|
Log-Analyse und Auswertung: Trojan.Dropper/Gen @schrauberWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.09.2012, 09:31 | #1 |
| Trojan.Dropper/Gen @schrauber Da mein Problem bereits im HijackThis Forum von schrauber betreut wurde, er dort aber nicht mehr aktiv ist, ich mein Problem aber gerne gelöst hätte setze ich mein Thema hier fort. =) Dann kommt hier also die nächste Ladung Logfiles! =) Combofix Code:
ATTFilter ComboFix 12-09-22.02 - Lisa 22.09.2012 19:35:31.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.1743 [GMT 2:00] ausgeführt von:: c:\users\Lisa\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\users\Lisa\Desktop\CFScript.txt AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2012-08-22 bis 2012-09-22 )))))))))))))))))))))))))))))) . . 2012-09-22 17:46 . 2012-09-22 17:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-22 11:25 . 2012-09-22 11:26 -------- d-----w- c:\program files\Common Files\Adobe 2012-09-22 11:08 . 2012-09-22 11:08 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-09-21 13:47 . 2012-08-30 08:17 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE101F67-4C5B-4C3B-992F-D5D7C61D6BC2}\mpengine.dll 2012-09-20 14:13 . 2012-09-20 14:13 -------- d-----w- c:\program files\Apple Software Update 2012-09-20 13:03 . 2012-09-20 13:03 -------- d-----w- c:\users\Lisa\AppData\Local\DDMSettings 2012-09-14 01:02 . 2012-09-14 01:02 -------- d-----w- c:\program files\Common Files\Skype 2012-09-11 05:43 . 2012-09-11 05:43 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-22 11:29 . 2012-04-11 14:28 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-22 11:29 . 2011-05-19 06:23 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-22 11:08 . 2012-07-06 18:22 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-22 11:08 . 2010-05-20 13:32 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-04 14:02 . 2012-08-16 01:01 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-06-27 15:59 . 2012-08-15 11:48 834048 ----a-w- c:\windows\system32\wininet.dll 2012-06-27 14:15 . 2012-08-15 11:48 389632 ----a-w- c:\windows\system32\html.iec 2012-06-27 13:49 . 2012-08-15 11:48 1383424 ----a-w- c:\windows\system32\mshtml.tlb 2012-09-11 05:43 . 2011-05-02 16:04 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-09-11 10:10 . 2009-12-14 01:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-10 4780928] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-06-30 196608] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-08-05 3563520] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-11 30192] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635] "PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-29 442460] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] . c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024] OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-5-2 1211472] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-08 11:31 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-10-22 12:58 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Google Update"="c:\users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe" /c . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhalt des "geplante Tasks" Ordners . 2012-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 11:29] . 2012-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2949012238-524043334-3398503266-1000Core.job - c:\users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 19:33] . 2012-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2949012238-524043334-3398503266-1000UA.job - c:\users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 19:33] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.searchplusnetwork.com/?sp=vit4 uInternet Settings,ProxyOverride = 192.168.*.* IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\h9pgwyk3.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2012-09-22 19:46 Windows 6.0.6002 Service Pack 2 NTFS . Scanne versteckte Prozesse... . [838916096] 0x00320033 . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'Explorer.exe'(1540) c:\windows\system32\btmmhook.dll . Zeit der Fertigstellung: 2012-09-22 19:55:26 ComboFix-quarantined-files.txt 2012-09-22 17:55 ComboFix2.txt 2012-09-22 10:58 . Vor Suchlauf: 13 Verzeichnis(se), 72.888.553.472 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 72.863.035.392 Bytes frei . - - End Of File - - 14E49C846C7B7946EACA283067BAD341 Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.22.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 Lisa :: LISA-PC [Administrator] 22.09.2012 20:43:27 mbam-log-2012-09-23 (00-30-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|L:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 410839 Laufzeit: 3 Stunde(n), 36 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\Environment|AVAPP (Rogue.PersonalAntiVirus) -> Daten: C:\Program Files\PersonalAV -> Keine Aktion durchgeführt. HKCU\Environment|AVUNINST (Rogue.PersonalAntiVirus) -> Daten: C:\Program Files\Common Files\Uninstall\PersonalAV\Uninstall.lnk -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 8 C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-2949012238-524043334-3398503266-1000\$14f73b0475fc59f6cbd2e679b5c32ffe\n.vir (Rootkit.0Access) -> Keine Aktion durchgeführt. C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-2949012238-524043334-3398503266-1000\$14f73b0475fc59f6cbd2e679b5c32ffe\U\80000000.@.vir (Trojan.Small) -> Keine Aktion durchgeführt. C:\Qoobox\Quarantine\C\$Recycle.Bin\S-1-5-21-2949012238-524043334-3398503266-1000\$14f73b0475fc59f6cbd2e679b5c32ffe\U\800000cb.@.vir (Rootkit.0Access) -> Keine Aktion durchgeführt. C:\Users\Lisa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4c321ea4-2e582102 (Trojan.Zbot) -> Keine Aktion durchgeführt. C:\Users\Lisa\Music\Sony Vegas 7 + DVD Architect 4 + keygen\Sony Vegas 7 + DVD Architect 4 + keygen\DVD Architect 4.0.125\Sony DVD Architect v4.0 Keygen.exe (Trojan.Downloader) -> Keine Aktion durchgeführt. C:\Users\Lisa\Music\Sony Vegas 7 + DVD Architect 4 + keygen\Sony Vegas 7 + DVD Architect 4 + keygen\Vegas 7.0a\Sony Vegas v7.0a Keygen.exe (Trojan.Downloader) -> Keine Aktion durchgeführt. C:\Windows\Installer\MSIA4F0.tmp (HackTool.Hiderun) -> Keine Aktion durchgeführt. C:\Windows\kdiue732.txt (Malware.Trace) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter C:\Users\Lisa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\3dfc430f-6273dabe a variant of Win32/Injector.OYM trojan C:\Users\Lisa\Downloads\BestVideoDownloaderSetup.exe probably a variant of Win32/Adware.EHJCQJF application C:\Users\Lisa\Downloads\SoftonicDownloader_for_free-pdf-unlocker.exe a variant of Win32/SoftonicDownloader.E application C:\Users\Lisa\Downloads\SoftonicDownloader_fuer_foxit-pdf-reader.exe a variant of Win32/SoftonicDownloader.E application C:\Users\Lisa\Downloads\SoftonicDownloader_fuer_pdf-xchange-viewer.exe a variant of Win32/SoftonicDownloader.E application Code:
