: Wolf)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
() C:\Program Files\Allway Sync\Bin\SyncService.exe
() C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(NirSoft) C:\Program Files\NirSoft\Volumouse\volumouse.exe
() C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe
() C:\Program Files\MiserWare\Granola Personal\granola.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
() C:\Program Files\Uhr + Desk zeigen\Uhr auf Desktop\CLOCK.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Kazubon) C:\Program Files\Uhr + Desk zeigen\Uhr im Tray + ShowDesktop\tclock.exe
(Crystal Dew World) D:\DVD\Betriebs\HARD Disk Tools\HD CrystalDiskInfo5_6_2\DiskInfo.exe
(Tracker Software Products Ltd.) C:\Program Files\PDF XView\PDF Viewer\PDFXCview.exe
(Nurgo-Software) C:\Program Files\AquaSnap\AquaSnap.Daemon.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [150208 2014-04-20] (IvoSoft)
HKLM Group Policy restriction on software: C:\Program Files\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer: [NoStrCmpLogical] 1
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [$Volumouse$] => C:\Program Files\NirSoft\Volumouse\volumouse.exe [33280 2009-08-05] (NirSoft)
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [StrokeIt] => C:\Users\Wolf\AppData\Local\TCB Networks\StrokeIt\Bin\strokeit.exe [26248 2010-01-03] ()
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [Granola] => C:\Program Files\MiserWare\Granola Personal\granola.exe [887016 2012-02-21] ()
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [SkyDrive] => C:\Users\Wolf\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Run: [Allway Sync] => C:\Program Files\Allway Sync\Bin\syncappw.exe [94416 2014-06-26] ()
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [TaskbarNoNotificatio] 0
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Policies\Explorer: [NoSMMyPictures] 0
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\MountPoints2: N - N:\LaunchU3.exe
Startup: C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bird.lnk
ShortcutTarget: bird.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Startup: C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox - Verknüpfung.lnk
ShortcutTarget: firefox - Verknüpfung.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL: EldosMountNotificator-cbfs4 - {E36EB56C-F497-4482-B6E7-BCB93F2B6FDA} - C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files\Acronis\TrueImageHome\tishell.dll ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Wolf\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {7036EE8C-E7B0-4C46-96E7-08B06DC6E484} => C:\Windows\system32\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BootExecute: autocheck autochk * auto_reactivate C:\bootwiz\asrm.binauto_reactivate \\?\Volume{3d717c7d-d894-11df-8146-806e6f6e6963}\bootwiz\asrm.bin
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2588859782-1139336777-623044890-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
URLSearchHook: [S-1-5-21-2588859782-1139336777-623044890-1001] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2588859782-1139336777-623044890-1001 -> {652FDCC2-5EFA-4C64-9F36-12CDDF3A85E1} URL = http://de.search.yah...p={searchTerms}
SearchScopes: HKU\S-1-5-21-2588859782-1139336777-623044890-1001 -> {866E654D-5075-4625-A45A-23EDDCAA7E3C} URL = http://www.google.de...q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Program Files\Common Files\BinarySense\hlAPP.dll (BinarySense, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default
FF Homepage: hxxp://www.ighome.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XView\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @kaspersky.com/content_blocker -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com ()
FF Plugin: @kaspersky.com/online_banking -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\online_banking@kaspersky.com ()
FF Plugin: @kaspersky.com/virtual_keyboard -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\PDF XView\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @sun.com/npsopluginmi;version=1.0 -> D:\Lexika\Portable Open Office\OpenOfficePortable\App\openoffice\program No File
FF Plugin HKU\S-1-5-21-2588859782-1139336777-623044890-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll No File
FF user.js: detected! => C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\user.js
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\searchplugins\webde-suche.xml
FF Extension: MouseControl - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\MouseControl@neocodex.us [2015-01-07]
FF Extension: EPUBReader - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-02-21]
