| |
| |||||||
Log-Analyse und Auswertung: Fund JAVA/Dldr.Lamar.GAWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.10.2012, 23:05
| #1 |
 |  Fund JAVA/Dldr.Lamar.GA Hallo vor 3 Tagen habe ich beschlossen mal wieder einen Suchdurchlauf mit Avira zu machen. Hatte davor immer ab und zu mit Malwarebytes gescannt, der hatte aber nichts gefunden. Avira hat beim Scan dann aber gleich mehrere Funde angezeigt. Hier das Log vom 07.10. Code:
ATTFilter Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 7. Oktober 2012 14:03
Es wird nach 4316971 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : JOEL-PC
Versionsinformationen:
BUILD.DAT : 12.0.0.1199 40869 Bytes 07.09.2012 22:14:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 08.08.2012 15:02:41
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 19:28:20
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 19:28:20
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 19:28:20
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 19:27:33
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:31:49
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 19:12:21
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 20:11:20
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 19:00:05
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 19:10:32
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 14:48:12
VBASE007.VDF : 7.11.41.251 2048 Bytes 06.09.2012 14:48:12
VBASE008.VDF : 7.11.41.252 2048 Bytes 06.09.2012 14:48:12
VBASE009.VDF : 7.11.41.253 2048 Bytes 06.09.2012 14:48:12
VBASE010.VDF : 7.11.41.254 2048 Bytes 06.09.2012 14:48:12
VBASE011.VDF : 7.11.41.255 2048 Bytes 06.09.2012 14:48:13
VBASE012.VDF : 7.11.42.0 2048 Bytes 06.09.2012 14:48:13
VBASE013.VDF : 7.11.42.1 2048 Bytes 06.09.2012 14:48:13
VBASE014.VDF : 7.11.42.65 203264 Bytes 09.09.2012 14:46:33
VBASE015.VDF : 7.11.42.125 156672 Bytes 11.09.2012 14:47:00
VBASE016.VDF : 7.11.42.171 187904 Bytes 12.09.2012 14:46:37
VBASE017.VDF : 7.11.42.235 141312 Bytes 13.09.2012 14:46:37
VBASE018.VDF : 7.11.43.35 133632 Bytes 15.09.2012 14:48:45
VBASE019.VDF : 7.11.43.89 129024 Bytes 18.09.2012 14:46:41
VBASE020.VDF : 7.11.43.141 130560 Bytes 19.09.2012 14:46:59
VBASE021.VDF : 7.11.43.187 121856 Bytes 21.09.2012 16:16:42
VBASE022.VDF : 7.11.43.251 147456 Bytes 24.09.2012 16:22:04
VBASE023.VDF : 7.11.44.43 152064 Bytes 25.09.2012 16:22:17
VBASE024.VDF : 7.11.44.103 165888 Bytes 27.09.2012 16:22:10
VBASE025.VDF : 7.11.44.167 160256 Bytes 30.09.2012 16:21:42
VBASE026.VDF : 7.11.44.223 199680 Bytes 02.10.2012 17:21:06
VBASE027.VDF : 7.11.45.29 196096 Bytes 04.10.2012 22:27:23
VBASE028.VDF : 7.11.45.30 2048 Bytes 04.10.2012 22:27:23
VBASE029.VDF : 7.11.45.31 2048 Bytes 04.10.2012 22:27:23
VBASE030.VDF : 7.11.45.32 2048 Bytes 04.10.2012 22:27:24
VBASE031.VDF : 7.11.45.72 104960 Bytes 06.10.2012 22:27:28
Engineversion : 8.2.10.182
AEVDF.DLL : 8.1.2.10 102772 Bytes 14.07.2012 14:02:32
AESCRIPT.DLL : 8.1.4.60 463227 Bytes 05.10.2012 22:27:46
AESCN.DLL : 8.1.9.2 131444 Bytes 28.09.2012 16:24:09
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 16:02:59
AERDL.DLL : 8.1.9.15 639348 Bytes 14.12.2011 23:31:02
AEPACK.DLL : 8.3.0.38 811382 Bytes 28.09.2012 16:24:01
AEOFFICE.DLL : 8.1.2.48 201082 Bytes 24.09.2012 16:22:39
AEHEUR.DLL : 8.1.4.114 5353847 Bytes 05.10.2012 22:27:45
AEHELP.DLL : 8.1.25.0 258423 Bytes 05.10.2012 22:27:25
AEGEN.DLL : 8.1.5.38 434548 Bytes 28.09.2012 16:22:56
AEEXP.DLL : 8.2.0.4 115060 Bytes 05.10.2012 22:27:46
AEEMU.DLL : 8.1.3.2 393587 Bytes 14.07.2012 14:01:53
AECORE.DLL : 8.1.28.2 201079 Bytes 28.09.2012 16:22:23
AEBB.DLL : 8.1.1.0 53618 Bytes 14.12.2011 23:30:58
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 19:28:19
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 19:28:20
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 19:28:20
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 19:28:20
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 19:28:20
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 19:28:20
AVSMTP.DLL : 12.3.0.32 63480 Bytes 08.08.2012 15:02:42
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 19:28:20
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 08.08.2012 15:02:36
RCTEXT.DLL : 12.3.0.31 100088 Bytes 08.08.2012 15:02:36
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:, F:, G:, H:, I:, J:, K:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Sonntag, 7. Oktober 2012 14:03
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD3
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD4
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD5
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'F:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'G:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'H:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'I:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'J:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'K:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'XMBLicensing.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'hamachi-2-ui.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'Sound_Blaster_X-Fi_MB_Cleanup.0001' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint32.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'VolPanlu.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'AMBSPISyncService.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'Monitor.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'c2c_service.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'sua.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTAudSvc.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '30' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
E:\VirtualCloneDrive\vcd-uninst.exe
[WARNUNG] Die komprimierten Daten sind fehlerhaft
E:\Pangya\uninstall.exe
[WARNUNG] Die Version dieses Archives wird nicht unterstützt
Die Registry wurde durchsucht ( '5810' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Program Files (x86)\WinRAR\rarnew.dat
[WARNUNG] Das Archiv ist unbekannt oder defekt
C:\Users\Joel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6218a9e7-158ea00a
[0] Archivtyp: ZIP
--> dhkcswmlnwajvfwhjbw/fbucbfvqmkuc.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.DC.2
--> dhkcswmlnwajvfwhjbw/fnbvccwwf.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Booxer.E
--> dhkcswmlnwajvfwhjbw/hrntgcuf.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.DD.2
--> dhkcswmlnwajvfwhjbw/htsmswjqtwqly.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.DE.2
--> dhkcswmlnwajvfwhjbw/nrfvqndfphhl.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.GI
--> dhkcswmlnwajvfwhjbw/pbenfb.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Kara.AU
--> dhkcswmlnwajvfwhjbw/rdvdfsubcyucbadey.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2012-0507.DF.2
--> dhkcswmlnwajvfwhjbw/rhqgrmhhqw.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.GJ
--> dhkcswmlnwajvfwhjbw/vlfvjntlvbbwu.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.GK
C:\Users\Joel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\16d89274-5cd04d55
[0] Archivtyp: ZIP
--> trphpgdtafbtttmvy/mltdmagswwqvsafpq.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.FW
--> trphpgdtafbtttmvy/qysfflnsla.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Themo.F.2
--> trphpgdtafbtttmvy/vnvvqw.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.GA
C:\Users\Joel\AppData\Roaming\Kalydo\KalydoPlayer\content\apps\RunesOfMagic\Bin\update.inf
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\Joel\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db
[WARNUNG] Unerwartetes Dateiende erreicht
Beginne mit der Suche in 'E:\' <Games>
E:\Pangya\uninstall.exe
[WARNUNG] Die Version dieses Archives wird nicht unterstützt
E:\Runes of Magic\update.inf
[WARNUNG] Die Datei ist kennwortgeschützt
E:\Runes of Magic\vcfile.res
[WARNUNG] Die Datei ist kennwortgeschützt
E:\VirtualCloneDrive\vcd-uninst.exe
[WARNUNG] Die komprimierten Daten sind fehlerhaft
Beginne mit der Suche in 'F:\' <Eigene Dateien>
F:\zelda7_oos.zip
[WARNUNG] Unerwartetes Dateiende erreicht
Beginne mit der Suche in 'G:\' <Downloads>
G:\avira_free_antivirus_de.exe
[WARNUNG] Die Datei ist kennwortgeschützt
G:\LoL_Installer_EU.zip
[WARNUNG] Die komprimierten Daten sind fehlerhaft
G:\Runes_of_Magic_3.0.5.2262.rar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
G:\Runes_of_Magic_v305.zip
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
G:\SetupVirtualCloneDrive5450.exe
[WARNUNG] Die komprimierten Daten sind fehlerhaft
G:\FarCry2\autoplay\autorun.cdd
[WARNUNG] Die Datei ist kennwortgeschützt
G:\Runes of Magic_Installer\Runes_of_Magic_3.0.5.2262.part2.rar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
G:\Runes of Magic_Installer\Runes_of_Magic_3.0.5.2262.part3.rar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
G:\Runes_of_Magic_3.0.5.2262\ROMSetup-1.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
G:\Runes_of_Magic_3.0.5.2262\ROMSetup-2.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
G:\Runes_of_Magic_3.0.5.2262\ROMSetup-3.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
G:\Runes_of_Magic_3.0.5.2262\ROMSetup-4.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
G:\Runes_of_Magic_3.0.5.2262\ROMSetup-5.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
G:\Runes_of_Magic_3.0.5.2262\ROMSetup-6.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
G:\Runes_of_Magic_3.0.5.2262\ROMSetup-7.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
G:\Runes_of_Magic_3.0.5.2262\ROMSetup-8.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
G:\Runes_of_Magic_3.0.5.2262\ROMSetup.exe
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
G:\Runes_of_Magic_3.0.5.2262_slim\ROMSetup-1.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
G:\Runes_of_Magic_3.0.5.2262_slim\ROMSetup-2.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
G:\Runes_of_Magic_3.0.5.2262_slim\ROMSetup-3.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
G:\Runes_of_Magic_3.0.5.2262_slim\ROMSetup-4.bin
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
G:\Runes_of_Magic_3.0.5.2262_slim\ROMSetup.exe
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
