| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: babylon search entfernen adwcleaner_logfileWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.09.2012, 22:41
| #1 |
 |  babylon search entfernen adwcleaner_logfile Ich bitte euch um Hilfe. Habe in einem anderen Thread gelesen dass dieser Logfile gewünscht wurde. Deshalb habe ich den gleich gemacht: Vielen Dank im Voraus. # AdwCleaner v2.000 - Datei am 09/03/2012 um 23:22:30 erstellt # Aktualisiert am 30/08/2012 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzer : R - R-HP # Normaler Modus : Normal # Ausgeführt unter : C:\Users\R\Downloads\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml Datei Gefunden : C:\user.js Ordner Gefunden : C:\ProgramData\Babylon ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\DSNR Labs Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gefunden : HKLM\Software\Babylon Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gefunden : HKU\S-1-5-21-74249840-2228024122-3059207861-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKU\S-1-5-21-74249840-2228024122-3059207861-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=112542&tt=201208_mnt_n_3412_4&babsrc=HP_ss&mntrId=76331e290000000000006431501cd21b -\\ Mozilla Firefox v15.0 (de) -\\ Google Chrome v21.0.1180.89 ************************* AdwCleaner[R1].txt - [2120 octets] - [03/09/2012 23:22:30] ########## EOF - C:\AdwCleaner[R1].txt - [2180 octets] ########## |
|
04.09.2012, 22:18
| #2 |
| /// Selecta Jahrusso   | babylon search entfernen adwcleaner_logfile Starte das Tool erneut und drücke auf Löschen ( oder so ähnlich, wurde vor kurzem übersetzt )
__________________Berichte mal.
__________________ |
|
04.09.2012, 23:16
| #3 |
| | babylon search entfernen adwcleaner_logfile Hat anscheinend gut geklappt. Wenn ich im Firefox unter about:config nach babylon suche
__________________kommen aber noch ganz viele Einträge. browser.search.defaultenginename;Search the web (Babylon) browser.search.order.1;Search the web (Babylon) extensions.BabylonToolbar.admin;false extensions.BabylonToolbar.aflt;babsst extensions.BabylonToolbar.appId;{BDB69379-802F-4eaf-B541-F8DE92DD98DB} extensions.BabylonToolbar.autoRvrt;false extensions.BabylonToolbar.babExt; extensions.BabylonToolbar.babTrack;affID=112542&tt=201208_mnt_n_3412_4 extensions.BabylonToolbar.cntry;DE extensions.BabylonToolbar.dfltLng;en extensions.BabylonToolbar.dp_alert;newBlk extensions.BabylonToolbar.envrmnt;production extensions.BabylonToolbar.excTlbr;false extensions.BabylonToolbar.hdrMd5;066078F2062F8B9DBF3C4DCE1E2A2BA9 extensions.BabylonToolbar.hmpg;false extensions.BabylonToolbar.id;76331e290000000000006431501cd21b extensions.BabylonToolbar.instlDay;15578 extensions.BabylonToolbar.instlRef;sst extensions.BabylonToolbar.isdcmntcmplt;true extensions.BabylonToolbar.lastVrsnTs;1.6.9.1218:14:19 extensions.BabylonToolbar.mntrvrsn;1.3.1 extensions.BabylonToolbar.newTab;false extensions.BabylonToolbar.prdct;BabylonToolbar extensions.BabylonToolbar.prtnrId;babylon extensions.BabylonToolbar.sg;none extensions.BabylonToolbar.smplGrp;none extensions.BabylonToolbar.srcExt;ss extensions.BabylonToolbar.tlbrId;base extensions.BabylonToolbar.tlbrSrchUrl;Babylon Search extensions.BabylonToolbar.vrsn;1.6.9.12 extensions.BabylonToolbar.vrsnTs;1.6.9.1218:14:19 extensions.BabylonToolbar.vrsni;1.6.9.12 extensions.BabylonToolbar_i.babExt; extensions.BabylonToolbar_i.babTrack;affID=112542&tt=201208_mnt_n_3412_4 extensions.BabylonToolbar_i.newTab;false extensions.BabylonToolbar_i.smplGrp;none extensions.BabylonToolbar_i.srcExt;ss extensions.BabylonToolbar_i.vrsnTs;1.6.9.1218:14:19 extensions.BabylonToolbar.cntry;DE extensions.BabylonToolbar.cntry;DE Vielen Dank |
|
04.09.2012, 23:29
| #4 |
| /// Selecta Jahrusso | babylon search entfernen adwcleaner_logfile Findest du keinen Babylon Toolbar Eintrag mehr über Extras --> Add Ons --> Erweiterungen ? Auch mal in der Liste der installierten Software nachsehen ^^
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
04.09.2012, 23:39
| #5 |
| | babylon search entfernen adwcleaner_logfile hat wohl doch nicht geklappt, im Chrome ist immer noch babylon, im Firefox habe ich ein paar einträg mit der von mir gewünschten URL überschrieben gehabt |
|
04.09.2012, 23:42
| #6 |
| /// Selecta Jahrusso | babylon search entfernen adwcleaner_logfile Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
/md5start
services.exe
user32.dll
/md5stop
CREATERESTOREPOINT
__________________ --> babylon search entfernen adwcleaner_logfile |
|
05.09.2012, 00:25
| #7 |
| | babylon search entfernen adwcleaner_logfile Hier die LogfilesOTL Logfile: Code:
ATTFilter OTL logfile created on: 05.09.2012 00:50:39 - Run 1 OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\R\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 66,06% Memory free 6,99 Gb Paging File | 5,69 Gb Available in Paging File | 81,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,42 Gb Total Space | 49,97 Gb Free Space | 44,85% Space Free | Partition Type: NTFS Drive D: | 5,82 Gb Total Space | 0,72 Gb Free Space | 12,42% Space Free | Partition Type: NTFS Drive F: | 465,76 Gb Total Space | 421,24 Gb Free Space | 90,44% Space Free | Partition Type: NTFS Drive G: | 2,00 Gb Total Space | 1,66 Gb Free Space | 82,84% Space Free | Partition Type: NTFS Drive H: | 7,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive I: | 222,98 Gb Total Space | 148,88 Gb Free Space | 66,77% Space Free | Partition Type: NTFS Drive J: | 7,89 Gb Total Space | 0,93 Gb Free Space | 11,73% Space Free | Partition Type: NTFS Computer Name: R-HP | User Name: R | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.05 00:43:54 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\R\Desktop\OTL.exe PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.07.19 15:18:38 | 002,568,120 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe PRC - [2012.07.14 03:27:37 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.07.14 03:24:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2012.07.03 03:21:38 | 026,868,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\R\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.07.02 17:12:50 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.07.02 17:12:42 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.07.02 17:12:40 | 000,975,288 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe PRC - [2012.06.17 09:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe PRC - [2012.06.11 19:19:36 | 000,468,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.06.11 19:19:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012.05.30 10:29:38 | 007,408,544 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe PRC - [2012.05.30 10:29:38 | 003,901,856 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Wacom\Wacom_TouchUser.exe PRC - [2012.05.30 10:29:38 | 001,624,480 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Wacom\Wacom_TabletUser.exe PRC - [2012.05.30 10:29:38 | 000,483,744 | ---- | M] (Wacom Technology, Corp.) -- C:\Programme\Tablet\Wacom\Wacom_TouchService.exe PRC - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Support Framework\HPSA_Service.exe PRC - [2011.05.05 16:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsvc.exe PRC - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011.03.17 15:06:50 | 000,132,152 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe PRC - [2011.03.17 15:06:30 | 002,941,496 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe PRC - [2011.03.16 11:26:42 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Programme\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe PRC - [2011.03.16 11:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Programme\Common Files\Portrait Displays\Drivers\pdisrvc.exe PRC - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.10 16:36:48 | 000,110,592 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe PRC - [2009.03.16 00:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonServer.exe PRC - [2009.03.16 00:47:24 | 000,139,264 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonClient.exe PRC - [2009.03.16 00:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Programme\AMD\RAIDXpert\bin\RAIDXpertService.exe PRC - [2009.03.16 00:47:20 | 000,065,536 | ---- | M] () -- C:\Programme\AMD\RAIDXpert\bin\RAIDXpert.exe PRC - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Modules (No Company Name) ========== MOD - [2012.07.28 15:01:48 | 000,877,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll MOD - [2012.07.21 14:56:40 | 000,092,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll MOD - [2012.07.21 14:56:40 | 000,077,368 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll MOD - [2012.07.15 16:05:21 | 000,115,137 | ---- | M] () -- C:\Users\R\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll MOD - [2012.07.15 16:02:02 | 014,336,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\05ad0cf032033919336e9a3facdf73d1\Kies.Theme.ni.dll MOD - [2012.07.15 16:02:02 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\9287058baeb2cad006deda841913c692\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll MOD - [2012.07.15 16:02:01 | 000,506,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\b75b9de1dd49837d194511e6470c5ed2\Kies.Common.MediaDB.ni.dll MOD - [2012.07.15 16:02:00 | 000,194,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\4401f8d840e3d7a09d7f555a53d713ef\ASF_cSharpAPI.ni.dll MOD - [2012.07.15 16:02:00 | 000,062,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\b3c444af553319740da198117843ff51\Kies.Common.AllShare.ni.dll MOD - [2012.07.15 16:02:00 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\7659186cf36ec04feb3156802c29507d\Kies.Common.StoreManager.ni.dll MOD - [2012.07.15 16:01:59 | 000,276,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\dd028c91e8f8852ab2ed9cb1cc92d4d9\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll MOD - [2012.07.15 16:01:59 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\25cf4f8787b24f2e1a104df1aad22a0b\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll MOD - [2012.07.15 16:01:59 | 000,046,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AdminCmdAgent\8c8e5aa9d6ccbb5d34bc24fb6c626953\AdminCmdAgent.ni.dll MOD - [2012.07.15 16:01:58 | 000,563,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\e002cf93ab409473876e76984c252387\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2012.07.15 16:01:58 | 000,561,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a6cd23051fb43779426900c9d2acd6e7\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll MOD - [2012.07.15 16:01:58 | 000,174,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\96cb2ec6e8aeaacd26c6034d876f3ac2\Interop.DevFileServiceLib.ni.dll MOD - [2012.07.15 16:01:56 | 001,011,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\347871493efe3049b2de559aece4c546\Kies.Common.DeviceService.ni.dll MOD - [2012.07.15 16:01:56 | 000,894,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\990946db7d3660a87a755b44979c79f3\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll MOD - [2012.07.15 16:01:56 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d94dc15b2daff1d72d41f1def3a0b021\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2012.07.15 16:01:55 | 002,187,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\2cc285c6ad5cfbaebadc53d46dff3cd6\Kies.Common.Multimedia.ni.dll MOD - [2012.07.15 16:01:54 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\b0b31095249cec5ef5c0407fa6b7fc22\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2012.07.15 16:01:54 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\c99811c6a988ca6c2104a5b45acbddbb\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2012.07.15 16:01:54 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\cbeefee33636e0d0be226cf11e180ba3\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2012.07.15 16:01:54 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\ef9f4aaffdadfc31070e1a838951b277\Interop.PRPLAYERCORELib.ni.dll MOD - [2012.07.15 16:01:52 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\b9f54fbb09b9a5adfa8a342a07011ea2\Kies.Common.MainUI.ni.dll MOD - [2012.07.15 16:01:51 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\6265ffca46eab52d5f798847b5ea908c\CabLib.ni.dll MOD - [2012.07.15 16:01:51 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\d3f05f6604ef947139cd48fbb08f5206\Kies.Common.DBManager.ni.dll MOD - [2012.07.15 16:01:50 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll MOD - [2012.07.15 16:01:49 | 001,671,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\8c9ec54428e115ef6846cccd69247d70\Kies.UI.ni.dll MOD - [2012.07.15 16:01:49 | 000,530,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\2d7161baa59dd2c1c39f4a192d760e7d\ICSharpCode.SharpZipLib.ni.dll MOD - [2012.07.15 16:01:49 | 000,261,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\5ebd38662499550bf9665913962f6b3d\Kies.Common.Util.ni.dll MOD - [2012.07.15 16:01:48 | 001,381,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\7a59be2dfd1d3f99b3489eea8df66016\Kies.Locale.ni.dll MOD - [2012.07.15 16:01:48 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\9a6bad5be6518d4a975893676a49a82c\Interop.DeviceSearchLib.ni.dll MOD - [2012.07.15 16:01:47 | 001,181,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\73962fb5234895e46e79de6e1711d093\Kies.Interface.ni.dll