ATTFilter OTL logfile created on: 23.09.2012 14:16:25 - Run 2 OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Lisa\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 48,34% Memory free 6,19 Gb Paging File | 4,54 Gb Available in Paging File | 73,28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287,92 Gb Total Space | 68,43 Gb Free Space | 23,77% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 4,99 Gb Free Space | 49,89% Space Free | Partition Type: NTFS Computer Name: LISA-PC | User Name: Lisa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.22 13:29:46 | 001,807,280 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe PRC - [2012.09.21 20:24:58 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe PRC - [2012.09.11 07:43:58 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012.09.10 19:36:52 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE PRC - [2012.08.08 17:25:08 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.08 18:23:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 18:23:04 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 18:23:04 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.05.21 01:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.21 01:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2009.05.21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.08.29 14:23:48 | 000,442,460 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2008.08.29 14:23:46 | 000,225,362 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\stacsv.exe PRC - [2008.08.29 14:23:40 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\AEstSrv.exe PRC - [2008.08.14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe PRC - [2008.07.15 11:12:48 | 001,226,024 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe PRC - [2008.06.30 12:28:24 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe PRC - [2008.06.30 12:28:14 | 000,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2008.06.30 12:28:12 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2008.06.30 12:28:12 | 000,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2008.06.05 15:26:36 | 001,804,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2008.06.05 15:26:36 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.06.03 15:54:56 | 000,446,635 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe PRC - [2008.05.02 14:57:00 | 001,211,472 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2008.05.02 14:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2008.05.02 00:41:38 | 000,136,488 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe PRC - [2008.05.02 00:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe PRC - [2008.01.14 10:13:02 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe ========== Modules (No Company Name) ========== MOD - [2012.09.22 13:29:46 | 009,813,424 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_278.dll MOD - [2012.09.11 07:43:57 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012.06.15 03:39:13 | 015,881,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\35d5c990de9a4f3960faa37e2cc1f50f\MenuSkinning.ni.dll MOD - [2012.06.15 03:38:58 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll MOD - [2012.06.15 03:38:41 | 002,261,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\e510ac58495dd599fac0176a996c793b\DellDock.ni.exe MOD - [2012.06.15 03:38:41 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\1802136e1ae5bc81fb17204ea694bc00\VistaBridgeLibrary.ni.dll MOD - [2012.06.15 03:38:39 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\d47ab8d1043612fbc28fd67ff61e15cb\MyDock.Util.ni.dll MOD - [2012.06.15 03:36:50 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll MOD - [2012.06.15 03:36:41 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll MOD - [2012.05.15 20:27:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll MOD - [2012.05.15 20:27:04 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll MOD - [2012.05.15 20:26:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll MOD - [2012.05.15 20:26:46 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll MOD - [2012.05.15 20:09:17 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll MOD - [2012.05.15 20:06:44 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll MOD - [2012.05.15 20:06:12 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll MOD - [2010.09.11 12:10:40 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll MOD - [2010.05.04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.10.22 14:42:44 | 001,679,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3019.36912__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008.10.22 14:42:44 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3019.36870__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008.10.22 14:42:44 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3019.36924__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008.10.22 14:42:44 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3019.37100__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008.10.22 14:42:44 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3019.37065__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008.10.22 14:42:44 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3019.36904__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008.10.22 14:42:44 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3019.37022__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008.10.22 14:42:44 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3019.36890__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008.10.22 14:42:43 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3019.37131__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008.10.22 14:42:30 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3019.37072__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008.10.22 14:42:30 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3019.37130__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2008.10.22 14:42:30 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3019.37137__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008.10.22 14:42:30 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3019.37079__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008.10.22 14:42:30 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3019.36884__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008.10.22 14:42:30 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3019.37071__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008.10.22 14:42:29 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3019.37030__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008.10.22 14:42:29 | 000,585,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3019.36936__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008.10.22 14:42:29 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3019.36891__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008.10.22 14:42:29 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3019.37092__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008.10.22 14:42:29 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3019.36930__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008.10.22 14:42:29 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3019.