G:\Runes_of_Magic_v305\Runes_of_Magic_3.0.5.2262.part2.rar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
G:\Runes_of_Magic_v305\Runes_of_Magic_3.0.5.2262.part3.rar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
G:\UrbanTerror\q3ut4\zpak000_assets.pk3
[WARNUNG] Unerwartetes Dateiende erreicht
Beginne mit der Suche in 'H:\' <Volume>
H:\JOEL-PC\Backup Set 2011-04-18 231006\Backup Files 2011-04-18 231006\Backup files 43.zip
[WARNUNG] Das Archiv ist unbekannt oder defekt
H:\JOEL-PC\Backup Set 2011-08-21 190001\Backup Files 2011-10-02 193104\Backup files 2.zip
[WARNUNG] Unerwartetes Dateiende erreicht
H:\JOEL-PC\Backup Set 2011-08-21 190001\Backup Files 2011-10-02 193104\Backup files 24.zip
[WARNUNG] Das gesamte Archiv ist kennwortgeschützt
H:\JOEL-PC\Backup Set 2011-08-21 190001\Backup Files 2011-10-02 193104\Backup files 25.zip
[WARNUNG] Das gesamte Archiv ist kennwortgeschützt
H:\JOEL-PC\Backup Set 2011-08-21 190001\Backup Files 2011-10-02 193104\Backup files 9.zip
[WARNUNG] Unerwartetes Dateiende erreicht
H:\JOEL-PC\Backup Set 2011-12-04 190001\Backup Files 2011-12-11 190001\Backup files 3.zip
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
H:\JOEL-PC\Backup Set 2011-12-04 190001\Backup Files 2011-12-11 190001\Backup files 4.zip
[WARNUNG] Das gesamte Archiv ist kennwortgeschützt
H:\JOEL-PC\Backup Set 2012-01-08 190001\Backup Files 2012-01-08 190001\Backup files 13.zip
[WARNUNG] Die Datei ist kennwortgeschützt
H:\JOEL-PC\Backup Set 2012-01-08 190001\Backup Files 2012-01-08 190001\Backup files 14.zip
[WARNUNG] Das gesamte Archiv ist kennwortgeschützt
Beginne mit der Suche in 'I:\' <Daten>
I:\Hurrican\hurrican.dat
[WARNUNG] Die Datei ist kennwortgeschützt
I:\ICQ\ICQ6.5\ConfigFiles\TopSearches.7z
[WARNUNG] Die Datei ist kennwortgeschützt
I:\ICQ\ICQ6.5\ConfigFiles\TopSearchesDe.7z
[WARNUNG] Die Datei ist kennwortgeschützt
I:\Runes of Magic\update.inf
[WARNUNG] Die Datei ist kennwortgeschützt
I:\Runes of Magic\vcfile.res
[WARNUNG] Die Datei ist kennwortgeschützt
Beginne mit der Suche in 'J:\' <Daten 1>
Beginne mit der Suche in 'K:\' <Daten 2>
K:\Eigene\Downloads\PW_International.part1.exe
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
K:\Eigene\Downloads\PW_International.part2.rar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
K:\Eigene\Downloads\PW_International.part3.rar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
K:\Joel\C\Programme\WinRAR\rarnew.dat
[WARNUNG] Das Archiv ist unbekannt oder defekt
Beginne mit der Desinfektion:
C:\Users\Joel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\16d89274-5cd04d55
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.GA
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '550521c7.qua' verschoben!
C:\Users\Joel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6218a9e7-158ea00a
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Lamar.GK
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4de50e64.qua' verschoben!
Ende des Suchlaufs: Sonntag, 7. Oktober 2012 16:04
Benötigte Zeit: 2:00:31 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
39755 Verzeichnisse wurden überprüft
1187122 Dateien wurden geprüft
12 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1187110 Dateien ohne Befall
11894 Archive wurden durchsucht
53 Warnungen
2 Hinweise
557155 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.03.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Joel :: JOEL-PC [Administrator] 03.10.2012 16:12:23 mbam-log-2012-10-03 (16-12-23).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 495297 Laufzeit: 1 Stunde(n), 28 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.10.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Joel :: JOEL-PC [Administrator] 10.10.2012 22:50:05 mbam-log-2012-10-10 (22-50-05).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 222559 Laufzeit: 4 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Auswirkungen habe ich bis jetzt keine bemerkt, außer dass mein PC beim benutzen des Secunia PSI sehr langsam wurde, und ich das ganze dann Abbrechen musste. Außerdem habe ich in den installierten Programmen das Programm Yontoo gefunden. Wenn ich dieses deinstallieren will kommt diese Meldung: Tarma Installer Setup initialization error Muss nicht umbedingt was damit zu tun haben, ist mir nur aufgefallen. Ich hab dann grade noch einen Quick-Scan mit SUPERAntiSpyware gemacht, der hat aber nur die Adwaretracking Cookies gefunden, also sozusagen auch nichts. Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/10/2012 at 11:35 PM
Application Version : 5.5.1022
Core Rules Database Version : 9379
Trace Rules Database Version: 7191
Scan type : Quick Scan
Total Scan Time : 00:05:27
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 579
Memory threats detected : 0
Registry items scanned : 64315
Registry threats detected : 0
File items scanned : 12989
File threats detected : 302
Adware.Tracking Cookie
.apmebf.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.mediafire.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.getclicky.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.static.getclicky.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
in.getclicky.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.estat.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\TVQR31LG.txt [ /adformdsp.net ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\GM0JOLUJ.txt [ /ad1.adfarm1.adition.com ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\JQLAX3JC.txt [ /ads.creative-serving.com ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\0B06G58U.txt [ /fastclick.net ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\DLPHUW89.txt [ /zanox.com ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\5W582KIW.txt [ /ad.zanox.com ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\9L4BUK80.txt [ /mediaplex.com ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\AXIQCQN3.txt [ /adform.net ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\TAOSXEU0.txt [ /ad.360yield.com ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\EGTHT3RO.txt [ /invitemedia.com ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\2NRLJ83I.txt [ /c.atdmt.com ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\6HU61JOI.txt [ /zanox-affiliate.de ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\XUP0I4OA.txt [ /track.adform.net ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\XRV93XUX.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\3FW8VC7S.txt [ /imrworldwide.com ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\146II1SR.txt [ /adfarm1.adition.com ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\0DRW5U1P.txt [ /apmebf.com ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\8GIUD9SQ.txt [ /server.adform.net ]
www.etracker.de [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\0G40KB95.txt [ /serving-sys.com ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\94LW7J1D.txt [ /maniapub.trackmania.com ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.fastclick.net [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\U2823CI1.txt [ /ad.dyntracker.de ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\C9449R5T.txt [ /adtech.de ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\N9P6VBJE.txt [ /server.cpmstar.com ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\DNOTMEEX.txt [ /mediaplex.com ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\L8MYXHLB.txt [ /splash.trackmania.com ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\FH1C31XQ.txt [ /tracking.quisma.com ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\XDQOT1IX.txt [ /www.zanox-affiliate.de ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\KYC9RLRM.txt [ /doubleclick.net ]
.tracking.quisma.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\G1FHREQW.txt [ /atdmt.com ]
de.sitestat.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\Y94M7HA6.txt [ /ad.yieldmanager.com ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
www.gilde-pathfinder.de [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\CA60ZOIJ.txt [ /im.banner.t-online.de ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\QL6I6FJL.txt [ /zanox.com ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\2WI9ON55.txt [ /ad.zanox.com ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\X9MMRK4P.txt [ /server.adformdsp.net ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\94CUKUXX.txt [ /bs.serving-sys.com ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\CN9CLM65.txt [ /eas.apm.emediate.eu ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\CSIYUGTE.txt [ /maniahome.trackmania.com ]
C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Cookies\L3EX315S.txt [ /ad3.adfarm1.adition.com ]
stats.computecmedia.de [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.partnersearchmetrics.sbx1.2o7.net [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
counters.gigya.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
stats.computecmedia.de [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adtech.de [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\0HNEZJ84.txt [ Cookie:joel@zanox.com/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\APW8UN50.txt [ Cookie:joel@mediaplex.com/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\8BJGKIK2.txt [ Cookie:joel@adbrite.com/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\47F1UR5K.txt [ Cookie:joel@adform.net/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\IF9YJ6Z3.txt [ Cookie:joel@casalemedia.com/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\3OSSXIWA.txt [ Cookie:joel@invitemedia.com/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\I79HDIN4.txt [ Cookie:joel@c.atdmt.com/ ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\BLLY6HP7.txt [ Cookie:joel@track.adform.net/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4W8BHQTG.txt [ Cookie:joel@ad2.adfarm1.adition.com/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\U0ERR0YT.txt [ Cookie:joel@tradedoubler.com/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\VNAZPSDT.txt [ Cookie:joel@imrworldwide.com/cgi-bin ]