MOD - [2012.07.15 16:01:47 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\3f6f79987f17c00edce423932abd1cf2\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2012.07.15 16:01:47 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\adb0105c92aaf42f571a2fd25a4228a9\Kies.MVVM.ni.dll MOD - [2012.07.15 16:01:41 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll MOD - [2012.07.15 16:01:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll MOD - [2012.07.15 16:01:30 | 001,690,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\85a198a48a4b5798d882cabc4d5489dd\Kies.ni.exe MOD - [2012.07.15 16:01:29 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012.07.15 15:58:39 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012.07.15 15:58:26 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012.07.15 15:58:17 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012.07.15 15:58:17 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.07.15 15:58:13 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll MOD - [2012.07.15 15:58:12 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012.07.15 15:58:07 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll MOD - [2012.07.15 15:58:02 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012.07.15 15:58:00 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll MOD - [2012.07.15 15:57:59 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.07.15 15:57:53 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2012.07.14 03:16:51 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2012.07.14 03:16:51 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll MOD - [2012.07.14 03:16:45 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2012.07.14 03:16:43 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2012.07.13 19:50:47 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012.07.13 19:49:43 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012.07.13 19:45:11 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012.07.13 19:45:07 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll MOD - [2012.07.13 19:44:57 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll MOD - [2012.07.13 19:44:49 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.07.13 19:44:47 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll MOD - [2012.07.13 19:44:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.07.13 19:44:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.07.13 19:44:33 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll MOD - [2012.07.13 19:44:33 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll MOD - [2012.07.13 19:44:32 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll MOD - [2012.07.13 19:44:29 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.07.13 19:44:24 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.07.13 19:44:22 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.07.13 19:44:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.07.13 19:44:15 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.07.13 19:44:11 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.07.02 17:12:50 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012.05.30 10:29:38 | 000,963,488 | ---- | M] () -- C:\Programme\Tablet\Wacom\libxml2.dll MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.01.08 15:41:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2011.03.17 15:09:16 | 000,036,408 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Remote.dll MOD - [2011.03.17 15:08:42 | 000,097,336 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll MOD - [2011.03.17 15:08:30 | 000,046,136 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Power Assistant\Graphs.dll MOD - [2010.12.13 13:49:12 | 000,886,272 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL MOD - [2010.11.20 23:29:11 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.11.13 01:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.05.27 12:40:48 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.04.16 14:20:06 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe ========== Services (SafeList) ========== SRV - [2012.08.25 03:59:11 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.07.19 15:18:38 | 002,568,120 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe) SRV - [2012.07.14 00:15:26 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.17 09:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2012.06.11 19:19:02 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.05.30 10:29:38 | 007,408,544 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom) SRV - [2012.05.30 10:29:38 | 000,483,744 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom) SRV - [2011.09.27 21:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.09.09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011.05.05 16:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2011.03.28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011.03.17 15:06:50 | 000,132,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV - [2011.03.16 11:26:40 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Programme\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.10 16:36:48 | 000,110,592 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent) SRV - [2009.03.16 00:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Programme\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert) SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.08.21 11:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.07.14 00:03:36 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012.06.17 09:51:54 | 000,137,488 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2012.06.11 20:58:44 | 008,733,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.06.11 18:25:48 | 000,295,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012.05.30 10:30:06 | 000,056,184 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wachidrouter.sys -- (WacHidRouter) DRV - [2012.05.30 10:30:06 | 000,011,640 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf) DRV - [2012.05.07 14:42:30 | 000,013,688 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacomrouterfilter.sys -- (wacomrouterfilter) DRV - [2011.09.02 08:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2011.09.02 08:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2011.09.02 08:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.11.04 21:52:50 | 000,064,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata) DRV - [2010.11.04 21:52:50 | 000,032,384 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata) DRV - [2010.05.06 11:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2009.10.20 15:15:00 | 000,185,912 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009.05.11 11:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp) DRV - [2009.05.05 12:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{263AC96D-6973-4C7B-BA7B-C8207F88397E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q=" FF - prefs.js..network.proxy.type: 4 FF - HKLM\Software\MozillaPlugins\@xxxxx.