FF Extension: WOT - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-01-07]
FF Extension: Disconnect - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\2.0@disconnect.me.xpi [2015-01-07]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-01-07]
FF Extension: Ghostery - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\firefox@ghostery.com.xpi [2015-01-07]
FF Extension: Hide Caption Titlebar Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\hidecaptionplus-dp@dummy.addons.mozilla.org.xpi [2015-01-07]
FF Extension: OmniSidebar - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\osb@quicksaver.xpi [2015-01-07]
FF Extension: The Fox, Only Better - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\thefoxonlybetter@quicksaver.xpi [2015-01-07]
FF Extension: Yet Another Smooth Scrolling - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\yetanothersmoothscrolling@kataho.xpi [2015-01-07]
FF Extension: X-notifier - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2015-01-07]
FF Extension: NoScript - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-07]
FF Extension: Password Exporter - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2015-01-07]
FF Extension: Fasterfox - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2015-01-07]
FF Extension: Adblock Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-07]
FF Extension: Tab Mix Plus - C:\Users\Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\pzx2deug.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-01-07]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Ngăn chặn trang web nguy hiểm - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\content_blocker@kaspersky.com [2015-02-28]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Bàn phím ảo - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2015-02-28]
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Công cụ kiểm tra liên kết của Kaspersky - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\url_advisor@kaspersky.com [2015-02-28]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\anti_banner@kaspersky.com [2015-02-28]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: An toàn giao dịch tài chính - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\FFExt\online_banking@kaspersky.com [2015-02-28]
FF HKU\S-1-5-21-2588859782-1139336777-623044890-1001\...\Firefox\Extensions: [{b9aa91db-385d-4c69-8a2f-96790aa9405b}] - c:\program files\copernic\desktopsearch4\firefoxconnector
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.googl...jjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - No Path Or update_url value
CHR HKLM\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - No Path Or update_url value
CHR HKU\S-1-5-21-2588859782-1139336777-623044890-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cnnbdaahphjgdgfhliignpepgnbnfomp] - c:\program files\copernic\desktopsearch4\ChromeConnector\ChromeConnector.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [778000 2013-07-18] (Acronis)
S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3906552 2014-08-08] (Acronis)
R2 AVP15.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
R2 BotkindSyncService; C:\Program Files\Allway Sync\Bin\SyncService.exe [182784 2014-06-24] () [File not signed]
R2 Granola PM Manager; C:\Program Files\MiserWare\Granola Personal\GranolaManager.exe [449264 2012-02-21] ()
S4 HDDlife HDD Access service; C:\Program Files\Common Files\BinarySense\hldasvc.exe [845640 2012-03-05] (BinarySense, Inc.)
S4 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7152200 2014-02-04] (Acronis)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S1 ATITool; C:\Windows\System32\DRIVERS\ATITool.sys [24064 2006-11-10] () [File not signed]
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [299408 2012-06-07] (EldoS Corporation)
R1 cbfs4; C:\Windows\system32\drivers\cbfs4.sys [323392 2013-11-15] (EldoS Corporation)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2011-06-23] (Phoenix Technologies) [File not signed]
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135264 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112136 2015-03-01] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [34400 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [644808 2015-03-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24672 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145888 2014-03-26] (Kaspersky Lab ZAO)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)
R3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [188392 2010-07-01] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32872 2010-07-01] (REALTEK SEMICONDUCTOR Corp.)