account.ankama.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\V4NUY1EE.txt [ Cookie:joel@ec-track.com/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\U3I89BBL.txt [ Cookie:joel@adfarm1.adition.com/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\X2IV45J3.txt [ Cookie:joel@revsci.net/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\CL5JK98T.txt [ Cookie:joel@apmebf.com/ ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\D3LA9AH7.txt [ Cookie:joel@questionmarket.com/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y1QRXMA1.txt [ Cookie:joel@server.adform.net/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\4W1AKD7F.txt [ Cookie:joel@tomtailor.dyntracker.com/ ]
.e-2dj6wjk4gpdzgdp.stats.esomniture.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wnmykkdjmep.stats.esomniture.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\0ZTTWSKR.txt [ Cookie:joel@www.active-tracking.de/ ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\YI77RWTD.txt [ Cookie:joel@ad.dyntracker.com/ ]
.tradedoubler.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.tradedoubler.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\1JCMMACX.txt [ Cookie:joel@specificclick.net/ ]
de.sitestat.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\1B8RKQ2K.txt [ Cookie:joel@adtech.de/ ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\VYP6G6LD.txt [ Cookie:joel@adinterax.com/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZHV2BHW7.txt [ Cookie:joel@www.zanox-affiliate.de/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\JIR2SB8K.txt [ Cookie:joel@tracking.quisma.com/ ]
.account.frogster-online.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\XWG3B2PC.txt [ Cookie:joel@doubleclick.net/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\GNIB82IK.txt [ Cookie:joel@atdmt.com/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\LG4H29VP.txt [ Cookie:joel@ad.yieldmanager.com/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y5212SCP.txt [ Cookie:joel@ad.zanox.com/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z40OTGSI.txt [ Cookie:joel@tracking.mindshare.de/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\S6TWNGKN.txt [ Cookie:joel@bs.serving-sys.com/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\USD0HJV1.txt [ Cookie:joel@yadro.ru/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\KHK91QI2.txt [ Cookie:joel@webmasterplan.com/ ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q8PG2R01.txt [ Cookie:joel@microsoftinternetexplorer.112.2o7.net/ ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
www.elitepvpers.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\5ZZ4LBD9.txt [ Cookie:joel@adviva.net/ ]
C:\USERS\JOEL\AppData\Roaming\Microsoft\Windows\Cookies\Low\TVLOHYSZ.txt [ Cookie:joel@ad3.adfarm1.adition.com/ ]
.2o7.net [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.tracking.quisma.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.histats.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\USERS\JOEL\Cookies\TVQR31LG.txt [ Cookie:joel@adformdsp.net/ ]
C:\USERS\JOEL\Cookies\0B06G58U.txt [ Cookie:joel@fastclick.net/ ]
C:\USERS\JOEL\Cookies\DLPHUW89.txt [ Cookie:joel@zanox.com/ ]
C:\USERS\JOEL\Cookies\5W582KIW.txt [ Cookie:joel@ad.zanox.com/ ]
C:\USERS\JOEL\Cookies\9L4BUK80.txt [ Cookie:joel@mediaplex.com/ ]
C:\USERS\JOEL\Cookies\AXIQCQN3.txt [ Cookie:joel@adform.net/ ]
C:\USERS\JOEL\Cookies\EGTHT3RO.txt [ Cookie:joel@invitemedia.com/ ]
.webmasterplan.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\USERS\JOEL\Cookies\2NRLJ83I.txt [ Cookie:joel@c.atdmt.com/ ]
.webmasterplan.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\USERS\JOEL\Cookies\XUP0I4OA.txt [ Cookie:joel@track.adform.net/ ]
C:\USERS\JOEL\Cookies\XRV93XUX.txt [ Cookie:joel@ad2.adfarm1.adition.com/ ]
C:\USERS\JOEL\Cookies\3FW8VC7S.txt [ Cookie:joel@imrworldwide.com/cgi-bin ]
.e-2dj6wjk4gmdpmgo.stats.esomniture.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\USERS\JOEL\Cookies\146II1SR.txt [ Cookie:joel@adfarm1.adition.com/ ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\USERS\JOEL\Cookies\0DRW5U1P.txt [ Cookie:joel@apmebf.com/ ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\USERS\JOEL\Cookies\8GIUD9SQ.txt [ Cookie:joel@server.adform.net/ ]
C:\USERS\JOEL\Cookies\94LW7J1D.txt [ Cookie:joel@maniapub.trackmania.com/banner/ ]
C:\USERS\JOEL\Cookies\6HU61JOI.txt [ Cookie:joel@zanox-affiliate.de/ ]
C:\USERS\JOEL\Cookies\C9449R5T.txt [ Cookie:joel@adtech.de/ ]
C:\USERS\JOEL\Cookies\N9P6VBJE.txt [ Cookie:joel@server.cpmstar.com/ ]
C:\USERS\JOEL\Cookies\DNOTMEEX.txt [ Cookie:joel@mediaplex.com/ ]
C:\USERS\JOEL\Cookies\L8MYXHLB.txt [ Cookie:joel@splash.trackmania.com/display/ ]
C:\USERS\JOEL\Cookies\FH1C31XQ.txt [ Cookie:joel@tracking.quisma.com/ ]
C:\USERS\JOEL\Cookies\XDQOT1IX.txt [ Cookie:joel@www.zanox-affiliate.de/ ]
C:\USERS\JOEL\Cookies\KYC9RLRM.txt [ Cookie:joel@doubleclick.net/ ]
C:\USERS\JOEL\Cookies\G1FHREQW.txt [ Cookie:joel@atdmt.com/ ]
C:\USERS\JOEL\Cookies\Y94M7HA6.txt [ Cookie:joel@ad.yieldmanager.com/ ]
.clickaider.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\USERS\JOEL\Cookies\QL6I6FJL.txt [ Cookie:joel@zanox.com/ ]
C:\USERS\JOEL\Cookies\2WI9ON55.txt [ Cookie:joel@ad.zanox.com/ ]
C:\USERS\JOEL\Cookies\X9MMRK4P.txt [ Cookie:joel@server.adformdsp.net/ ]
.doubleclick.net [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\USERS\JOEL\Cookies\94CUKUXX.txt [ Cookie:joel@bs.serving-sys.com/ ]
C:\USERS\JOEL\Cookies\CSIYUGTE.txt [ Cookie:joel@maniahome.trackmania.com/ ]
.e-2dj6wnmyoiajglp.stats.esomniture.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
C:\USERS\JOEL\Cookies\L3EX315S.txt [ Cookie:joel@ad3.adfarm1.adition.com/ ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
track.webtrekk.de [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
ad.zanox.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.bs.serving-sys.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.zanox-affiliate.de [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
ad.dyntracker.de [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
adx.chip.de [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.mmotraffic.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.mmotraffic.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.mmotraffic.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
insight.torbit.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.server.cpmstar.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
www.elitepvpers.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
www.elitepvpers.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.flagcounter.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adbrite.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.webmasterplan.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.eaeacom.112.2o7.net [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
statse.webtrendslive.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
de.sitestat.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
fr.sitestat.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
tracking.klicktel.de [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.2o7.net [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
de.twstats.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.gametracker.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
www.etracker.de [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.microsoftsto.112.2o7.net [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
accounts.youtube.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
server.adformdsp.net [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adformdsp.net [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
ad1.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.zanox.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
ad2.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.mediaplex.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
stats.computecmedia.de [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adform.net [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
ad3.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.adfarm1.adition.com [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.yadro.ru [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
game-toplist.de [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
.tracker.vinsight.de [ C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\COOKIES.SQLITE ]
Code:
ATTFilter OTL logfile created on: 10.10.2012 23:39:26 - Run 6 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Joel\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 58,95% Memory free 8,00 Gb Paging File | 5,94 Gb Available in Paging File | 74,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 50,54 Gb Free Space | 51,75% Space Free | Partition Type: NTFS Drive E: | 247,15 Gb Total Space | 190,95 Gb Free Space | 77,26% Space Free | Partition Type: NTFS Drive F: | 195,31 Gb Total Space | 83,99 Gb Free Space | 43,00% Space Free | Partition Type: NTFS Drive G: | 195,31 Gb Total Space | 159,70 Gb Free Space | 81,77% Space Free | Partition Type: NTFS Drive H: | 195,31 Gb Total Space | 6,24 Gb Free Space | 3,19% Space Free | Partition Type: NTFS Drive I: | 195,31 Gb Total Space | 178,20 Gb Free Space | 91,24% Space Free | Partition Type: NTFS Drive J: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Drive K: | 123,96 Gb Total Space | 114,93 Gb Free Space | 92,71% Space Free | Partition Type: NTFS Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 (Macrovision Europe Ltd.) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - E:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\Joel\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs) PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) ========== Modules (No Company Name) ========== MOD - C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0010\~df394b.tmp () MOD - C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0010\~de6248.tmp () MOD - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () MOD - C:\Windows\SysWOW64\APOMngr.DLL () MOD - C:\Windows\SysWOW64\CmdRtr.DLL () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Hamachi2Svc) -- E:\Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () SRV - (SandraAgentSrv) -- E:\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe (SiSoftware) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.) DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (PAC207) -- C:\Windows\SysNative\drivers\PFC027.SYS (PixArt Imaging Inc.) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SANDRA) -- E:\SiSoftware Sandra Lite 2010.SP3\WNt500x64\sandra.sys (SiSoftware) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) DRV - (Secdrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-537142579-2558697306-3944272275-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-537142579-2558697306-3944272275-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-537142579-2558697306-3944272275-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKU\S-1-5-21-537142579-2558697306-3944272275-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-537142579-2558697306-3944272275-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD A4 04 C7 29 31 CD 01 [binary data] IE - HKU\S-1-5-21-537142579-2558697306-3944272275-1001\..\SearchScopes,DefaultScope = {0EE8F119-12A5-4222-8835-FDC5C98606F5} IE - HKU\S-1-5-21-537142579-2558697306-3944272275-1001\..\SearchScopes\{0EE8F119-12A5-4222-8835-FDC5C98606F5}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-537142579-2558697306-3944272275-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:10.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}:5.0.18 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.17 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.9 FF - prefs.js..extensions.enabledItems: d2nagent@isaaclw.com:0.4.3 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q=" FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Users\Joel\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 01:55:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.08 01:55:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 01:55:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.08 01:55:09 | 000,000,000 | ---D | M] [2010.10.29 19:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Extensions [2012.10.03 15:48:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions [2012.09.16 03:01:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.10.08 20:45:35 | 000,000,950 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\searchplugins\icqplugin-1.xml [2012.10.07 23:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.08 01:55:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.09.08 01:55:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.10.03 15:48:21 | 000,257,937 | ---- | M] () (No name found) -- C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI [2012.08.22 10:49:48 | 000,015,611 | ---- | M] () (No name found) -- C:\USERS\JOEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LAUWVQ25.DEFAULT\EXTENSIONS\D2NAGENT@ISAACLW.COM.XPI [2012.09.08 01:55:14 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.23 20:15:07 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] E:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-537142579-2558697306-3944272275-1001..\Run: [ASRockIES] File not found O4 - HKU\S-1-5-21-537142579-2558697306-3944272275-1001..\Run: [ASRockOCTuner] File not found O4 - HKU\S-1-5-21-537142579-2558697306-3944272275-1001..\Run: [zASRockInstantBoot] File not found O4 - HKU\S-1-5-21-537142579-2558697306-3944272275-1006..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-537142579-2558697306-3944272275-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EC940EA-F80F-41D9-B652-128D376145C8}: DhcpNameServer = 192.168.1.1 217.237.151.97 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.10 06:54:02 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.10.10 06:54:01 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.10.10 06:54:01 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.10.10 06:53:53 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.10.10 06:53:53 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.10.10 06:53:53 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.10.10 06:53:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.10.10 06:53:52 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.10.10 06:53:51 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.10.10 06:53:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.10.10 06:53:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.10.10 06:53:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.10.10 06:53:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.10.10 06:53:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.10.10 06:53:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.10.10 06:53:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 06:53:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 06:53:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.10 06:53:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 06:53:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.10 06:53:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 06:53:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.10 06:53:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 06:53:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 06:53:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.10 06:53:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 06:53:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 06:53:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.10 06:53:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 06:53:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 06:53:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 06:53:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.10 06:53:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.10 06:53:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.10 06:53:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.10 06:53:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 06:53:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.10 06:53:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 06:53:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.10 06:53:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.10 06:53:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.10 06:53:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.10 06:53:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.10 06:53:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.10 06:53:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 06:53:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.10 06:53:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 06:53:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.10 06:53:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.10 06:53:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.10 06:53:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.10 06:53:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 06:53:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.10 06:53:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 06:53:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.10 06:53:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 06:53:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.10 06:53:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 06:53:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.10 06:53:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 06:53:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.10 06:53:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 06:53:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.10 06:53:47 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.10 06:53:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.10 06:53:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 06:53:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.10 06:53:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.10 06:53:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.10 06:53:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.10 06:53:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.10 06:53:46 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.10.10 06:53:38 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.10 06:53:20 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.10 06:53:19 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.10.07 23:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2012.10.07 23:54:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.10.07 23:53:48 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.10.07 23:53:41 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.10.07 23:53:41 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.10.07 23:53:41 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.10.07 23:53:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.10.07 10:31:04 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2012.10.07 10:31:02 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2012.10.07 10:31:01 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2012.10.07 10:31:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2012.10.07 10:30:59 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys [2012.10.07 10:30:58 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2012.10.07 10:30:54 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012.10.06 17:21:44 | 000,000,000 | ---D | C] -- C:\Users\Joel\Desktop\Castle_Crashers-FANiSO [2012.10.06 17:21:30 | 000,000,000 | ---D | C] -- C:\Users\Joel\Desktop\Slender v0.9.7 [2012.10.02 16:40:24 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\SIX_Projects [2012.09.25 20:57:14 | 000,000,000 | ---D | C] -- C:\Users\Joel\Documents\Runes of Magic Kalydo [2012.09.25 20:36:44 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Kalydo [2012.09.24 21:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.09.24 21:45:33 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\pdfforge [2012.09.24 21:45:32 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2012.09.24 21:45:32 | 000,096,768 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.09.24 21:45:31 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL [2012.09.24 21:45:31 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL [2012.09.24 21:45:31 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2012.09.24 21:45:30 