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\xxxxx Acrobat: C:\Program Files\xxxxx\Acrobat 9.0\Acrobat\Air\nppdf32.dll (xxxxx Systems Inc.) FF - HKLM\Software\MozillaPlugins\xxxxx Reader: C:\Program Files\xxxxx\Reader 10.0\Reader\AIR\nppdf32.dll (xxxxx Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\R\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\R\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.30 19:52:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.03 22:46:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.15 15:09:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.07.13 20:02:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\R\AppData\Roaming\mozilla\Extensions [2012.09.05 00:41:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\R\AppData\Roaming\mozilla\Firefox\Profiles\opyqcdm6.default\extensions [2012.07.15 15:22:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\R\AppData\Roaming\mozilla\Firefox\Profiles\opyqcdm6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.07.15 15:22:32 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\R\AppData\Roaming\mozilla\Firefox\Profiles\opyqcdm6.default\extensions\DeviceDetection@logitech.com [2012.07.15 15:22:33 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\R\AppData\Roaming\mozilla\Firefox\Profiles\opyqcdm6.default\extensions\ich@maltegoetz.de [2012.05.18 21:22:46 | 000,000,933 | ---- | M] () -- C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\opyqcdm6.default\searchplugins\11-suche.xml [2012.05.18 21:22:46 | 000,002,419 | ---- | M] () -- C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\opyqcdm6.default\searchplugins\englische-ergebnisse.xml [2012.05.18 21:22:46 | 000,010,525 | ---- | M] () -- C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\opyqcdm6.default\searchplugins\gmx-suche.xml [2012.05.18 21:22:46 | 000,002,457 | ---- | M] () -- C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\opyqcdm6.default\searchplugins\lastminute.xml [2012.05.18 21:22:46 | 000,005,508 | ---- | M] () -- C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\opyqcdm6.default\searchplugins\webde-suche.xml [2012.09.03 22:46:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.08.30 19:52:48 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.07.19 16:29:32 | 000,060,833 | ---- | M] () (No name found) -- C:\USERS\R\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OPYQCDM6.DEFAULT\EXTENSIONS\FIREDIFF@JOHNJBARTON.COM.XPI [2012.09.05 00:41:51 | 000,010,175 | ---- | M] () (No name found) -- C:\USERS\R\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OPYQCDM6.DEFAULT\EXTENSIONS\INFO@CSSUPDATER.COM.XPI [2012.08.25 04:00:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - homepage: CHR - Extension: avast! WebRep = C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ O1 HOSTS File: ([2012.07.14 15:25:08 | 000,003,971 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 80 more lines... O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe () O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - Startup: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\R\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AE44DF0-E084-4141-811A-99ECB2745418}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.06.13 11:12:34 | 000,000,043 | R--- | M] () - H:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - I:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2e682a4f-cd03-11e1-b9f0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2e682a4f-cd03-11e1-b9f0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe O33 - MountPoints2\{72bfeed9-cd34-11e1-8040-6431501cd21b}\Shell - "" = AutoRun O33 - MountPoints2\{72bfeed9-cd34-11e1-8040-6431501cd21b}\Shell\AutoRun\command - "" = H:\start.exe -- [2011.06.30 15:56:48 | 005,695,384 | R--- | M] (video2brain ) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: PDF Complete - hkey= - key= - C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.05 00:43:52 | 000,599,040 | ---- | C] (OldTimer Tools) -- C:\Users\R\Desktop\OTL.exe [2012.09.03 22:53:40 | 000,000,000 | ---D | C] -- C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.09.03 22:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.09.03 22:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.09.02 16:31:42 | 000,000,000 | ---D | C] -- C:\Users\R\AppData\Roaming\vlc [2012.09.02 16:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.09.02 16:31:02 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012.09.01 02:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.08.27 14:03:03 | 000,000,000 | ---D | C] -- C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends [2012.08.27 13:21:10 | 000,000,000 | ---D | C] -- C:\xampp [2012.08.26 18:17:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2012.08.26 18:14:25 | 000,000,000 | ---D | C] -- C:\Users\R\AppData\Roaming\eType [2012.08.26 18:14:10 | 000,000,000 | ---D | C] -- C:\Users\R\AppData\Roaming\Babylon [2012.08.17 17:45:28 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile [2012.08.10 13:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva [2012.08.10 13:07:37 | 000,666,024 | ---- | C] (WIBU-SYSTEMS AG) -- C:\Windows\System32\WibuCm32.dll [2012.08.10 13:07:37 | 000,000,000 | ---D | C] -- C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recover My Files v4 [2012.08.10 13:07:37 | 000,000,000 | ---D | C] -- C:\Program Files\CodeMeter [2012.08.10 13:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\GetData [2012.08.08 23:49:46 | 000,000,000 | ---D | C] -- C:\Users\R\AppData\Roaming\Leadertech [2012.08.08 23:49:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2012.08.08 23:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012.08.08 23:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2012.08.08 23:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd [2012.08.08 23:48:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd [2012.08.08 23:47:55 | 000,000,000 | ---D | C] -- C:\Users\R\AppData\Roaming\Logitech [2012.08.08 23:47:55 | 000,000,000 | ---D | C] -- C:\Users\R\AppData\Roaming\Logishrd ========== Files - Modified Within 30 Days ========== [2012.09.05 00:46:21 | 000,002,402 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.09.05 00:43:54 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\R\Desktop\OTL.exe [2012.09.05 00:01:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.04 23:57:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-74249840-2228024122-3059207861-1000UA.job [2012.09.04 22:57:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-74249840-2228024122-3059207861-1000Core.job [2012.09.04 21:14:04 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.04 21:14:04 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.04 21:11:32 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.04 21:11:32 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.04 21:11:32 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.04 21:11:32 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.04 21:08:05 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.04 21:06:58 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock [2012.09.04 21:06:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.04 21:06:51 | 2814,947,328 | -HS- | M] () -- C:\hiberfil.sys [2012.09.03 22:53:41 | 000,002,336 | ---- | M] () -- C:\Users\R\Desktop\Google Chrome.lnk [2012.09.03 22:50:45 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForR.job [2012.09.03 22:46:28 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.09.02 16:31:13 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.08.30 19:52:48 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.08.27 14:03:03 | 000,000,608 | ---- | M] () -- C:\Users\R\Desktop\XAMPP Control Panel.lnk [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2012.08.21 11:13:14 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2012.08.17 17:46:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf [2012.08.15 03:18:01 | 003,649,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.10 13:23:07 | 000,001,797 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk [2012.08.10 13:11:30 | 000,001,196 | ---- | M] () -- C:\Users\R\Desktop\Recover My Files.lnk ========== Files Created - No Company Name ========== [2012.09.04 21:06:58 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock [2012.09.03 22:53:41 | 000,002,336 | ---- | C] () -- C:\Users\R\Desktop\Google Chrome.lnk [2012.09.03 22:52:45 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-74249840-2228024122-3059207861-1000UA.job [2012.09.03 22:52:45 | 000,001,052 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-74249840-2228024122-3059207861-1000Core.job [2012.09.03 22:46:28 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.09.03 22:46:28 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.09.02 16:31:13 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012.08.27 14:03:03 | 000,000,608 | ---- | C] () -- C:\Users\R\Desktop\XAMPP Control Panel.lnk [2012.08.17 17:46:10 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf [2012.08.17 17:45:35 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk [2012.08.10 13:07:38 | 000,001,196 | ---- | C] () -- C:\Users\R\Desktop\Recover My Files.lnk [2012.07.15 22:33:02 | 000,000,191 | ---- | C] () -- C:\Windows\System32\HPPA.ini [2012.07.14 03:17:33 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2012.07.14 03:17:32 | 000,696,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2012.07.14 03:17:32 | 000,147,916 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2012.07.14 03:17:32 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2012.07.13 22:59:27 | 000,002,402 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.07.13 20:16:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.06.26 16:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.06.26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.06.26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.06.26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.06.26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.06.11 18:41:48 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.06.11 18:41:48 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.04.12 21:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe ========== LOP Check ========== [2012.08.26 18:14:10 | 000,000,000 | ---D | M] -- C:\Users\R\AppData\Roaming\Babylon [2012.07.14 00:06:44 | 000,000,000 | ---D | M] -- C:\Users\R\AppData\Roaming\DAEMON Tools Lite [2012.09.04 21:08:17 | 000,000,000 | ---D | M] -- C:\Users\R\AppData\Roaming\Dropbox [2012.07.27 14:09:29 | 000,000,000 | ---D | M] -- C:\Users\R\AppData\Roaming\elsterformular [2012.08.26 18:16:42 | 000,000,000 | ---D | M] -- C:\Users\R\AppData\Roaming\eType [2012.08.13 02:20:26 | 000,000,000 | ---D | M] -- C:\Users\R\AppData\Roaming\FileZilla [2012.07.16 20:29:57 | 000,000,000 | ---D | M] -- C:\Users\R\AppData\Roaming\GalileoPress [2012.08.08 23:49:46 | 000,000,000 | ---D | M] -- C:\Users\R\AppData\Roaming\Leadertech [2012.07.15 16:05:16 | 000,000,000 | ---D | M] -- C:\Users\R\AppData\Roaming\Samsung [2012.07.21 00:10:04 | 000,000,000 | ---D | M] -- C:\Users\R\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.07.15 15:07:21 | 000,000,000 | ---D | M] -- C:\Users\R\AppData\Roaming\Thunderbird [2012.07.21 14:54:49 | 000,000,000 | ---D | M] -- C:\Users\R\AppData\Roaming\WinBatch [2009.07.14 06:53:46 | 000,020,034 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.08.15 17:01:19 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2012.07.13 20:38:56 | 000,000,000 | ---D | M] -- C:\AMD [2012.09.03 22:50:35 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.07.13 17:58:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.07.13 17:59:17 | 000,000,000 | RHSD | M] -- C:\HP [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.09.03 22:31:04 | 000,000,000 | R--D | M] -- C:\Program Files [2012.09.04 21:06:58 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.07.13 17:58:37 | 000,000,000 | -HSD | M] -- C:\Programme [2011.02.10 22:33:59 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.07.14 15:38:38 | 000,000,000 | R--D | M] -- C:\Sandbox [2012.07.13 19:12:59 | 000,000,000 | ---D | M] -- C:\SWSETUP [2012.09.05 00:52:10 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.07.13 19:12:55 | 000,000,000 | -H-D | M] -- C:\system.sav [2012.07.15 16:21:13 | 000,000,000 | ---D | M] -- C:\Temp [2012.07.13 17:59:10 | 000,000,000 | R--D | M] -- C:\Users [2012.09.05 00:46:21 | 000,000,000 | ---D | M] -- C:\Windows [2012.08.27 14:06:36 | 000,000,000 | ---D | M] -- C:\xampp < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %windir%\installer\*. /5 > [2012.09.03 22:31:08 | 000,000,000 | ---D | M] -- C:\Windows\installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} [2012.09.03 22:37:33 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AC76BA86-7AD7-1031-7B44-AA1000000001} < %localappdata%\*. /5 > [2012.09.03 22:52:45 | 000,000,000 | ---D | M] -- C:\Users\R\AppData\Local\Google [2012.09.05 00:49:30 | 000,000,000 | ---D | M] -- C:\Users\R\AppData\Local\Temp < MD5 for: SERVICES.EXE > [2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe [2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe < MD5 for: USER32.DLL > [2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.09.2012 00:50:39 - Run 1