R3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [31872 2009-10-05] (Realtek)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-10-15] () [File not signed]
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2012-01-05] (AnchorFree Inc)
S3 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [889888 2014-08-08] (Acronis International GmbH)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [736192 2014-08-08] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [143648 2014-08-08] (Acronis International GmbH)
U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2014-04-27] () [File not signed]
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [116000 2014-08-08] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [85280 2014-08-08] (Acronis International GmbH)
R3 vpnpbus; C:\Windows\System32\DRIVERS\vpnpbus.sys [15936 2013-11-15] (EldoS Corporation)
U3 ap08fn0l; C:\Windows\system32\Drivers\ap08fn0l.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S1 MpKsl2b051bfa; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7FF52F72-A29D-476F-90E8-21A28475066F}\MpKsl2b051bfa.sys [X]
S1 MpKsl71523a7c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E11A820F-A7A5-419D-BF81-F92B3426B9D5}\MpKsl71523a7c.sys [X]
S1 MpKslc317aad9; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ACFA39A4-1875-4AF4-A097-68286B4E215E}\MpKslc317aad9.sys [X]
S1 MpKslec0276e2; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50430688-CBE9-4D47-BA50-448FDD58657A}\MpKslec0276e2.sys [X]
S3 MSI_MSIBIOS_010507; \??\C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files\MSI\Live Update 5\NTIOLib.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-05 12:10 - 2015-03-05 12:10 - 00000000 ____D () C:\FRST
2015-03-04 23:45 - 2015-03-04 23:45 - 00000155 _____ () C:\Users\Wolf\Desktop\philosophisch.txt
2015-03-03 00:12 - 2015-03-03 00:12 - 00000405 _____ () C:\Users\Wolf\Desktop\Spect.lnk
2015-03-02 17:59 - 2015-03-03 10:14 - 00373825 _____ () C:\Users\Wolf\Desktop\2015-02-09, Hanna.rar
2015-03-02 14:56 - 2015-03-02 14:56 - 00000249 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\c't Gully.com.URL
2015-03-02 14:52 - 2015-03-03 17:18 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\vlc
2015-03-02 13:36 - 2015-03-02 13:37 - 00013303 _____ () C:\Users\Wolf\Desktop\2015-02-22, Nicole.rar
2015-03-02 12:27 - 2015-03-04 16:30 - 00154141 _____ () C:\Users\Wolf\Desktop\2015-02-10, Roland.rar
2015-03-01 02:07 - 2015-03-01 02:07 - 00002177 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Safe Money.lnk
2015-03-01 02:06 - 2015-03-03 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-02-28 23:56 - 2015-03-05 11:39 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-28 23:56 - 2015-03-01 00:52 - 00644808 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-02-28 23:56 - 2015-03-01 00:52 - 00112136 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-02-28 23:56 - 2015-02-28 23:56 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-02-28 23:56 - 2015-02-28 23:56 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2015-02-28 23:56 - 2014-04-10 17:25 - 00034400 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-02-28 18:03 - 2011-07-05 00:16 - 00125440 _____ (Nenad Hrg SoftwareOK) C:\Users\Wolf\Desktop\D.Ko.exe
2015-02-28 18:01 - 2015-02-28 15:51 - 00000194 _____ () C:\Users\Wolf\Desktop\S2).bat
2015-02-28 16:33 - 2015-02-28 16:33 - 00000124 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\CONVERT - Zamzar.URL