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2012.09.24 21:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.09.23 03:00:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.09.23 03:00:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.09.23 03:00:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.09.23 03:00:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.09.23 03:00:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.09.23 03:00:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.09.23 03:00:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.09.23 03:00:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.09.23 03:00:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.09.23 03:00:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.09.23 03:00:47 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.09.23 03:00:47 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.09.23 03:00:46 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.09.23 03:00:46 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.09.23 03:00:46 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.09.20 16:07:29 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\six-zsync [2012.09.20 16:07:29 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\six-updater [2012.09.20 16:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Six Projects [2012.09.20 16:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Projects [2012.09.20 16:00:16 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\Downloaded Installations [2012.09.20 15:42:34 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\ArmA 2 OA [2012.09.20 14:55:58 | 000,000,000 | ---D | C] -- C:\Users\Joel\Documents\ArmA 2 Other Profiles [2012.09.20 14:53:42 | 000,000,000 | ---D | C] -- C:\Users\Joel\Documents\ArmA 2 [2012.09.20 14:53:42 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\ArmA 2 [2012.09.20 14:53:36 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2012.09.20 14:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2012.09.15 17:10:08 | 000,000,000 | ---D | C] -- C:\temp [2012.09.15 17:09:08 | 026,228,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.09.15 17:09:08 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.09.15 17:09:08 | 019,828,584 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.09.15 17:09:08 | 018,229,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.09.15 17:09:08 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.09.15 17:09:08 | 012,465,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012.09.15 17:09:08 | 009,066,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.09.15 17:09:08 | 007,626,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.09.15 17:09:08 | 007,397,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2012.09.15 17:09:08 | 006,109,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2012.09.15 17:09:08 | 002,745,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.09.15 17:09:08 | 002,573,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.09.15 17:09:08 | 002,216,808 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.09.15 17:09:08 | 001,866,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.09.15 17:09:08 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2012.09.15 17:09:08 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2012.09.15 17:09:08 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2012.09.12 16:47:19 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2012.09.12 16:47:19 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.10 23:15:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.10 23:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.10 21:01:15 | 000,022,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 21:01:15 | 000,022,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 20:53:46 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.10 20:53:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.10 20:53:31 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2012.10.10 16:31:24 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.10 16:31:24 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.10 16:31:24 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.10 16:31:24 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.10 16:31:24 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.09 16:07:43 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.09 16:07:43 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.10.07 23:53:33 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.10.07 23:53:32 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2012.10.07 23:53:32 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.10.07 23:53:32 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.10.07 23:53:32 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.10.07 23:53:32 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.10.07 23:22:18 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.10.07 22:48:37 | 000,307,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.09.29 17:34:18 | 911,911,081 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.09.20 16:02:50 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Updater.lnk [2012.09.20 16:02:50 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Launcher.lnk [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.07 23:22:18 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012.10.07 23:22:18 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.09.20 16:00:58 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Updater.lnk [2012.09.20 16:00:58 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Launcher.lnk [2012.08.30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.01.14 01:34:30 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.22 17:41:38 | 105,854,917 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\.minecraft.rar [2011.09.23 19:41:14 | 000,000,807 | ---- | C] () -- C:\Windows\eReg.dat [2011.08.02 19:12:53 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011.05.22 19:08:16 | 000,007,605 | ---- | C] () -- C:\Users\Joel\AppData\Local\Resmon.ResmonCfg [2010.11.10 14:26:13 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.11.03 22:26:04 | 013,803,520 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.10.30 17:43:02 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini [2010.10.30 17:43:02 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini [2010.10.30 17:43:02 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini [2010.10.30 17:42:36 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.10.30 17:42:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL < End of report > Vielen Dank schonmal für eure Hilfe  |
|
11.10.2012, 18:11
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Fund JAVA/Dldr.Lamar.GACode:
ATTFilter F:\zelda7_oos.zip
G:\Runes_of_Magic_3.0.5.2262.rar
G:\Runes of Magic_Installer\Runes_of_Magic_3.0.5.2262.part2.rar
K:\Eigene\Downloads\PW_International.part1.exe
__________________ |
|
11.10.2012, 19:24
| #3 |
| | Fund JAVA/Dldr.Lamar.GA Puh also die zelda_oos Datei weiß ich die Quelle leider nicht mehr, hatte ich wohl mal vor einem Jahr runtergeladen (Änderungsdatum ist auf 15.06.2011 datiert), hab mal danach gegoogelt, scheint wohl eine Version von Zelda zu sein, kann mich aber leider nicht mehr dran erinnern wo ich das runtergeladen hatte und zu welchem Zweck genau, denke ich wollte das Spiel wohl mal ausprobieren und hatte wo eine kostenlose Version zum downloaden gefunden. Genaueres/mehr kann ich dir da leider aber nicht sagen.
__________________Die 2 Dateien mit Runes of Magic sind von einem Onlinespiel mit dem Namen Runes of Magic, welches ich auch zurzeit spiele. Quelle sollte diese Seite gewesen sein. hxxp://www.runesofmagic.com/de/home.html Bei beiden Dateien ist das Änderungsdatum auf Februar 2011 datiert. Sollten eigentlich beides keine unsauberen Dateien sein. Die letzte Datei ist auch von einem Onlinespiel, Perfect World, welches ich auch mal ausprobiert hatte, ist aber schon lange her. Bei der Quelle würde ich auch auf die offizielle Seite des Spiels tippen. hxxp://www.perfectworld.com/ Änderungsdatum ist auf Juni 2009 datiert. |
|
12.10.2012, 10:05
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fund JAVA/Dldr.Lamar.GAESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.10.2012, 15:53
| #5 |
| | Fund JAVA/Dldr.Lamar.GA Okay ich habe einen Scan durchführen lassen. Hat mir einen Fund gemeldet. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e3a2680998ff804496940e0b9bf6a501
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-12 07:03:19
# local_time=2012-05-12 09:03:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1792 16777215 100 0 11659960 11659960 0 0
# compatibility_mode=5893 16776573 100 94 27561147 89247849 0 0
# compatibility_mode=8192 67108863 100 0 340 340 0 0
# scanned=290868
# found=5
# cleaned=5
# scan_time=7264
C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
H:\JOEL-PC\Backup Set 2011-04-18 231006\Backup Files 2011-06-05 193948\Backup files 1.zip a variant of Win32/SoftonicDownloader.A application (deleted - quarantined) 00000000000000000000000000000000 C
H:\JOEL-PC\Backup Set 2011-04-18 231006\Backup Files 2011-08-07 210704\Backup files 1.zip Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C
H:\JOEL-PC\Backup Set 2012-01-08 190001\Backup Files 2012-01-08 190001\Backup files 4.zip probably a variant of Win32/Adware.LVTAJCG application (deleted - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e3a2680998ff804496940e0b9bf6a501
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-12 02:22:27
# local_time=2012-10-12 04:22:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 24860981 24860981 0 0
# compatibility_mode=5893 16776573 100 94 49140 101673049 0 0
# compatibility_mode=8192 67108863 100 0 13201361 13201361 0 0
# scanned=301882
# found=1
# cleaned=0
# scan_time=8548
E:\Limbo\limbo_lang.exe a variant of Win32/Kryptik.EIF trojan (unable to clean) 00000000000000000000000000000000 I
Dieses Yontoo ist übrigens immernoch unter der Übersicht der installierten Programme in der Systemsteuerung zu finden und lässt sich weiterhin nicht deinstallieren. |
|
12.10.2012, 17:54