OTL by OldTimer - Version 3.2.60.0 Folder = C:\Users\R\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 66,06% Memory free
6,99 Gb Paging File | 5,69 Gb Available in Paging File | 81,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,42 Gb Total Space | 49,97 Gb Free Space | 44,85% Space Free | Partition Type: NTFS
Drive D: | 5,82 Gb Total Space | 0,72 Gb Free Space | 12,42% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 421,24 Gb Free Space | 90,44% Space Free | Partition Type: NTFS
Drive G: | 2,00 Gb Total Space | 1,66 Gb Free Space | 82,84% Space Free | Partition Type: NTFS
Drive H: | 7,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 222,98 Gb Total Space | 148,88 Gb Free Space | 66,77% Space Free | Partition Type: NTFS
Drive J: | 7,89 Gb Total Space | 0,93 Gb Free Space | 11,73% Space Free | Partition Type: NTFS
Computer Name: R-HP | User Name: R | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012AE7AA-6E2E-4FAC-9605-15F4D620FBC0}" = rport=138 | protocol=17 | dir=out | app=system |
"{0301C5AB-B34C-4945-95C2-0D996A94A092}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{1375EBE9-DA9A-4972-839A-93D52FFE647A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{14346479-2A42-47BA-B438-8FC684475DF0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4AA124DC-BA9B-40EA-BFE3-1C3685A94F27}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4C3F35D1-B044-4FC0-9A50-25D28A365A42}" = lport=445 | protocol=6 | dir=in | app=system |
"{568CF5C5-624E-456B-8EE8-8DFB66524934}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{673239C1-2702-41D5-B4DF-C12F36AD3EE4}" = rport=445 | protocol=6 | dir=out | app=system |
"{6BCC1344-FC94-4023-AFED-CC006A8B18AF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F0A0222-0677-48F1-B8F4-B4F9013DC50C}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{76BA04BB-FCC4-4ED9-B31B-C6022B66354D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{804EF7CD-5B49-4723-83F1-B6EE503C1213}" = rport=139 | protocol=6 | dir=out | app=system |
"{882CCA47-E289-4B38-BF9D-9803A2D868B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{886F43FB-6510-4CD9-BFFE-C9ACC094347E}" = rport=137 | protocol=17 | dir=out | app=system |
"{8942D051-BCC8-4426-8A35-D180F2F04E31}" = lport=2869 | protocol=6 | dir=in | app=system |
"{897652EB-5B03-463B-82DD-D846B4D7E840}" = lport=139 | protocol=6 | dir=in | app=system |
"{8CF1BD0B-A2AD-4A37-8984-E18DF03D8B07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{94301F77-9491-40B6-9495-0A35F32C9108}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{95EF7AF0-7C8F-4D31-ACC4-03127C817349}" = lport=137 | protocol=17 | dir=in | app=system |
"{9A5DD8E4-3F14-4FC0-88B8-5057EF240B30}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A8EA3341-AF24-478C-9EBA-F80F20FEF26A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AEBA4B03-7DA2-46F9-935D-984EEEEEE199}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B6F0C020-3DF0-40F3-9F24-8BDF631430AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C2E7FE8D-8C12-41BE-9487-D7542B6B6EDF}" = lport=138 | protocol=17 | dir=in | app=system |
"{C8321D5F-B078-4B31-AA2F-A42712404888}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{CD30D31A-2BC1-4088-8C95-2B94CFEA4BCA}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DBD00219-59BD-4924-99A6-BF53BC3BCBDC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DD45599A-598C-4172-A1C8-E71F09883EC2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EA12D637-BC01-4EC5-BD85-54D2CD8F2F4A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF108B1D-5419-4BE0-A3A2-182F1D7B8321}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F7C07BB-CC4A-4B68-8A57-A746846828AB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{11ED8C4A-369C-4F01-A126-27D246ACD8A6}" = protocol=6 | dir=in | app=c:\users\r\appdata\roaming\dropbox\bin\dropbox.exe |
"{19E399EC-6F0C-417D-8918-A90896485CD6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1B38219B-3127-4EAC-840D-FC7B4F79E8F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C10C058-0522-4F30-BCBD-8E4FD36865D0}" = protocol=6 | dir=out | app=system |
"{1D4812FF-D5EC-4ADD-A893-6B4A1E8ED85E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{249BCA5D-A530-4A7A-BC9A-852DA9552877}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{28A571CD-908F-47F3-976D-5F497903BCE9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2BC1493F-F9D6-4104-A994-EA9ED0CB7985}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C9CFAEE-D671-4D15-96D1-A87681F0D467}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{362B60C1-E4E5-469C-A841-8E67B32E8691}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{382D4287-6823-4A85-9672-1A2E123801C9}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4264E8D5-CF19-4F1A-B8A2-D00ABF0AE805}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{438186E3-9291-4635-9391-A6DF3F2FA765}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4CE6E7CE-76C4-499B-B334-6F2396FED437}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{64E91BDB-FA3F-4058-AAAC-830BF79A8CFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6AF6AC11-A712-44A6-8DA5-7FA0C54F448C}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{6FA3AD31-172F-4617-AAA2-45AB6EEE230B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{762B97C0-8A8E-4F18-8335-8822D2FF7BD8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7974E1DD-9009-421D-B1CC-402291870679}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{79E33D81-B761-4AEA-BB3B-983620B0985F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7F6BEB97-45DD-4B73-95C6-D991B29CFD97}" = protocol=17 | dir=in | app=c:\users\r\appdata\roaming\dropbox\bin\dropbox.exe |