2015-02-28 15:41 - 2015-02-28 15:51 - 00000194 _____ () C:\Users\Wolf\Desktop\Sta.bat
2015-02-28 11:06 - 2015-02-28 11:07 - 00000197 _____ () C:\Windows\system32\2015-02-28-10-06-48.079-AvastVBoxSVC.exe-2264.log
2015-02-27 12:27 - 2015-02-27 12:27 - 00000020 _____ () C:\Users\Wolf\Desktop\2015 Andere.rar
2015-02-27 11:53 - 2015-02-27 11:53 - 00000197 _____ () C:\Windows\system32\2015-02-27-10-53-22.041-AvastVBoxSVC.exe-3256.log
2015-02-27 11:51 - 2015-02-27 11:51 - 00137504 _____ () C:\Windows\Minidump\022715-18546-01.dmp
2015-02-26 22:12 - 2015-02-26 22:13 - 00000197 _____ () C:\Windows\system32\2015-02-26-21-12-30.010-AvastVBoxSVC.exe-3204.log
2015-02-26 16:39 - 2015-03-02 12:28 - 00030714 _____ () C:\Users\Wolf\Desktop\2015-02-25, Lital.rar
2015-02-26 11:04 - 2015-02-26 11:04 - 00000197 _____ () C:\Windows\system32\2015-02-26-10-04-12.025-AvastVBoxSVC.exe-2676.log
2015-02-26 03:21 - 2015-03-05 11:38 - 00000672 _____ () C:\Windows\setupact.log
2015-02-26 03:21 - 2015-02-26 03:21 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-25 22:30 - 2015-02-25 22:30 - 00000000 ____D () C:\Program Files\AquaSnap
2015-02-25 09:21 - 2015-02-25 09:21 - 00000197 _____ () C:\Windows\system32\2015-02-25-08-21-54.091-AvastVBoxSVC.exe-2588.log
2015-02-24 09:43 - 2015-02-24 09:43 - 00000264 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Spektrum.URL
2015-02-24 09:43 - 2015-02-24 09:43 - 00000250 _____ () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Der Spiegel.URL
2015-02-24 09:21 - 2015-02-24 09:21 - 00000197 _____ () C:\Windows\system32\2015-02-24-08-21-43.058-AvastVBoxSVC.exe-3656.log
2015-02-22 11:10 - 2015-02-22 11:10 - 00000197 _____ () C:\Windows\system32\2015-02-22-10-10-26.046-AvastVBoxSVC.exe-2916.log
2015-02-21 23:36 - 2015-02-21 23:36 - 00000197 _____ () C:\Windows\system32\2015-02-21-22-36-30.071-AvastVBoxSVC.exe-2656.log
2015-02-21 10:25 - 2015-02-21 10:25 - 00000197 _____ () C:\Windows\system32\2015-02-21-09-25-05.014-AvastVBoxSVC.exe-2956.log
2015-02-19 10:47 - 2015-02-19 10:47 - 00000197 _____ () C:\Windows\system32\2015-02-19-09-47-22.052-AvastVBoxSVC.exe-2524.log
2015-02-18 16:02 - 2015-02-18 16:02 - 00000972 _____ () C:\Users\Wolf\Desktop\HD Tune Pro.lnk
2015-02-18 15:57 - 2015-02-10 16:47 - 00000119 _____ () C:\Users\Wolf\Desktop\Mo 14 Anwalt.txt
2015-02-18 10:03 - 2015-02-18 10:03 - 00000197 _____ () C:\Windows\system32\2015-02-18-09-03-05.091-AvastVBoxSVC.exe-2572.log
2015-02-17 11:39 - 2015-02-17 11:39 - 00000197 _____ () C:\Windows\system32\2015-02-17-10-39-42.032-AvastVBoxSVC.exe-3016.log
2015-02-14 10:00 - 2015-02-14 10:00 - 00000197 _____ () C:\Windows\system32\2015-02-14-09-00-15.003-AvastVBoxSVC.exe-2748.log
2015-02-14 02:08 - 2015-02-14 02:09 - 00000197 _____ () C:\Windows\system32\2015-02-14-01-08-50.088-AvastVBoxSVC.exe-3188.log
2015-02-12 10:28 - 2015-02-12 10:29 - 00000197 _____ () C:\Windows\system32\2015-02-12-09-28-25.096-AvastVBoxSVC.exe-2728.log
2015-02-12 03:23 - 2015-02-12 03:26 - 00000247 _____ () C:\Windows\system32\2015-02-12-02-23-09.056-aswFe.exe-1976.log
2015-02-12 03:15 - 2015-02-12 03:15 - 00000197 _____ () C:\Windows\system32\2015-02-12-02-15-22.041-AvastVBoxSVC.exe-3412.log
2015-02-11 13:00 - 2015-02-11 13:00 - 00000197 _____ () C:\Windows\system32\2015-02-11-12-00-41.034-AvastVBoxSVC.exe-3616.log
2015-02-10 16:43 - 2015-02-10 16:47 - 00000119 _____ () C:\Users\Wolf\Desktop\Termin 3.3. 1830.txt
2015-02-10 11:32 - 2015-02-10 11:32 - 00000247 _____ () C:\Windows\system32\2015-02-10-10-32-25.088-aswFe.exe-668.log