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fund JAVA/Dldr.Lamar.GA adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ --> Fund JAVA/Dldr.Lamar.GA |
|
12.10.2012, 20:25
| #7 |
| | Fund JAVA/Dldr.Lamar.GA Habe ich gemacht. Hier das Log Code:
ATTFilter # AdwCleaner v2.004 - Datei am 12/10/2012 um 21:24:19 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Joel - JOEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Joel\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\Joel\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\Joel\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\Conduit
Ordner Gefunden : C:\Users\Joel\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKLM\SOFTWARE\Tarma Installer
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\prefs.js
Gefunden : user_pref("CT2475029..clientLogIsEnabled", true);
Gefunden : user_pref("CT2475029..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gefunden : user_pref("CT2475029..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gefunden : user_pref("CT2475029.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gefunden : user_pref("CT2475029.CT2481020.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481024.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481025.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481029.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481031.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481032.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481033.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481034.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481035.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CT2481037.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CTID", "ct2481020");
Gefunden : user_pref("CT2475029.CommunitiesChangesLastCheckTime", "Tue May 17 2011 21:16:47 GMT+0200");
Gefunden : user_pref("CT2475029.CommunityChanged", true);
Gefunden : user_pref("CT2475029.CurrentServerDate", "17-5-2011");
Gefunden : user_pref("CT2475029.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2475029.DialogsGetterLastCheckTime", "Tue May 17 2011 21:16:49 GMT+0200");
Gefunden : user_pref("CT2475029.DownloadDomainsCheckInterval", "168");
Gefunden : user_pref("CT2475029.DownloadDomainsListLastCheckTime", "Tue May 10 2011 22:57:47 GMT+0200");
Gefunden : user_pref("CT2475029.DownloadDomainsListLastServerUpdateTime", "1201069983");
Gefunden : user_pref("CT2475029.DownloadReferralCookieData", "");
Gefunden : user_pref("CT2475029.EMailNotifierPollDate", "Tue May 10 2011 22:57:47 GMT+0200");
Gefunden : user_pref("CT2475029.FeedLastCount129133095456874337", 0);
Gefunden : user_pref("CT2475029.FeedPollDate129076849370150342", "Tue May 17 2011 21:16:48 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076850042182211", "Tue May 17 2011 21:16:48 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076850596400916", "Tue May 17 2011 21:16:48 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076850791868756", "Tue May 17 2011 21:16:48 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076852434375419", "Tue May 17 2011 21:16:48 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076853083906444", "Tue May 17 2011 21:16:48 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076854010937606", "Tue May 17 2011 21:16:48 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076855068438037", "Tue May 17 2011 21:16:49 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076855340312884", "Tue May 17 2011 21:16:49 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076855597344292", "Tue May 17 2011 21:16:49 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076855883906472", "Tue May 17 2011 21:16:49 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076856408281730", "Tue May 17 2011 21:16:49 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076856723281882", "Tue May 17 2011 21:16:49 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076856982969262", "Tue May 17 2011 21:16:49 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076857229219583", "Tue May 17 2011 21:16:49 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076857478587121", "Tue May 17 2011 21:16:49 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129076858014837073", "Tue May 17 2011 21:16:49 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129132307482029379", "Tue May 10 2011 22:57:47 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129132307482029381", "Tue May 10 2011 22:57:48 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129132307482029382", "Tue May 10 2011 22:57:48 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129133095459686870", "Tue May 10 2011 22:57:48 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129133095459686871", "Tue May 10 2011 22:57:48 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129137437659687146", "Tue May 10 2011 22:57:47 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129137437659687147", "Tue May 10 2011 22:57:47 GMT+0200");
Gefunden : user_pref("CT2475029.FeedPollDate129137437659687148", "Tue May 10 2011 22:57:47 GMT+0200");
Gefunden : user_pref("CT2475029.FeedTTL129076850596400916", 5);
Gefunden : user_pref("CT2475029.FeedTTL129076850791868756", 5);
Gefunden : user_pref("CT2475029.FeedTTL129076855068438037", 2);
Gefunden : user_pref("CT2475029.FeedTTL129076856408281730", 30);
Gefunden : user_pref("CT2475029.FeedTTL129076857229219583", 30);
Gefunden : user_pref("CT2475029.FeedTTL129076858014837073", 2);
Gefunden : user_pref("CT2475029.FeedTTL129132307482029379", 40);
Gefunden : user_pref("CT2475029.FeedTTL129132307482029381", 40);
Gefunden : user_pref("CT2475029.FeedTTL129132307482029382", 40);
Gefunden : user_pref("CT2475029.FeedTTL129133095459686870", 40);
Gefunden : user_pref("CT2475029.FeedTTL129133095459686871", 40);
Gefunden : user_pref("CT2475029.FeedTTL129137437659687146", 40);
Gefunden : user_pref("CT2475029.FeedTTL129137437659687147", 40);
Gefunden : user_pref("CT2475029.FeedTTL129137437659687148", 40);
Gefunden : user_pref("CT2475029.FirstServerDate", "10-5-2011");
Gefunden : user_pref("CT2475029.FirstTime", true);
Gefunden : user_pref("CT2475029.FirstTimeFF3", true);
Gefunden : user_pref("CT2475029.FixPageNotFoundErrors", true);
Gefunden : user_pref("CT2475029.GroupingLastCheckTime", "Tue May 17 2011 21:16:47 GMT+0200");
Gefunden : user_pref("CT2475029.GroupingLastErrorCode", "");
Gefunden : user_pref("CT2475029.GroupingLastResponse", true);
Gefunden : user_pref("CT2475029.GroupingLastServerUpdateTime", "129484884546300000");
Gefunden : user_pref("CT2475029.GroupingServerCheckInterval", 1440);
Gefunden : user_pref("CT2475029.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gefunden : user_pref("CT2475029.HasUserGlobalKeys", true);
Gefunden : user_pref("CT2475029.Initialize", true);
Gefunden : user_pref("CT2475029.InitializeCommonPrefs", true);
Gefunden : user_pref("CT2475029.InstallationAndCookieDataSentCount", 3);
Gefunden : user_pref("CT2475029.InstallationId", "MyAshampoo.exe");
Gefunden : user_pref("CT2475029.InstallationType", "ConduitIntegration");
Gefunden : user_pref("CT2475029.InstalledDate", "Tue May 10 2011 22:57:47 GMT+0200");
Gefunden : user_pref("CT2475029.IsGrouping", true);
Gefunden : user_pref("CT2475029.IsMulticommunity", true);
Gefunden : user_pref("CT2475029.IsOpenThankYouPage", false);
Gefunden : user_pref("CT2475029.IsOpenUninstallPage", true);
Gefunden : user_pref("CT2475029.LanguagePackLastCheckTime", "Tue May 10 2011 22:57:48 GMT+0200");
Gefunden : user_pref("CT2475029.LanguagePackReloadIntervalMM", 1440);
Gefunden : user_pref("CT2475029.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gefunden : user_pref("CT2475029.LastLogin_3.2.5.2", "Tue May 10 2011 22:57:48 GMT+0200");
Gefunden : user_pref("CT2475029.LastLogin_3.3.3.2", "Tue May 17 2011 21:16:49 GMT+0200");
Gefunden : user_pref("CT2475029.LatestVersion", "3.3.3.2");
Gefunden : user_pref("CT2475029.Locale", "en");
Gefunden : user_pref("CT2475029.MCDetectTooltipHeight", "83");
Gefunden : user_pref("CT2475029.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gefunden : user_pref("CT2475029.MCDetectTooltipWidth", "295");
Gefunden : user_pref("CT2475029.RadioIsPodcast", false);
Gefunden : user_pref("CT2475029.RadioMediaID", "9962");
Gefunden : user_pref("CT2475029.RadioMediaType", "Media Player");
Gefunden : user_pref("CT2475029.RadioMenuSelectedID", "EBRadioMenu_CT24750299962");
Gefunden : user_pref("CT2475029.RadioStationName", "California%20Rock");
Gefunden : user_pref("CT2475029.RadioStationURL", "hxxp://feedlive.net/california.asx");
Gefunden : user_pref("CT2475029.SavedHomepage", "hxxp://google.de/");
Gefunden : user_pref("CT2475029.SearchFromAddressBarIsInit", true);
Gefunden : user_pref("CT2475029.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT247[...]
Gefunden : user_pref("CT2475029.SearchInNewTabEnabled", true);
Gefunden : user_pref("CT2475029.SearchInNewTabIntervalMM", 1440);
Gefunden : user_pref("CT2475029.SearchInNewTabLastCheckTime", "Tue May 10 2011 22:57:47 GMT+0200");
Gefunden : user_pref("CT2475029.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gefunden : user_pref("CT2475029.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gefunden : user_pref("CT2475029.ServiceMapLastCheckTime", "Tue May 17 2011 21:16:47 GMT+0200");
Gefunden : user_pref("CT2475029.SettingsLastCheckTime", "Tue May 10 2011 22:57:46 GMT+0200");
Gefunden : user_pref("CT2475029.SettingsLastUpdate", "1304242869");
Gefunden : user_pref("CT2475029.ThirdPartyComponentsInterval", 504);
Gefunden : user_pref("CT2475029.ThirdPartyComponentsLastCheck", "Tue May 10 2011 22:57:46 GMT+0200");
Gefunden : user_pref("CT2475029.ThirdPartyComponentsLastUpdate", "1246786978");
Gefunden : user_pref("CT2475029.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2475029");
Gefunden : user_pref("CT2475029.Uninstall", true);
Gefunden : user_pref("CT2475029.UserID", "UN25597903909414897");
Gefunden : user_pref("CT2475029.WeatherNetwork", "");
Gefunden : user_pref("CT2475029.WeatherPollDate", "Tue May 10 2011 22:57:48 GMT+0200");
Gefunden : user_pref("CT2475029.WeatherUnit", "C");
Gefunden : user_pref("CT2475029.backendstorage.ctid", "435432343735303239");
Gefunden : user_pref("CT2475029.backendstorage.eule_tb_id", "65323830303430393462376230343732663032363034343736[...]