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008.10.22 14:42:29 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3019.37029__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008.10.22 14:42:29 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3019.37129__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008.10.22 14:42:29 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3019.37044__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008.10.22 14:42:28 | 000,479,232 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3019.37023__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008.10.22 14:42:28 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3019.37015__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2008.10.22 14:42:28 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3019.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2008.10.22 14:42:28 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3019.36943__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2008.10.22 14:42:28 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3019.37022__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008.10.22 14:42:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3019.36942__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008.10.22 14:42:28 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3019.37029__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008.10.22 14:42:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008.10.22 14:42:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3019.37058__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008.10.22 14:42:28 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2939.23667__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008.10.22 14:42:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2939.23717__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008.10.22 14:42:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008.10.22 14:42:28 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2939.23679__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008.10.22 14:42:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008.10.22 14:42:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2939.23767__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008.10.22 14:42:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2939.23710__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008.10.22 14:42:28 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2939.23768__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008.10.22 14:42:28 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008.10.22 14:42:27 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008.10.22 14:42:27 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2939.23689__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008.10.22 14:42:27 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2939.23743__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008.10.22 14:42:27 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2939.23740__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008.10.22 14:42:27 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008.10.22 14:42:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2939.23764__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008.10.22 14:42:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008.10.22 14:42:27 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2939.23763__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008.10.22 14:42:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2939.23693__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008.10.22 14:42:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2939.23687__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008.10.22 14:42:27 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2939.23679__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008.10.22 14:42:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2939.23717__90ba9c70f846762e\DEM.OS.dll MOD - [2008.10.22 14:42:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2008.10.22 14:42:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2939.23718__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008.10.22 14:42:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008.10.22 14:42:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2939.23688__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008.10.22 14:42:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2939.23734__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008.10.22 14:42:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2939.23718__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008.10.22 14:42:26 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2965.22300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008.10.22 14:42:26 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2939.23739__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008.10.22 14:42:26 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2939.23738__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008.10.22 14:42:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2939.23742__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008.10.22 14:42:26 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2939.23708__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008.10.22 14:42:26 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2939.23735__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008.10.22 14:42:26 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008.10.22 14:42:26 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2939.23741__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008.10.22 14:42:26 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2939.23711__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008.10.22 14:42:26 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2939.23665__90ba9c70f846762e\AEM.Foundation.dll MOD - [2008.10.22 14:42:26 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008.10.22 14:42:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2939.23719__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008.10.22 14:42:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2939.23709__90ba9c70f846762e\APM.Foundation.dll MOD - [2008.10.22 14:42:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2939.23687__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008.10.22 14:42:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3019.37147__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008.10.22 14:42:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2939.23677__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2008.10.22 14:42:22 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3019.36862__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008.10.22 14:42:21 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3019.36878__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008.10.22 14:42:21 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3019.36897__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008.10.22 14:42:21 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3019.37122__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008.10.22 14:42:21 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3019.36862__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008.10.22 14:42:21 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3019.36863__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008.10.22 14:42:21 