2015-02-10 11:29 - 2015-02-10 11:32 - 00000247 _____ () C:\Windows\system32\2015-02-10-10-29-08.035-aswFe.exe-1044.log
2015-02-10 11:29 - 2015-02-10 11:29 - 00000197 _____ () C:\Windows\system32\2015-02-10-10-29-03.003-AvastVBoxSVC.exe-3932.log
2015-02-10 11:24 - 2015-02-10 11:24 - 00000197 _____ () C:\Windows\system32\2015-02-10-10-24-19.008-AvastVBoxSVC.exe-3336.log
2015-02-09 12:34 - 2015-03-02 23:13 - 06387323 _____ () C:\Users\Wolf\Desktop\2015-02-09, Inge.rar
2015-02-09 12:34 - 2015-03-02 13:35 - 00300287 _____ () C:\Users\Wolf\Desktop\2015-02-09, Lena.rar
2015-02-09 12:33 - 2015-03-04 23:45 - 07235267 _____ () C:\Users\Wolf\Desktop\39-2015 Gesamt.rar
2015-02-09 08:37 - 2015-02-09 08:37 - 00000197 _____ () C:\Windows\system32\2015-02-09-07-37-19.030-AvastVBoxSVC.exe-2864.log
2015-02-08 21:27 - 2015-02-08 21:28 - 00000197 _____ () C:\Windows\system32\2015-02-08-20-27-57.025-AvastVBoxSVC.exe-2172.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-05 12:09 - 2012-09-25 12:18 - 00000000 ___HD () C:\Users\Wolf\Documents\PhraseExpress
2015-03-05 11:55 - 2014-04-22 00:36 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\ClassicShell
2015-03-05 11:45 - 2010-02-09 20:56 - 01611396 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-05 11:43 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-05 11:43 - 2009-07-14 05:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-05 11:38 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-05 09:36 - 2014-04-16 11:37 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Dropbox
2015-03-05 01:11 - 2012-08-27 21:09 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Skype
2015-03-04 23:45 - 2014-11-08 11:00 - 00001580 _____ () C:\Users\Wolf\Desktop\DesktopOK.ini
2015-03-04 18:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-04 18:07 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public\Libraries
2015-03-04 16:34 - 2010-10-15 21:06 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Mozilla
2015-03-04 02:03 - 2012-08-25 12:04 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Schreib-Lese
2015-03-04 01:51 - 2010-10-15 21:48 - 00000000 ____D () C:\Users\Wolf
2015-03-02 23:55 - 2014-11-08 11:00 - 09733919 _____ () C:\Users\Wolf\Desktop\0 Parmenides.rar
2015-03-02 16:14 - 2011-06-16 02:26 - 00000000 ____D () C:\Program Files\Wise Registry Cleaner
2015-03-01 02:06 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Public
2015-03-01 00:36 - 2013-12-12 02:42 - 00000000 ____D () C:\Users\Wolf\AppData\Local\CrashDumps
2015-03-01 00:25 - 2014-09-29 09:12 - 00409334 _____ () C:\Windows\PFRO.log
2015-03-01 00:25 - 2011-07-20 15:34 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-02-28 21:49 - 2014-12-25 11:51 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-27 11:51 - 2010-12-15 01:05 - 00000000 ____D () C:\Windows\Minidump
2015-02-25 09:34 - 2014-05-01 23:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-21 00:32 - 2014-09-11 23:49 - 00007852 _____ () C:\Windows\WindowsUpdate.log
2015-02-20 23:36 - 2010-10-28 21:46 - 00007627 _____ () C:\Users\Wolf\AppData\Local\resmon.resmoncfg
2015-02-19 01:22 - 2011-10-04 00:18 - 00000000 ___RD () C:\Users\Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoTV-Kram
2015-02-16 00:05 - 2013-07-10 00:19 - 00000000 ____D () C:\Users\Wolf\AppData\Roaming\Ditto
2015-02-09 19:53 - 2014-11-08 11:00 - 10514861 _____ () C:\Users\Wolf\Desktop\0 HERAKLIT.RAR
2015-02-09 08:34 - 2014-11-26 20:08 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 23:07 - 2014-08-13 11:30 - 00000000 ____D () C:\Users\Wolf\AppData\Local\Adobe