Gefunden : user_pref("CT2475029.backendstorage.export", "636C6F736564");
Gefunden : user_pref("CT2475029.backendstorage.firstinstall", "796573");
Gefunden : user_pref("CT2475029.backendstorage.gsdomain", "");
Gefunden : user_pref("CT2475029.backendstorage.lastexport", "323031312D30352D3137");
Gefunden : user_pref("CT2475029.backendstorage.partner_id", "3937346665643236");
Gefunden : user_pref("CT2475029.backendstorage.runtoolbar", "323031312D30352D3137");
Gefunden : user_pref("CT2475029.ct2481020.AppTrackingLastCheckTime", "Tue May 17 2011 21:16:58 GMT+0200");
Gefunden : user_pref("CT2475029.ct2481020.DialogsAlignMode", "LTR");
Gefunden : user_pref("CT2475029.ct2481020.FeedLastCount129076858299680990", 649);
Gefunden : user_pref("CT2475029.ct2481020.GroupingInvalidateCache", false);
Gefunden : user_pref("CT2475029.ct2481020.GroupingLastCheckTime", "Tue May 17 2011 21:16:47 GMT+0200");
Gefunden : user_pref("CT2475029.ct2481020.GroupingLastErrorCode", "");
Gefunden : user_pref("CT2475029.ct2481020.GroupingLastResponse", true);
Gefunden : user_pref("CT2475029.ct2481020.GroupingLastServerUpdateTime", "129484884546300000");
Gefunden : user_pref("CT2475029.ct2481020.InvalidateCache", false);
Gefunden : user_pref("CT2475029.ct2481020.LanguagePackLastCheckTime", "Tue May 17 2011 21:16:48 GMT+0200");
Gefunden : user_pref("CT2475029.ct2481020.Locale", "de");
Gefunden : user_pref("CT2475029.ct2481020.RadioLastCheckTime", "Tue May 17 2011 21:16:48 GMT+0200");
Gefunden : user_pref("CT2475029.ct2481020.RadioLastUpdateIPServer", "3");
Gefunden : user_pref("CT2475029.ct2481020.RadioLastUpdateServer", "3");
Gefunden : user_pref("CT2475029.ct2481020.SearchInNewTabLastCheckTime", "Tue May 17 2011 21:16:49 GMT+0200");
Gefunden : user_pref("CT2475029.ct2481020.SettingsLastCheckTime", "Tue May 17 2011 21:16:47 GMT+0200");
Gefunden : user_pref("CT2475029.ct2481020.SettingsLastUpdate", "1304242869");
Gefunden : user_pref("CT2475029.ct2481020.ThirdPartyComponentsLastCheck", "Tue May 10 2011 22:57:47 GMT+0200");
Gefunden : user_pref("CT2475029.ct2481020.ThirdPartyComponentsLastUpdate", "1255344657");
Gefunden : user_pref("CT2475029.ct2481020.globalFirstTimeInfoLastCheckTime", "Tue May 17 2011 21:16:49 GMT+0200[...]
Gefunden : user_pref("CT2475029.ct2481020.toolbarAppMetaDataLastCheckTime", "Tue May 17 2011 21:16:48 GMT+0200"[...]
Gefunden : user_pref("CT2475029.ct2481020.toolbarContextMenuLastCheckTime", "Tue May 17 2011 21:16:48 GMT+0200"[...]
Gefunden : user_pref("CT2475029.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Gefunden : user_pref("CT2475029.isAppTrackingManagerOn", true);
Gefunden : user_pref("CT2475029.myStuffEnabled", true);
Gefunden : user_pref("CT2475029.myStuffPublihserMinWidth", 400);
Gefunden : user_pref("CT2475029.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gefunden : user_pref("CT2475029.myStuffServiceIntervalMM", 1440);
Gefunden : user_pref("CT2475029.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gefunden : user_pref("CT2475029.oldAppsList", "200,129058856464344002,129058856464656507,129469746101488132,129[...]
Gefunden : user_pref("CT2475029.testingCtid", "");
Gefunden : user_pref("CT2475029.toolbarAppMetaDataLastCheckTime", "Tue May 10 2011 22:57:46 GMT+0200");
Gefunden : user_pref("CT2475029.toolbarContextMenuLastCheckTime", "Tue May 10 2011 22:57:48 GMT+0200");
Gefunden : user_pref("CT2475029.usagesFlag", 1);
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/868510/864310/DE", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2475029", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2481020", [...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2475029",[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63440294476430[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2475029/CT2475029[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2481020/CT2475029[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/1344951.xml", "\"7fb807a51e3d23ea09a3[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16887175.xml", "\"d2c7343209b33516a77[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/17151925.xml", "\"dca0b4e62f11b6b940c[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20536157.xml", "\"948b54c06a74dbea00a[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/30261067.xml", "\"9e93e5df49048405369[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/34655603.xml", "\"288bfe46891cda4df27[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/759251.xml", "\"91e6783a0eff7d06c7437[...]
Gefunden : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/816653.xml", "\"219ac7e4928b09ad4c135[...]
Gefunden : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Gefunden : user_pref("CommunityToolbar.EngineOwner", "CT2475029");
Gefunden : user_pref("CommunityToolbar.EngineOwnerGuid", "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}");
Gefunden : user_pref("CommunityToolbar.EngineOwnerToolbarId", "myashampoo");
Gefunden : user_pref("CommunityToolbar.IsEngineShown", false);
Gefunden : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Gefunden : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Gefunden : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Gefunden : user_pref("CommunityToolbar.ToolbarsList", "CT2475029");
Gefunden : user_pref("CommunityToolbar.ToolbarsList2", "CT2475029");
Gefunden : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue May 17 2011 21:16:17 GMT+02[...]
Gefunden : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gefunden : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue May 17 2011 16:38:19 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.locale", "en");
Gefunden : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gefunden : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue May 17 2011 21:16:15 GMT+0200");
Gefunden : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gefunden : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gefunden : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gefunden : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gefunden : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gefunden : user_pref("CommunityToolbar.alert.userId", "a3d2e711-7022-4eeb-8c9c-362c67ce0473");
Gefunden : user_pref("CommunityToolbar.globalUserId", "994b5254-716a-4826-81fe-6ac840802d52");
Gefunden : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gefunden : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2475029");
Gefunden : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Tue May 10 2011 22:57:50 GMT+0200"[...]
Gefunden : user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Tue May 10 2011 22:57:50 GMT+0200[...]
Gefunden : user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Tue May 10 2011 22:57:50 GMT+0200[...]
Gefunden : user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Tue May 10 2011 22:57:50 GMT+0200[...]
Gefunden : user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Tue May 10 2011 22:57:50 GMT+0200[...]
Gefunden : user_pref("CommunityToolbar.twitter.user_34655603.LastCheckTime", "Tue May 10 2011 22:57:50 GMT+0200[...]
Gefunden : user_pref("CommunityToolbar.twitter.user_759251.LastCheckTime", "Tue May 10 2011 22:57:50 GMT+0200")[...]
Gefunden : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Tue May 10 2011 22:57:50 GMT+0200")[...]
Gefunden : user_pref("browser.babylon.HPOnNewTab", "1");
Gefunden : user_pref("extensions.BabylonToolbar.cntry", "DE");
Gefunden : user_pref("extensions.BabylonToolbar.firstRun", false);
Gefunden : user_pref("extensions.BabylonToolbar.hdrMd5", "F66F3D2E1F390DB769FAAF19AC3FD149");
Gefunden : user_pref("extensions.BabylonToolbar.lastActv", "28");
Gefunden : user_pref("extensions.BabylonToolbar.lastDP", 28);
Gefunden : user_pref("extensions.facemoods.DNSErrUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=5");
Gefunden : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Gefunden : user_pref("extensions.facemoods.dfltSrch", true);
Gefunden : user_pref("extensions.facemoods.dfltSrchPrvdr", "Facemoods Search");
Gefunden : user_pref("extensions.facemoods.dnsErr", true);
Gefunden : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.3");
Gefunden : user_pref("extensions.facemoods.firstRun", false);
Gefunden : user_pref("extensions.facemoods.first_time", false);
Gefunden : user_pref("extensions.facemoods.hmpg", true);
Gefunden : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=ddrnw");
Gefunden : user_pref("extensions.facemoods.id", "_#0448c9490000000000007a7905b6aac8");
Gefunden : user_pref("extensions.facemoods.instlDay", "_#15248");
Gefunden : user_pref("extensions.facemoods.mntz", "");
Gefunden : user_pref("extensions.facemoods.newTab", true);
Gefunden : user_pref("extensions.facemoods.newTabUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=2");
Gefunden : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
Gefunden : user_pref("extensions.facemoods.searchProviderAdded", true);
Gefunden : user_pref("extensions.facemoods.sid", "_#e005119fa9ff4ceb8f9a557ab1db2a0b");
Gefunden : user_pref("extensions.facemoods.tlbrSrchUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=3");
Gefunden : user_pref("extensions.facemoods.uninst", true);
Gefunden : user_pref("extensions.facemoods.update", "_#v1.4.0");
Gefunden : user_pref("extensions.facemoods.vrsn", "_#1.4.17.11");
Gefunden : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q=");
-\\ Opera v12.2.1578.0
Datei : C:\Users\Joel\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [28284 octets] - [12/10/2012 21:24:19]
########## EOF - C:\AdwCleaner[R1].txt - [28345 octets] ##########
|
|
12.10.2012, 20:33
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fund JAVA/Dldr.Lamar.GA adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.10.2012, 20:46
| #9 |
| | Fund JAVA/Dldr.Lamar.GA Denkst du eigentlich dass das von Avira Fehlfunde waren, ich hatte da mal gegoogelt deswegen und bin auf widersprüchliche Ergebnisse gestoßen. Habe beim AdwareClear auf Löschen geklickt, hier das Log. Code:
ATTFilter # AdwCleaner v2.004 - Datei am 12/10/2012 um 21:43:05 erstellt
# Aktualisiert am 06/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Joel - JOEL-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Joel\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Joel\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Joel\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\Conduit
Ordner Gelöscht : C:\Users\Joel\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2475029
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\prefs.js
C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\lauwvq25.default\user.js ... Gelöscht !