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3019.37121__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008.10.22 14:42:21 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2939.23713__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008.10.22 14:42:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2939.23678__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008.10.22 14:42:21 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2939.23689__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008.10.22 14:42:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008.10.22 14:42:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3019.37122__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008.10.22 14:42:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.10.22 14:42:21 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2939.23694__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008.10.22 14:42:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008.10.22 14:42:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2939.23711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008.10.22 14:42:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2939.23746__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008.10.22 14:42:20 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3019.36861__90ba9c70f846762e\APM.Server.dll MOD - [2008.10.22 14:42:20 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3019.36862__90ba9c70f846762e\AEM.Server.dll MOD - [2008.09.16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2008.08.05 14:16:20 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll MOD - [2008.06.05 15:19:56 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2008.05.04 10:42:20 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll ========== Services (SafeList) ========== SRV - [2012.09.22 13:29:47 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.11 07:43:57 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.10 19:36:52 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 18:23:06 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 18:23:04 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2008.10.22 14:58:55 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2008.08.29 14:23:46 | 000,225,362 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\stacsv.exe -- (STacSV) SRV - [2008.08.29 14:23:40 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\AEstSrv.exe -- (AESTFilters) SRV - [2008.08.14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SRV - [2008.05.02 14:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2008.05.02 00:40:44 | 003,032,360 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Lisa\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2012.05.08 18:23:06 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 18:23:06 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.12.09 13:40:20 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.08.04 14:19:30 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.08.04 14:19:30 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2011.02.18 06:47:42 | 000,066,112 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2010.12.21 07:55:02 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm) DRV - [2010.12.21 07:55:02 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bserd.sys -- (ss_bserd) DRV - [2010.12.21 07:55:02 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) DRV - [2010.12.21 07:55:02 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV - [2010.08.13 10:50:41 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.08.13 10:50:40 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.21 16:19:16 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009.06.22 16:58:24 | 000,022,016 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ndisrd.sys -- (NdisrdMP) DRV - [2009.06.22 16:58:24 | 000,022,016 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ndisrd.sys -- (Ndisrd) DRV - [2008.08.29 14:23:50 | 000,382,976 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2008.08.05 14:16:06 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2008.07.28 09:14:08 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd) DRV - [2008.07.28 09:14:06 | 000,277,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid) DRV - [2008.06.30 12:28:10 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008.05.04 10:42:18 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2008.05.04 10:42:18 | 003,548,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.03.17 22:14:52 | 000,015,144 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV - [2008.03.14 14:46:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2008.03.13 13:41:12 | 000,203,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) DRV - [2008.03.13 13:34:40 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2008.03.13 13:34:38 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.03.13 13:34:36 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2) DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2008.01.15 22:11:46 | 000,013,480 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2007.02.16 21:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2007.02.16 02:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DADE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchplusnetwork.com/?sp=vit4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7GPEA_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=zcw3jFF8VYr3DxmOuZAhGZXeTKs?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.* ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledAddons: rikaichan-jpde@polarcloud.com:2.01.111113 FF - prefs.js..extensions.enabledAddons: rikaichan-jpen@polarcloud.com:2.01.111113 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Lisa\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\Lisa\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.12 11:39:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.22 12:33:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.22 13:26:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.22 12:33:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.22 13:26:53 | 000,000,000 | ---D | M] [2008.12.24 21:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\Extensions [2012.09.22 12:33:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\h9pgwyk3.default\extensions [2012.08.06 00:57:07 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\h9pgwyk3.