2015-02-08 23:07 - 2012-04-25 10:56 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-08 23:07 - 2011-05-16 10:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2010-11-06 05:08 - 2011-07-09 16:29 - 6619136 _____ (© onlinetvrecorder.com) C:\Program Files\2009Decoder.exe
2014-08-11 20:25 - 2014-08-11 20:36 - 0000084 _____ () C:\Program Files\ACRONISDDIENST STARTET.vbs
2010-10-27 16:33 - 1998-09-25 14:37 - 0006054 _____ () C:\Program Files\agb.rtf
2011-12-02 23:09 - 2009-04-02 16:47 - 0648064 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\autoruns.exe
2013-09-01 11:34 - 2010-02-26 21:43 - 0293376 _____ (Gopal Adhikari) C:\Program Files\Context Menu Editor.exe
2010-10-27 16:33 - 2010-10-27 16:33 - 0002204 _____ () C:\Program Files\DeIsL1.isu
2011-11-19 01:55 - 2011-11-19 01:56 - 0001685 _____ () C:\Program Files\DeIsL2.isu
2010-10-27 16:33 - 2000-02-13 15:33 - 0017395 _____ () C:\Program Files\digibib.cnt
2010-10-27 16:33 - 2000-02-13 15:33 - 0752400 _____ () C:\Program Files\DIGIBIB.HLP
2010-10-27 16:33 - 2010-10-27 16:34 - 0004981 _____ () C:\Program Files\digibib.ini
2010-10-27 16:33 - 2000-02-13 22:41 - 1733120 _____ () C:\Program Files\Digibib2.exe
2011-08-08 17:59 - 2011-05-25 08:25 - 0007878 _____ () C:\Program Files\EULA.txt
2013-07-16 01:09 - 2013-07-16 01:00 - 0005892 _____ () C:\Program Files\Ghost für Remoce Torrent.gms
2011-11-19 01:55 - 1997-01-04 12:23 - 0246272 _____ () C:\Program Files\Gmouse.exe
2011-11-19 01:55 - 1997-01-04 12:20 - 0006909 _____ () C:\Program Files\GMOUSE.HLP
2010-10-20 17:17 - 2010-10-20 17:17 - 0890208 _____ (techPowerUp (www.techpowerup.com)) C:\Program Files\GPU-Z.0.4.7.exe
2013-06-07 23:36 - 2013-06-07 23:35 - 0023092 _____ () C:\Program Files\Kill BoxCrypt und Dropbox.exe
2013-06-07 23:22 - 2013-06-07 23:23 - 0023080 _____ () C:\Program Files\Kill BoxCryptor.exe
2013-08-01 09:56 - 2013-08-01 09:59 - 0000048 _____ () C:\Program Files\Kill DesktopOK.bat
2014-04-18 02:32 - 2014-04-17 18:22 - 0023083 _____ () C:\Program Files\Kill HddGuard.exe
2014-04-18 01:18 - 2014-04-18 01:11 - 0023079 _____ () C:\Program Files\Kill Onedrive, ehe. Skydrive.exe
2014-08-01 12:57 - 2014-07-30 14:23 - 0000028 _____ () C:\Program Files\Kill unsecapp.bat
2011-08-08 17:59 - 2011-05-25 08:25 - 0015511 _____ () C:\Program Files\license.txt
2010-10-27 16:33 - 1998-03-08 22:51 - 0001663 _____ () C:\Program Files\lizenz.txt
2010-10-27 16:33 - 1998-09-27 14:09 - 0000352 _____ () C:\Program Files\makros.txt
2011-12-05 08:47 - 2011-11-30 21:06 - 0033792 _____ (Nenad Hrg (SoftwareOK.com)) C:\Program Files\OneLoupe.exe
2011-05-16 10:10 - 2011-05-10 22:45 - 0172032 _____ (Jorgen Bosman) C:\Program Files\poweroff_deutsch.exe
2010-10-20 13:25 - 2010-10-20 13:25 - 3887480 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\procexp1204.exe
2011-08-08 17:59 - 2011-05-25 08:25 - 0002773 _____ () C:\Program Files\Setup.cfg
2010-11-06 05:08 - 2010-10-12 16:46 - 0364544 _____ (© onlinetvrecorder.com) C:\Program Files\Updater.exe
2010-10-27 16:33 - 1999-12-14 17:48 - 0003489 _____ () C:\Program Files\www.txt
2010-10-27 16:33 - 1996-02-07 08:07 - 0024576 _____ (Stirling) C:\Program Files\_ISREG32.DLL
2012-08-25 21:54 - 2012-08-25 21:55 - 0000564 _____ () C:\Users\Wolf\AppData\Roaming\pcwSIcon.ini
2014-07-15 16:11 - 2014-07-16 12:35 - 0007741 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bak
2011-07-26 23:42 - 2014-07-15 16:17 - 0007764 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bk!