"{905109B6-66D6-4ED2-A340-85AB471F70CB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{92C5C326-4E80-4B02-B005-8D734EB209E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B522E0BC-E72F-4980-8D8A-CDBC78D106B6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C086033B-4C13-48C2-840B-890117A2BDA2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C334D673-8C7F-40CE-8557-0A5BE05B0AEC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CDDD3638-0434-46AA-877B-CA81236E412A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF7FEF38-3931-45BF-BB50-09111B7E99C8}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{D1604F5B-3E30-4C88-82B0-3EB14EA14213}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D6D5074E-5EDA-426C-9ABE-B9DCB92F6B66}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D88FAD08-EA94-41BD-8171-EF2DC7DECDA7}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{E0D440F9-80C2-4F54-AB71-327B6F84C9CB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FABE04CD-C37D-4C75-9FC6-617764948A27}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"TCP Query User{38952ED8-AD7B-485C-8183-6E865BBAAE8B}C:\users\r\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\r\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{4FD8A343-1C4E-4358-99E1-1C6C5B8EEEFC}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{5382F03E-C8AD-4AA1-8438-902F90401F5A}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{6B5ABF2E-339A-43F4-9360-1816CD68B22C}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{816C11E4-9EF4-4F48-A81E-C1F987A7BFB0}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe |
"TCP Query User{E4B3C25F-7E93-46D9-97C9-D21AECEC2DE0}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{F8B970D2-FC80-4FD4-8C4F-10358A089F31}C:\xampp\filezillaftp\filezillaserver.exe" = protocol=6 | dir=in | app=c:\xampp\filezillaftp\filezillaserver.exe |
"UDP Query User{1F75BABD-0678-4174-A2FA-F0C5958D9B05}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{355DE1CE-7495-4AE5-85BA-361370AD2B41}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{5875C6A7-0BE6-4FBD-926A-4C53EDBBFE8E}C:\program files\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files\jdownloader 2\jdownloader 2.exe |
"UDP Query User{962D94C4-6E22-472E-84C4-5F29A7C96E4A}C:\users\r\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\r\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{9935DC00-A661-4A52-8AFF-39973750CDB6}C:\xampp\filezillaftp\filezillaserver.exe" = protocol=17 | dir=in | app=c:\xampp\filezillaftp\filezillaserver.exe |
"UDP Query User{9FA20A41-420D-4545-A10F-9B4621E55A2B}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{C51A7CE4-FA2E-4957-A10D-A95818B4F9E2}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06BE72CC-7FCB-4E54-8936-72F7F6EB5F84}" = HP Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CA1005F-B640-0354-EC82-F8F7447A8E8A}" = CCC Help Hungarian
{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FC472C3-6A2A-969F-10E7-E8F61B18117C}" = Catalyst Control Center Localization All
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
"{12076C90-4A78-7241-F633-4D2B019D5611}" = CCC Help Thai
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{17E11EC2-3736-10A1-330C-CC7EB6CAC6B3}" = CCC Help Turkish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{31B75145-DF24-C759-E735-9C129956961E}" = CCC Help Spanish
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F5C54C-ED39-58B4-42DA-3F20AB440E49}" = CCC Help Czech
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{641C1B16-FD4C-0F97-47AE-76637FC64225}" = CCC Help English
"{64B157C9-C291-2535-8177-237BC2D37EBF}" = CCC Help Korean
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79C2D7F9-3BF8-52C1-6A7A-84C9296171F8}" = CCC Help German
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B29E627-71A5-6824-3F85-DBEF19624BD0}" = ccc-core-static
"{7E5C379D-035B-815D-E087-4CEA06C76A08}" = AMD Drag and Drop Transcoding
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85C3024B-A974-450C-4D46-C031F801F5EC}" = ccc-utility
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{88B2BB7B-A684-E8E3-65C6-DDC5DC152C2A}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8CB77076-DB66-5D92-7886-807226C9CE4B}" = CCC Help Italian
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94F4B1D4-0BCC-E5C6-4EAE-F1A287383D5B}" = CCC Help Finnish
"{98838C21-AD83-77AA-3B09-F437C6F24F8F}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6F56DA-7051-6677-4E5A-9DC6C573F2B5}" = CCC Help Portuguese
"{9FE051B0-39BC-F5DD-C99B-0D4793184C2A}" = CCC Help Chinese Standard
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA6B96C4-7AF5-3F6A-E630-4096508A9C47}" = CCC Help Danish
"{ACFB6965-D714-3786-6B50-58E21223CB96}" = ATI AVIVO Codecs
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B48E87FE-A8D9-EE14-B607-3FA1ACEF218E}" = CCC Help Norwegian
"{B4FA8E67-D299-485A-407B-05A2681BAF47}" = CCC Help Japanese
"{BB05BC7D-BEF8-7A7B-C62E-F1BE381E70BB}" = CCC Help Swedish
"{C3FA3CCE-2A88-0976-B875-4B3E9D41204D}" = Catalyst Control Center Graphics Previews Common
"{CC3ABC81-D0BA-4790-84DC-08B702D81D95}" = HP Power Assistant
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CE9B60E1-BC90-DADA-0935-02F51FB9228C}" = AMD Catalyst Install Manager
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D34F0251-1C96-09B3-EE29-2A9148413252}" = CCC Help Chinese Traditional
"{D54A0D86-35B0-BFC8-174B-D991EDF903B8}" = Catalyst Control Center Graphics Previews Vista
"{D5610369-AF78-386F-4985-9822654973A3}" = CCC Help Polish
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E937F8DA-8C7F-ADFE-7EA5-7C1CAAB23C05}" = HydraVision
"{ECD129A4-5A21-1977-0849-6913BA6BA29C}" = CCC Help Russian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C79C7B-585D-4D80-B042-677AC7564FCA}" = Broadcom Management Programs
"{F77D44EB-2A6E-E2EE-7C30-40A5409B2650}" = CCC Help Greek
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.25 alpha
"avast" = avast! Free Antivirus
"CanonMyPrinter" = Canon My Printer
"DAEMON Tools Lite" = DAEMON Tools Lite
"ElsterFormular" = ElsterFormular
"ExamDiff_is1" = ExamDiff 1.9 (Build 1.9.0.0)
"FileZilla Client" = FileZilla Client 3.5.3
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF Complete" = PDF Complete Special Edition
"Picasa 3" = Picasa 3
"Recover My Files_is1" = Recover My Files
"Recuva" = Recuva
"Sandboxie" = Sandboxie 3.72 (32-bit)
"sp6" = Logitech SetPoint 6.32
"VLC media player" = VLC media player 2.0.3
"Wacom Tablet Driver" = Wacom Tablett
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"xampp" = XAMPP 1.8.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.08.2012 05:47:32 | Computer Name = R-HP | Source = WinMgmt | ID = 10
Description =
Error - 20.08.2012 05:08:02 | Computer Name = R-HP | Source = WinMgmt | ID = 10
Description =
Error - 21.08.2012 20:31:33 | Computer Name = R-HP | Source = WinMgmt | ID = 10
Description =
Error - 22.08.2012 10:31:40 | Computer Name = R-HP | Source = WinMgmt | ID = 10
Description =
Error - 22.08.2012 15:45:51 | Computer Name = R-HP | Source = WinMgmt | ID = 10
Description =
Error - 25.08.2012 09:32:40 | Computer Name = R-HP | Source = WinMgmt | ID = 10
Description =
Error - 26.08.2012 11:59:19 | Computer Name = R-HP | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 11.08.2012 12:59:58 | Computer Name = R-HP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.