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2012.09.15 23:35:13 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\h9pgwyk3.default\extensions\ich@maltegoetz.de [2009.04.17 18:55:16 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\h9pgwyk3.default\extensions\moveplayer@movenetworks.com [2011.11.15 18:38:27 | 000,000,000 | ---D | M] (Rikaichan Japanese-German Dictionary File) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\h9pgwyk3.default\extensions\rikaichan-jpde@polarcloud.com [2011.11.15 18:36:49 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\h9pgwyk3.default\extensions\rikaichan-jpen@polarcloud.com [2012.09.17 18:37:15 | 000,593,262 | ---- | M] () (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\h9pgwyk3.default\extensions\toolbar@gmx.net.xpi [2012.02.23 12:10:25 | 000,000,933 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\h9pgwyk3.default\searchplugins\11-suche.xml [2012.02.23 12:10:25 | 000,002,419 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\h9pgwyk3.default\searchplugins\englische-ergebnisse.xml [2012.02.23 12:10:25 | 000,010,525 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\h9pgwyk3.default\searchplugins\gmx-suche.xml [2012.09.17 16:26:10 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\h9pgwyk3.default\searchplugins\icqplugin-1.xml [2011.08.25 21:41:52 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\h9pgwyk3.default\searchplugins\icqplugin-10.xml [2010.09.11 22:08:50 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\h9pgwyk3.default\searchplugins\icqplugin-2.xml [2010.10.22 12:41:27 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\h9pgwyk3.default\searchplugins\icqplugin-3.xml [2010.10.29 14:11:19 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\h9pgwyk3.default\searchplugins\icqplugin-4.xml [2010.11.19 15:52:45 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\h9pgwyk3.default\searchplugins\icqplugin-5.xml [2011.03.03 12:29:13 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\h9pgwyk3.default\searchplugins\icqplugin-6.xml [2011.03.07 23:15:38 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\h9pgwyk3.default\searchplugins\icqplugin-7.xml [2011.03.24 11:50:15 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\h9pgwyk3.default\searchplugins\icqplugin-8.xml [2011.05.02 18:05:49 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\h9pgwyk3.default\searchplugins\icqplugin-9.xml [2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\h9pgwyk3.default\searchplugins\icqplugin.xml [2012.02.23 12:10:25 | 000,002,457 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\h9pgwyk3.default\searchplugins\lastminute.xml [2012.02.23 12:10:25 | 000,005,508 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\mozilla\firefox\profiles\h9pgwyk3.default\searchplugins\webde-suche.xml [2012.03.21 01:02:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.07.27 17:52:34 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2009.09.08 04:14:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.09.11 07:43:58 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.03 20:02:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.11 07:43:55 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.03 20:02:28 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.03 20:02:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.03 20:02:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.03 20:02:28 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com O1 HOSTS File: ([2012.09.22 12:56:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C43ED4C-9D45-4C06-B241-D371671568C8}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8678BE45-6EFB-4A65-87B0-F99722BE629D}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.23 11:06:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.09.23 11:06:23 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Lisa\Desktop\esetsmartinstaller_enu.exe [2012.09.22 20:42:46 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes [2012.09.22 20:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.22 20:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.22 20:41:54 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Lisa\Desktop\mbam-setup-1.65.0.1400.exe [2012.09.22 19:55:40 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.09.22 19:54:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.09.22 14:39:46 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lisa\Desktop\tdsskiller.exe [2012.09.22 14:37:52 | 000,751,391 | ---- | C] (Farbar) -- C:\Users\Lisa\Desktop\MiniToolBox.exe [2012.09.22 13:31:39 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\exe [2012.09.22 13:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.09.22 13:25:18 | 000,000,000 | ---D | C] -- C:\Config.Msi [2012.09.22 13:09:03 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.09.22 13:08:48 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.09.22 13:08:48 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.09.22 13:08:48 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.09.22 12:43:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.09.22 12:43:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.09.22 12:43:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.09.22 12:43:09 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.09.22 12:42:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.09.22 12:40:33 | 004,754,913 | R--- | C] (Swearware) -- C:\Users\Lisa\Desktop\ComboFix.exe [2012.09.21 20:24:56 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe [2012.09.21 19:07:20 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Lisa\Desktop\HiJackThis204.exe [2012.09.20 16:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.09.20 16:13:00 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2012.09.20 15:03:10 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\DDMSettings [2012.09.14 03:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.14 03:02:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype ========== Files - Modified Within 30 Days ========== [2012.09.23 13:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.23 13:27:06 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2949012238-524043334-3398503266-1000UA.job [2012.09.23 13:27:06 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2949012238-524043334-3398503266-1000Core.job [2012.09.23 12:56:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.23 12:56:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.23 11:06:24 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Lisa\Desktop\esetsmartinstaller_enu.exe [2012.09.23 10:56:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.23 10:56:07 | 3219,103,744 | -HS- | M] () -- C:\hiberfil.sys [2012.09.23 00:33:56 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.09.22 20:42:31 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.22 20:41:55 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Lisa\Desktop\mbam-setup-1.65.0.1400.exe [2012.09.22 16:32:46 | 004,754,913 | R--- | M] (Swearware) -- C:\Users\Lisa\Desktop\ComboFix.exe [2012.09.22 14:39:50 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lisa\Desktop\tdsskiller.exe [2012.09.22 14:37:59 | 000,751,391 | ---- | M] (Farbar) -- C:\Users\Lisa\Desktop\MiniToolBox.exe [2012.09.22 13:29:46 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.09.22 13:29:46 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.09.22 13:26:53 | 000,001,854 | ---- | M] () -- C:\Users\Lisa\Documents\Adobe Reader X.lnk [2012.09.22 13:08:24 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.09.22 13:08:17 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.09.22 13:08:17 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.09.22 13:08:17 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.09.22 13:08:17 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.09.22 13:08:17 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.09.22 12:56:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.09.22 11:31:16 | 000,512,737 | ---- | M] () -- C:\Users\Lisa\Desktop\adwcleaner.exe [2012.09.22 11:29:06 | 000,007,052 | ---- | M] () -- C:\Users\Lisa\AppData\Local\d3d9caps.dat [2012.09.21 21:07:42 | 000,302,592 | ---- | M] () -- C:\Users\Lisa\Desktop\pcqm4gzm.exe [2012.09.21 20:58:46 | 358,165,621 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.09.21 20:24:58 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe [2012.09.21 19:07:22 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lisa\Desktop\HiJackThis204.exe [2012.09.19 17:13:45 | 000,037,894 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\wklnhst.dat [2012.09.14 15:15:43 | 000,001,849 | ---- | M] () -- C:\Users\Lisa\Documents\Adobe Reader 9.lnk [2012.09.14 03:02:01 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.09.11 18:39:55 | 000,115,712 | ---- | M] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.09.22 20:42:31 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.22 13:26:53 | 000,001,854 | ---- | C] () -- C:\Users\Lisa\Documents\Adobe Reader X.lnk [2012.09.22 13:26:53 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.09.22 12:43:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.09.22 12:43:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.09.22 12:43:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.09.22 12:43:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.09.22 12:43:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.09.22 11:31:09 | 000,512,737 | ---- | C] () -- C:\Users\Lisa\Desktop\adwcleaner.exe [2012.09.21 21:58:34 | 000,030,259 | ---- | C] () -- C:\Users\Lisa\Desktop\hjtscanlist.bat [2012.09.21 21:07:40 | 000,302,592 | ---- | C] () -- C:\Users\Lisa\Desktop\pcqm4gzm.exe [2012.09.20 16:13:00 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.09.14 15:15:43 | 000,001,849 | ---- | C] () -- C:\Users\Lisa\Documents\Adobe Reader 9.lnk [2012.09.14 03:02:01 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.08.09 19:52:26 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI [2012.02.18 17:10:19 | 000,001,461 | ---- | C] () -- C:\Windows\eReg.dat [2011.03.08 14:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.03.08 14:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.03.08 14:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.03.08 14:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.01.16 21:14:52 | 000,000,552 | ---- | C] () -- C:\Users\Lisa\AppData\Local\d3d8caps.dat [2010.10.31 14:41:35 | 000,000,109 | ---- | C] () -- C:\Users\Lisa\webct_upload_applet.properties [2009.07.20 12:56:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.03.30 19:45:06 | 000,135,025 | ---- | C] () -- C:\Users\Lisa\creeping_death_ver4.gp5 [2009.03.30 19:41:51 | 000,070,586 | ---- | C] () -- C:\Users\Lisa\i_never_told_you_what_i_do_for_a_living_ver2.gp5 [2008.12.25 02:32:18 | 000,007,052 | ---- | C] () -- C:\Users\Lisa\AppData\Local\d3d9caps.dat [2008.12.24 23:07:27 | 000,037,894 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\wklnhst.dat [2008.12.24 22:28:33 | 000,115,712 | ---- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2011.08.15 18:31:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\LocalLow\Microsoft\Silverlight\is\bpivbmfj.gdu\pin2gvtq.noh\1\l [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini ========== LOP Check ========== [2010.10.19 20:11:18 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\.anki [2012.08.11 12:49:41 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\7-PDFSplitMerge [2009.04.13 15:37:15 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Atari [2012.08.11 12:51:48 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\BrowserCompanion [2012.02.20 16:11:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\DAEMON Tools Pro [2010.06.22 02:08:34 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Facebook [2012.08.09 19:35:04 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit Software [2011.01.27 22:25:07 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FrostWire [2012.03.07 16:26:19 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Image Zone Express [2010.11.19 17:53:40 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\OpenOffice.org [2012.01.18 18:00:25 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Printer Info Cache [2012.03.12 16:28:13 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Samsung [2008.12.24 23:07:37 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Template [2012.03.04 12:36:03 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TuneUp Software [2010.08.13 11:02:21 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Ubisoft ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.09.2012 14:16:25 - Run 2 OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Lisa\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 48,34% Memory free 6,19 Gb Paging File | 4,54 Gb Available in Paging File | 73,28% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 287,92 Gb Total Space | 68,43 Gb Free Space | 23,77% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 4,99 Gb Free Space | 49,89% Space Free | Partition Type: NTFS Computer Name: LISA-PC | User Name: Lisa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{A72DF9C8-8994-4694-B834-11279C3D56DD}" = lport=2869 | protocol=6 | dir=in | app=system | "{EFEB7C94-0200-4949-8D75-F99CCB8B125E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{044D265D-E9DF-494D-8960-31AB4E64FAB4}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | "{0B49300F-4ABA-4812-B5CF-A32FFD8A9E9A}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | "{2B83DD39-346E-4650-8CC9-354858A7D0BA}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{2E42CDF3-F3CD-426E-A7A8-4C69DD881F4C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{39B32995-0630-4608-8CA0-32A591B53A9A}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe | "{3D95D870-9AC0-47FF-BBF9-F6571EA3CE02}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{418A3B04-2C1A-4825-A8BC-84168EEE0C6C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{4C4EE40B-0E6B-4E70-89FF-FA6370209ADB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{4D861AD8-1FBF-42AA-83DD-0E8678290C88}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe | "{5BF40C42-B869-4A8F-BF8F-9DAA254A1657}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe | "{6545A5EC-1C0D-47EE-B581-FC46FED95BCA}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | "{69C79727-B653-4E42-B38B-81DCEC7E5D41}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{6B014B94-64A2-4CF4-99BA-9CE39F066850}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{7C7F4C4A-A523-4895-BBFF-B7F4A93F8A72}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe | "{9B441862-2E8A-4D22-BDC7-B1BF67FE5DDF}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | "{A0C7246A-0882-4D22-970F-9515576A0FFC}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | "{A32A7B0E-4D50-43BB-AA76-F3C5553F2DEA}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | "{A7AB3FDD-C1C1-4D2D-BE50-ECD8A10EA8D4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{B52DA7DA-E33D-428E-B2D9-7B0F0EFB4A20}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | "{CA70FC33-7FB4-46D7-9674-58AC4EF2ACC4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{CF7EFF56-6902-4F2F-97C1-AF2046E77247}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{CFA18194-3F7A-4A3C-8DDC-541B0FAC1D51}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{D8531087-E04F-40EE-877E-72779DC6B103}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{D96D16AC-A471-4881-B63D-B9F07C3910CE}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe | "TCP Query User{3F2E4DC7-2357-4706-99AD-C6C82AB7C3A5}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | "TCP Query User{4DEF032E-8FAD-4192-9A35-41830B09EE2A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{6268D2C6-125B-4076-8A3B-84FA5F861F36}C:\program files\gameforge\nclauncher\nclauncher.exe" = protocol=6 | dir=in | app=c:\program files\gameforge\nclauncher\nclauncher.exe | "TCP Query User{7230E34E-0F15-4D14-9D3B-30890BF18C95}C:\users\lisa\appdata\local\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\users\lisa\appdata\local\google\google earth\client\googleearth.exe | "TCP Query User{A5280345-B066-4F6B-AA11-33BFCC18EB9C}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{B14F9705-3EC0-4307-8A08-7EB2451DC8F5}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{C2FE58EC-EC94-4119-B9A2-AD11EC800A6A}C:\users\lisa\appdata\local\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\users\lisa\appdata\local\google\google earth\client\googleearth.exe | "TCP Query User{FDBE9A9E-1832-4308-8DCD-6A0B786B5584}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{2010BAA0-2A28-4C30-AC0C-32D32E307460}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{2E9494C3-57DA-47D8-9ACD-F3A12B1665C0}C:\users\lisa\appdata\local\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\users\lisa\appdata\local\google\google earth\client\googleearth.exe | "UDP Query User{4E3930C1-7D65-41B0-BF25-B261EDB7202C}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | "UDP Query User{72EEADB6-F2A1-4D54-A53C-C6711712BC77}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{74034494-C535-476C-8F3D-0EE72F8D9233}C:\users\lisa\appdata\local\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\users\lisa\appdata\local\google\google earth\client\googleearth.exe | "UDP Query User{982D53E3-FBD2-464B-8C39-3927C0CF159A}C:\program files\gameforge\nclauncher\nclauncher.exe" = protocol=17 | dir=in | app=c:\program files\gameforge\nclauncher\nclauncher.exe | "UDP Query User{D2CEFC00-027A-42B2-BFED-E6F1AC629F60}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{ED4E1030-C601-412F-AE34-2F099C67335A}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402 "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{05A677ED-F6EB-C225-0852-C8EDA143F637}" = Catalyst Control Center Core Implementation "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1339C679-8EBD-A264-F51B-8AFF9E5178AB}" = Catalyst Control Center Localization Chinese Standard "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer "{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{33D38429-A417-2939-F2ED-68B02C60524B}" = CCC Help Italian "{348982C0-1053-041B-90E9-27E52C5CBAC4}" = Catalyst Control Center Localization Chinese Traditional "{3683198D-D48D-8F78-D544-E0CEEDA9A5AD}" = Catalyst Control Center Localization Norwegian "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{39874C29-6A64-A5E4-15E8-48CAB1630758}" = Catalyst Control Center Graphics Full New "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere "{497CDC20-F32E-B732-D5A7-C508832901B1}" = Catalyst Control Center Localization Italian "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding "{4E8B4C51-20A4-A946-F2FD-361E1E64CBFE}" = Catalyst Control Center Localization Dutch "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{6009F2FC-EC56-4e28-B91C-0BA5104D6419}" = SF_CDA_Software "{601F42A9-8B4F-4650-A472-4CA8325E3E87}" = D6100 "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{66E07661-1C3B-EBB3-DDD7-CA2D9CF728E5}" = CCC Help Chinese Standard "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67192DDF-D12C-7C14-0891-1999A8322D9A}" = ccc-core-static "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{693C5CAC-E43C-4A5F-0793-DB1A91576F00}" = Catalyst Control Center Localization Swedish "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs "{6BA2D1B0-0892-AF53-1542-767C1B1B558F}" = CCC Help German "{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2 "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{706136D4-648C-92B9-FF9E-BDAC45C977CB}" = CCC Help Norwegian "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{714B6179-84C4-4FBE-B934-B6CF75ED37A5}" = D6100_D7100_D7300_Help "{732784F2-BBB3-AF93-F0F8-2B28D93F023E}" = Catalyst Control Center Localization Finnish "{75554025-5756-D2A8-E12A-3996A174E1AF}" = Catalyst Control Center Localization German "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7842F022-6597-76DA-4DE4-DA3FBD82ECF2}" = Skins "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A4CE9D2-DC5E-4B5B-0ED2-A2F66E76DD52}" = CCC Help Russian "{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business "{7BE855E5-8130-A624-1C47-D5EB13FA6DF2}" = Catalyst Control Center Graphics Previews Vista "{7D712AFE-2D7C-13B8-DEB7-BA8A28FED665}" = Catalyst Control Center Localization Danish "{7E00AAF2-89F3-F7FC-A8F2-8C651449671E}" = CCC Help English "{828816F4-629A-233E-DB02-A6F8BD004643}" = Catalyst Control Center Localization Portuguese "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90601456-1F28-AD6C-C1CE-740526D3BC27}" = Catalyst Control Center Localization French "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{9718521B-A345-4ad9-A52B-74D1435FB708}" = SF_CDA_ProductContext "{975F5675-8FC8-04A8-92CD-4653BD12282F}" = CCC Help French "{97900633-AADE-35DC-A424-21380BFC5431}" = Catalyst Control Center Graphics Previews Common "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{981DE354-9301-440f-AAFC-025AA2354A93}" = HP Deskjet & Photosmart Printer Driver Software 8.0.A "{98C948A6-5498-9DEE-BA4C-74B0A96CB521}" = CCC Help Danish "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A7969E95-7E39-A1AC-2D6F-85531D8A371D}" = CCC Help Japanese "{A9C78107-7CBC-B05B-083B-562FA9C1EA0B}" = CCC Help Portuguese "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay "{BB883D70-5B1D-9430-E626-7F495925590D}" = Catalyst Control Center Localization Spanish "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet "{C49E407D-A6A0-6F9A-767D-67387EF5523F}" = CCC Help Finnish "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{CBF91610-C661-3464-8831-DA8AE2589DB9}" = Catalyst Control Center Localization Japanese "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D2DB5404-378B-2821-513E-A8F230A0E948}" = ccc-utility "{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI "{D5D92C28-42FB-5E24-DBFA-07232A50D670}" = CCC Help Dutch "{D9DD6E03-ACE1-2503-205E-4FA74267CDC6}" = CCC Help Spanish "{DB549485-9D94-E7AE-2FE7-DCB33A54FBD7}" = Catalyst Control Center Localization Russian "{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update "{DE200E10-45BD-E11E-EC8E-1DAD80EF8EA9}" = Catalyst Control Center Graphics Full Existing "{DEF19AE8-B330-CF2A-AEAA-1E23BBBC7B00}" = CCC Help Chinese Traditional "{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E5BE4931-F31C-2BA0-F06E-4FEC56725673}" = CCC Help Swedish "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EC2C71BB-42DF-6F53-FB23-F7B3B160467B}" = Catalyst Control Center Graphics Light "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F1465B68-4D9A-D412-2528-4F84A681F15C}" = Catalyst Control Center Localization