2014-07-16 12:35 - 2014-07-15 16:11 - 0007555 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.bko
2011-07-26 23:37 - 2014-07-16 12:40 - 0008353 _____ () C:\Users\Wolf\AppData\Roaming\PStrip.ini
2010-11-22 18:48 - 2010-11-22 18:48 - 0000036 _____ () C:\Users\Wolf\AppData\Local\housecall.guid.cache
2014-11-12 18:09 - 2014-11-12 18:17 - 0000026 _____ () C:\Users\Wolf\AppData\Local\isoworkshop.ini
2010-10-28 21:46 - 2015-02-20 23:36 - 0007627 _____ () C:\Users\Wolf\AppData\Local\resmon.resmoncfg
2012-12-01 17:46 - 2012-12-01 17:47 - 0017408 _____ () C:\Users\Wolf\AppData\Local\WebpageIcons.db
2010-10-25 20:52 - 2010-10-25 20:53 - 0000367 _____ () C:\ProgramData\hpzinstall.log
2011-04-28 13:54 - 2011-04-28 13:54 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Some content of TEMP:
====================
C:\Users\Wolf\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwzngio.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-25 17:47
==================== End Of Log ============================
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-03-05 13:41:18
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 ST31000524AS rev.JC4B 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Wolf\AppData\Local\Temp\kwtdqpob.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAdjustPrivilegesToken [0x8AB0E0A0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAlpcConnectPort [0x8AB0E020]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwAlpcSendWaitReceivePort [0x8AB0E030]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwConnectPort [0x8AB0E050]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateSection [0x8AB0E000]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateSymbolicLinkObject [0x8AB0E410]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateThread [0x8AB0E100]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwCreateThreadEx [0x8AB0E040]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDebugActiveProcess [0x8AB0E140]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDeviceIoControlFile [0x8AB0E1E0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwDuplicateObject [0x8AB0E170]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwLoadDriver [0x8AB0E150]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwMapViewOfSection [0x8AB0E180]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenProcess [0x8AB0E080]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenSection [0x8AB0E070]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwOpenThread [0x8AB0E090]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwProtectVirtualMemory [0x8AB0E0C0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueryIntervalProfile [0x8AB0E470]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwQueueApcThread [0x8AB0E120]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwRequestWaitReplyPort [0x8AB0E1D0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwResumeProcess [0x8AB0E490]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwResumeThread [0x8AB0E1A0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSecureConnectPort [0x8AB0E060]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetContextThread [0x8AB0E110]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetInformationObject [0x8AB0E0B0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetInformationToken [0x8AB0E010]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSetSystemInformation [0x8AB0E160]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSuspendProcess [0x8AB0E1C0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSuspendThread [0x8AB0E1B0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwSystemDebugControl [0x8AB0E130]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwTerminateProcess [0x8AB0E0D0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwTerminateThread [0x8AB0E0E0]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwUnmapViewOfSection [0x8AB0E190]
SSDT \SystemRoot\system32\DRIVERS\klhk.sys ZwWriteVirtualMemory [0x8AB0E0F0]
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 1401 830789C9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830984E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 139F 8309F75C 4 Bytes [A0, E0, B0, 8A]
.text ntoskrnl.exe!KeRemoveQueueEx + 13C7 8309F784 4 Bytes [20, E0, B0, 8A] {AND AL, AH; MOV AL, 0x8a}
.text ntoskrnl.exe!KeRemoveQueueEx + 140B 8309F7C8 4 Bytes [30, E0, B0, 8A] {XOR AL, AH; MOV AL, 0x8a}
.text ntoskrnl.exe!KeRemoveQueueEx + 145B 8309F818 4 Bytes [50, E0, B0, 8A]
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 8309F87C 4 Bytes [00, E0, B0, 8A] {ADD AL, AH; MOV AL, 0x8a}
.text ...
? System32\Drivers\spnp.sys Das System kann den angegebenen Pfad nicht finden. !