Error - 11.08.2012 12:59:59 | Computer Name = R-HP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.
Error - 11.08.2012 13:00:00 | Computer Name = R-HP | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR4 gefunden.
Error - 11.08.2012 16:21:22 | Computer Name = R-HP | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 13.08.2012 13:26:17 | Computer Name = R-HP | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 16.08.2012 07:28:53 | Computer Name = R-HP | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 16.08.2012 07:48:06 | Computer Name = R-HP | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 25.08.2012 11:16:00 | Computer Name = R-HP | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 25.08.2012 11:22:05 | Computer Name = R-HP | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
Error - 27.08.2012 07:10:21 | Computer Name = R-HP | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
lautet: 10.
< End of report >
|
|
06.09.2012, 14:15
| #8 |
| /// Selecta Jahrusso | babylon search entfernen adwcleaner_logfile Hast du einen Google Account, der sich mit Chrome synchronisiert ? Ich bin nicht vertraut mit Chrome, also wirds lustig 
Code:
ATTFilter :otl
[2012.08.26 18:14:10 | 000,000,000 | ---D | C] -- C:\Users\R\AppData\Roaming\Babylon
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
:commands
[emptytemp]
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
06.09.2012, 21:27
| #9 |
| | babylon search entfernen adwcleaner_logfile Hier der OTL Text: All processes killed ========== OTL ========== C:\Users\R\AppData\Roaming\Babylon folder moved successfully. Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1 ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: R ->Temp folder emptied: 523630092 bytes ->Temporary Internet Files folder emptied: 78978767 bytes ->Java cache emptied: 341785 bytes ->FireFox cache emptied: 271400616 bytes ->Google Chrome cache emptied: 66289936 bytes ->Flash cache emptied: 164443 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 59424234 bytes RecycleBin emptied: 8439555029 bytes Total Files Cleaned = 9.003,00 mb OTL by OldTimer - Version 3.2.60.0 log created on 09062012_222253 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. File\Folder C:\Windows\temp\hsperfdata_R-HP$\392 not found! PendingFileRenameOperations files... Registry entries deleted on Reboot... Was ist eigentlich mit den Angaben aus Firefox about:config, die ich weiter oben gepostet habe? Wenn ich in about config suche finde ich immer noch Einträge zu babylon toolbar. Ich habe im Firfox bisher lediglich Eintröge zum Ziel der Url überschrieben gehabt. Aus Chrome scheint babylon jetzt entfernt zu sein. Nachtrag: Wenn ich den Chrome in der Sandbox öffne habe ich wieder den babylon search. Geändert von Eispirat11 (06.09.2012 um 21:33 Uhr) |
|
07.09.2012, 13:01
| #10 | |
| /// Selecta Jahrusso | babylon search entfernen adwcleaner_logfileZitat:
Ehrlich, ich hab keine Ahnung, wie man das aus nem Sandbox Profil entfernen soll. Da musste wohl selber Hand anlegen auf try and error basis.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
07.09.2012, 13:26
| #11 |
| | babylon search entfernen adwcleaner_logfile Hey, immerhin habt ihr mehr Ahnung als ich. Ich würde am Ende schon gerne alles los sein. Ich versuche mich nach den letzten Erfahrungen schon deutlich vorsichtiger im Netz zu bewegen. Bei diesem Babylon habe ich mal wieder zu schnell geklickt, dabei war das irgendeine eigentlich vertrauenswürdige Freeware die ich ausprobieren wollte. Normalerweise lassen sich irgendwelche Toolbars ja relativ sauber wieder deinstallieren. Ich würde ja gerne selber Hand anlegen, aber wie macht man das. Muss ich nur in der Registry bei regedit allle babylon Einträge löschen, oder wie geht das. Ich habe da leider keine tiefergehenden Kentnisse. Leider hilft es ja auch nicht die Programme zu deinstallieren und neu zu installieren. Welche Tipps hast Du für mich? |
|
08.09.2012, 17:12
| #12 | |
| /// Selecta Jahrusso | babylon search entfernen adwcleaner_logfileZitat:
 Falls du dein System mal schrottest, helfe ich bestimmt nicht. man kann niemals alles entfernen. Das würde für uns zuviel sinnfreie Arbeit machen. Chrome neues Benutzerprofil anlegen versucht ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
08.09.2012, 18:31
| #13 |
| | babylon search entfernen adwcleaner_logfile Also echt, ich mache nur sachen die mir sicher und sinnvoll erscheinen. Wenn man im Firefox about:config aufruft wird man ja darauf hingewiesen vorsichtig zu sein. Das bin ich auch. Die Startseiten URL zu ändern finde ich nicht gefährlich. Viel mehr hab ich da nicht gemacht. Nach Einträgen zu suchen verändert ja auch noch nichts. Die Lister der Einträge hatte ich gepostet. Wie schon gesagt möchte ich den Sch... gerne weitgehend los werden. Ich weiß halt nicht was die Einträge bedeuten und ob da irgend jemand meine Browserdaten sammelt. Wenn die Einträge nichts tun können Sie da ja rumliegen, nichts dagegen. Das mit dem Browserprofil werde ich mir mal anschauen. |
|
| Themen zu babylon search entfernen adwcleaner_logfile |
| babylon search, babylon search entfernen, benutzer, betriebssystem, browser, datei, dateien, dienste, entfernen, explorer, files, firefox, google, internet, internet browser, internet explorer, logfile, microsoft, modus, mozilla, normaler modus, ordner, registrierungsdatenbank, search, service, software, start, suche, windows, windows 7 |
Textbox.
Linear-Darstellung