Korean "{F1E18790-4053-4031-483B-80E932CE3910}" = CCC Help Korean "{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife "{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver "{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "Audacity_is1" = Audacity 1.2.6 "Avira AntiVir Desktop" = Avira Free Antivirus "Broadcom 802.11b Network Adapter" = Dienstprogramm für Dell Wireless WLAN Karte "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI "Creative OA001" = Integrated Webcam Driver (1.02.02.0603) "Dell Video Chat" = Dell Video Chat (remove only) "Dell Webcam Central" = Dell Webcam Central "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup" = DivX-Setup "ESET Online Scanner" = ESET Online Scanner v3 "Google Desktop" = Google Desktop "GoToAssist" = GoToAssist 8.0.0.514 "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "InstallShield_{6A9EF6CF-7630-4E33-AE22-7D70F3AF4B05}" = AION Free-To-Play "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Movies" = Movies "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NCLauncher_GameForge" = NC Launcher (GameForge) "Pen Tablet Driver" = Stifttablett "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In "MyFreeCodec" = MyFreeCodec ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 21.09.2012 15:12:12 | Computer Name = Lisa-PC | Source = Perflib | ID = 1010 Description = Error - 22.09.2012 06:36:33 | Computer Name = Lisa-PC | Source = WinMgmt | ID = 10 Description = Error - 22.09.2012 07:06:09 | Computer Name = Lisa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 22.09.2012 07:06:10 | Computer Name = Lisa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 22.09.2012 08:36:39 | Computer Name = Lisa-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 15.0.1.4631 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 17e8 Anfangszeit: 01cd98b593c8b080 Zeitpunkt der Beendigung: 53 Error - 22.09.2012 08:46:07 | Computer Name = Lisa-PC | Source = WinMgmt | ID = 10 Description = Error - 22.09.2012 13:57:37 | Computer Name = Lisa-PC | Source = EventSystem | ID = 4621 Description = Error - 22.09.2012 13:59:33 | Computer Name = Lisa-PC | Source = WinMgmt | ID = 10 Description = Error - 23.09.2012 04:57:51 | Computer Name = Lisa-PC | Source = WinMgmt | ID = 10 Description = Error - 23.09.2012 05:01:41 | Computer Name = Lisa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = Error - 23.09.2012 05:02:12 | Computer Name = Lisa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585 Description = [ Broadcom Wireless LAN Events ] Error - 04.03.2012 07:13:16 | Computer Name = Lisa-PC | Source = WLAN-Tray | ID = 0 Description = 12:13:16, Sun, Mar 04, 12 Error - User "" does not have administrative privileges on this system Error - 21.03.2012 19:15:54 | Computer Name = Lisa-PC | Source = WLAN-Tray | ID = 0 Description = 00:15:54, Thu, Mar 22, 12 Error - User "" does not have administrative privileges on this system Error - 27.03.2012 06:16:24 | Computer Name = Lisa-PC | Source = WLAN-Tray | ID = 0 Description = 12:16:23, Tue, Mar 27, 12 Error - Unable to gain access to user store [ System Events ] Error - 11.05.2009 19:48:44 | Computer Name = Lisa-PC | Source = HTTP | ID = 15016 Description = Error - 12.05.2009 06:51:52 | Computer Name = Lisa-PC | Source = HTTP | ID = 15016 Description = Error - 13.05.2009 07:51:16 | Computer Name = Lisa-PC | Source = HTTP | ID = 15016 Description = Error - 14.05.2009 08:09:12 | Computer Name = Lisa-PC | Source = HTTP | ID = 15016 Description = Error - 14.05.2009 09:16:52 | Computer Name = Lisa-PC | Source = DCOM | ID = 10010 Description = Error - 14.05.2009 13:01:32 | Computer Name = Lisa-PC | Source = HTTP | ID = 15016 Description = Error - 14.05.2009 13:01:41 | Computer Name = Lisa-PC | Source = Print | ID = 54 Description = Das Dokument China.doc.wps konnte nicht gedruckt werden und wurde aufgrund einer Beschädigung an der gespoolten Datei gelöscht. Der zugewiesene Treiber ist "HP Photosmart D6100 series". Versuchen Sie erneut, das Dokument zu drucken. Error - 14.05.2009 15:24:37 | Computer Name = Lisa-PC | Source = BTHUSB | ID = 327697 Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen. Error - 15.05.2009 05:44:26 | Computer Name = Lisa-PC | Source = HTTP | ID = 15016 Description = Error - 16.05.2009 04:44:24 | Computer Name = Lisa-PC | Source = HTTP | ID = 15016 Description = < End of report > |
26.09.2012, 09:45 | #2 |
/// the machine /// TB-Ausbilder | Trojan.Dropper/Gen @schrauber Hi
__________________Den Downloads Ordner bitte leeren, danach Papierkorb leeren. Windows-Taste + R drücken, appwiz.cpl eingeben und enter drücken. Bitte alle alten Java Versionen deinstallieren, ausser Java 7 Update 7. Fixen mit OTL
Code:
ATTFilter :OTL IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=zcw3jFF8VYr3DxmOuZAhGZXeTKs?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.* FF - prefs.js..browser.search.order.1: "Ask" :Commands [emptytemp]
__________________ |
26.09.2012, 13:24 | #3 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Dropper/Gen @schrauber Ähem...
__________________Code:
ATTFilter C:\Users\Lisa\Music\Sony Vegas 7 + DVD Architect 4 + keygen\Sony Vegas 7 + DVD Architect 4 + keygen\DVD Architect 4.0.125\Sony DVD Architect v4.0 Keygen.exe (Trojan.Downloader) -> Keine Aktion durchgeführt. C:\Users\Lisa\Music\Sony Vegas 7 + DVD Architect 4 + keygen\Sony Vegas 7 + DVD Architect 4 + keygen\Vegas 7.0a\Sony Vegas v7.0a Keygen.exe (Trojan.Downloader) -> Keine Aktion durchgeführt.
__________________ |
26.09.2012, 13:33 | #4 |
/// the machine /// TB-Ausbilder | Trojan.Dropper/Gen @schrauber Rofl, gar nicht gesehen, danke Dann muss ich den Support leider an der Stelle beenden...
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
26.09.2012, 13:36 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Dropper/Gen @schrauber Poste lieber das hier: Siehe auch => http://www.trojaner-board.de/95393-c...-software.html Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!! Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein! In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials
__________________ Logfiles bitte immer in CODE-Tags posten |
26.09.2012, 13:39 | #6 |
/// the machine /// TB-Ausbilder | Trojan.Dropper/Gen @schrauber Ich hab ja drauf gehofft dass Du es machst, jetzt kann ich nämlich den Baustein klauen
__________________ --> Trojan.Dropper/Gen @schrauber |
26.09.2012, 13:48 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Dropper/Gen @schrauber Mein Baustein braucht weder Crack noch Keygen
__________________ Logfiles bitte immer in CODE-Tags posten |
26.09.2012, 14:24 | #8 |
| Trojan.Dropper/Gen @schrauber Wow. Das ist mir jetzt extrem peinlich. =/ Ich wusste gar nicht, dass das noch auf meinem Rechner rumspukt. Na ja. Es ist jetzt gelöscht und ich bedanke mich sehr für den Support bis hierher. |
Themen zu Trojan.Dropper/Gen @schrauber |
32 bit, acrobat update, antivir, application/pdf:, audacity, avira, beschädigung, bho, bonjour, desktop, error, farbar, firefox, flash player, hacktool.hiderun, hijack, hijackthis, home, homepage, intranet, kaspersky, keygen, langsam, malware, nodrives, plug-in, problem, programm, recycle.bin, rogue.personalantivirus, scan, security, software, sttray.exe, svchost.exe, system, updates, win32/softonicdownloader.e, windows |