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [748F24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [748D562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [748D56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [748F2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [748E85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [748E4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [748E5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [748E51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [748E6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [748E8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [748E8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [748E90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [748EE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\explorer.exe[580] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [748E4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748F24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748D562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748D56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [748F2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748E85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748E4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748E5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748E51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [748E6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748E8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [748E8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748E90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [748EE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
IAT C:\Windows\Explorer.EXE[600] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [748E4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs 858941F8
AttachedDevice \FileSystem\Ntfs \Ntfs cbfs4.sys
Device \Driver\volmgr \Device\VolMgrControl 858901F8
Device \Driver\usbuhci \Device\USBPDO-0 8695F1F8
Device \Driver\usbuhci \Device\USBPDO-1 8695F1F8
Device \Driver\usbehci \Device\USBPDO-2 86930500
Device \Driver\usbuhci \Device\USBPDO-3 8695F1F8
Device \Driver\PCI_PNP3664 \Device\00000060 spnp.sys
Device \Driver\usbuhci \Device\USBPDO-4 8695F1F8
AttachedDevice \Driver\tdx \Device\Tcp kltdi.sys
Device \Driver\usbuhci \Device\USBPDO-5 8695F1F8
Device \Driver\usbuhci \Device\USBPDO-6 8695F1F8
Device \Driver\volmgr \Device\HarddiskVolume1 858901F8
Device \Driver\usbehci \Device\USBPDO-7 86930500
Device \Driver\volmgr \Device\HarddiskVolume2 858901F8
Device \Driver\atapi \Device\Ide\IdePort0 858921F8
Device \Driver\atapi \Device\Ide\IdePort1 858921F8
Device \Driver\atapi \Device\Ide\IdePort2 858921F8
Device \Driver\atapi \Device\Ide\IdePort3 858921F8
Device \Driver\atapi \Device\Ide\IdePort4 858921F8
Device \Driver\atapi \Device\Ide\IdePort5 858921F8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-4 858921F8
Device \Driver\volmgr \Device\HarddiskVolume3 858901F8
Device \Driver\volmgr \Device\HarddiskVolume4 858901F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 868531F8
Device \Driver\sptd \Device\2050136112 spnp.sys
AttachedDevice \Driver\tdx \Device\Udp kltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp kltdi.sys
Device \Driver\usbuhci \Device\USBFDO-0 8695F1F8
Device \Driver\usbuhci \Device\USBFDO-1 8695F1F8
Device \Driver\usbehci \Device\USBFDO-2 86930500
Device \Driver\usbuhci \Device\USBFDO-3 8695F1F8
Device \Driver\usbuhci \Device\USBFDO-4 8695F1F8
Device \Driver\usbuhci \Device\USBFDO-5 8695F1F8
Device \Driver\usbuhci \Device\USBFDO-6 8695F1F8
Device \Driver\usbehci \Device\USBFDO-7 86930500
Device \Driver\ap08fn0l \Device\Scsi\ap08fn0l1 86A5F500
---- Trace I/O - GMER 2.1 ----
Trace ntoskrnl.exe CLASSPNP.SYS disk.sys vidsflt.sys halacpi.dll ACPI.sys >>UNKNOWN [0x858921f8]<< 858921f8
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86713518] 86713518
Trace 3 CLASSPNP.SYS[8afcf59e] -> nt!IofCallDriver -> [0x86712478] 86712478
Trace 5 vidsflt.sys[8a59f130] -> nt!IofCallDriver -> [0x86643918] 86643918
Trace 7 ACPI.sys[8a5443d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0x86650030] 86650030
Trace \Driver\atapi[0x8661a030] -> IRP_MJ_CREATE -> 0x858921f8 858921f8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB0 0xC2 0x98 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD7 0x25 0x55 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6B 0xAD 0x1F 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x16 0x7B 0xA2 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x16 0x7B 0xA2 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x6B 0xAD 0x1F 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB0 0xC2 0x98 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD7 0x25 0x55 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6B 0xAD 0x1F 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x16 0x7B 0xA2 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x16 0x7B 0xA2 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x6B 0xAD 0x1F 0x16 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----