Gelöscht : user_pref("CT2475029..clientLogIsEnabled", true);
Gelöscht : user_pref("CT2475029..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Gelöscht : user_pref("CT2475029..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Gelöscht : user_pref("CT2475029.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2475029.CT2481020.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481024.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481025.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481029.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481031.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481032.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481033.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481034.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481035.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CT2481037.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CTID", "ct2481020");
Gelöscht : user_pref("CT2475029.CommunitiesChangesLastCheckTime", "Tue May 17 2011 21:16:47 GMT+0200");
Gelöscht : user_pref("CT2475029.CommunityChanged", true);
Gelöscht : user_pref("CT2475029.CurrentServerDate", "17-5-2011");
Gelöscht : user_pref("CT2475029.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2475029.DialogsGetterLastCheckTime", "Tue May 17 2011 21:16:49 GMT+0200");
Gelöscht : user_pref("CT2475029.DownloadDomainsCheckInterval", "168");
Gelöscht : user_pref("CT2475029.DownloadDomainsListLastCheckTime", "Tue May 10 2011 22:57:47 GMT+0200");
Gelöscht : user_pref("CT2475029.DownloadDomainsListLastServerUpdateTime", "1201069983");
Gelöscht : user_pref("CT2475029.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2475029.EMailNotifierPollDate", "Tue May 10 2011 22:57:47 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedLastCount129133095456874337", 0);
Gelöscht : user_pref("CT2475029.FeedPollDate129076849370150342", "Tue May 17 2011 21:16:48 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076850042182211", "Tue May 17 2011 21:16:48 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076850596400916", "Tue May 17 2011 21:16:48 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076850791868756", "Tue May 17 2011 21:16:48 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076852434375419", "Tue May 17 2011 21:16:48 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076853083906444", "Tue May 17 2011 21:16:48 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076854010937606", "Tue May 17 2011 21:16:48 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076855068438037", "Tue May 17 2011 21:16:49 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076855340312884", "Tue May 17 2011 21:16:49 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076855597344292", "Tue May 17 2011 21:16:49 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076855883906472", "Tue May 17 2011 21:16:49 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076856408281730", "Tue May 17 2011 21:16:49 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076856723281882", "Tue May 17 2011 21:16:49 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076856982969262", "Tue May 17 2011 21:16:49 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076857229219583", "Tue May 17 2011 21:16:49 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076857478587121", "Tue May 17 2011 21:16:49 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129076858014837073", "Tue May 17 2011 21:16:49 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129132307482029379", "Tue May 10 2011 22:57:47 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129132307482029381", "Tue May 10 2011 22:57:48 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129132307482029382", "Tue May 10 2011 22:57:48 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129133095459686870", "Tue May 10 2011 22:57:48 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129133095459686871", "Tue May 10 2011 22:57:48 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129137437659687146", "Tue May 10 2011 22:57:47 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129137437659687147", "Tue May 10 2011 22:57:47 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedPollDate129137437659687148", "Tue May 10 2011 22:57:47 GMT+0200");
Gelöscht : user_pref("CT2475029.FeedTTL129076850596400916", 5);
Gelöscht : user_pref("CT2475029.FeedTTL129076850791868756", 5);
Gelöscht : user_pref("CT2475029.FeedTTL129076855068438037", 2);
Gelöscht : user_pref("CT2475029.FeedTTL129076856408281730", 30);
Gelöscht : user_pref("CT2475029.FeedTTL129076857229219583", 30);
Gelöscht : user_pref("CT2475029.FeedTTL129076858014837073", 2);
Gelöscht : user_pref("CT2475029.FeedTTL129132307482029379", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129132307482029381", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129132307482029382", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129133095459686870", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129133095459686871", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129137437659687146", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129137437659687147", 40);
Gelöscht : user_pref("CT2475029.FeedTTL129137437659687148", 40);
Gelöscht : user_pref("CT2475029.FirstServerDate", "10-5-2011");
Gelöscht : user_pref("CT2475029.FirstTime", true);
Gelöscht : user_pref("CT2475029.FirstTimeFF3", true);
Gelöscht : user_pref("CT2475029.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2475029.GroupingLastCheckTime", "Tue May 17 2011 21:16:47 GMT+0200");
Gelöscht : user_pref("CT2475029.GroupingLastErrorCode", "");
Gelöscht : user_pref("CT2475029.GroupingLastResponse", true);
Gelöscht : user_pref("CT2475029.GroupingLastServerUpdateTime", "129484884546300000");
Gelöscht : user_pref("CT2475029.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2475029.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2475029.HasUserGlobalKeys", true);
Gelöscht : user_pref("CT2475029.Initialize", true);
Gelöscht : user_pref("CT2475029.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2475029.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2475029.InstallationId", "MyAshampoo.exe");
Gelöscht : user_pref("CT2475029.InstallationType", "ConduitIntegration");
Gelöscht : user_pref("CT2475029.InstalledDate", "Tue May 10 2011 22:57:47 GMT+0200");
Gelöscht : user_pref("CT2475029.IsGrouping", true);
Gelöscht : user_pref("CT2475029.IsMulticommunity", true);
Gelöscht : user_pref("CT2475029.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2475029.IsOpenUninstallPage", true);
Gelöscht : user_pref("CT2475029.LanguagePackLastCheckTime", "Tue May 10 2011 22:57:48 GMT+0200");
Gelöscht : user_pref("CT2475029.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2475029.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2475029.LastLogin_3.2.5.2", "Tue May 10 2011 22:57:48 GMT+0200");
Gelöscht : user_pref("CT2475029.LastLogin_3.3.3.2", "Tue May 17 2011 21:16:49 GMT+0200");
Gelöscht : user_pref("CT2475029.LatestVersion", "3.3.3.2");
Gelöscht : user_pref("CT2475029.Locale", "en");
Gelöscht : user_pref("CT2475029.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2475029.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2475029.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2475029.RadioIsPodcast", false);
Gelöscht : user_pref("CT2475029.RadioMediaID", "9962");
Gelöscht : user_pref("CT2475029.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2475029.RadioMenuSelectedID", "EBRadioMenu_CT24750299962");
Gelöscht : user_pref("CT2475029.RadioStationName", "California%20Rock");
Gelöscht : user_pref("CT2475029.RadioStationURL", "hxxp://feedlive.net/california.asx");
Gelöscht : user_pref("CT2475029.SavedHomepage", "hxxp://google.de/");
Gelöscht : user_pref("CT2475029.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2475029.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT247[...]
Gelöscht : user_pref("CT2475029.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2475029.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2475029.SearchInNewTabLastCheckTime", "Tue May 10 2011 22:57:47 GMT+0200");
Gelöscht : user_pref("CT2475029.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2475029.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Gelöscht : user_pref("CT2475029.ServiceMapLastCheckTime", "Tue May 17 2011 21:16:47 GMT+0200");
Gelöscht : user_pref("CT2475029.SettingsLastCheckTime", "Tue May 10 2011 22:57:46 GMT+0200");
Gelöscht : user_pref("CT2475029.SettingsLastUpdate", "1304242869");
Gelöscht : user_pref("CT2475029.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2475029.ThirdPartyComponentsLastCheck", "Tue May 10 2011 22:57:46 GMT+0200");
Gelöscht : user_pref("CT2475029.ThirdPartyComponentsLastUpdate", "1246786978");
Gelöscht : user_pref("CT2475029.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2475029");
Gelöscht : user_pref("CT2475029.Uninstall", true);
Gelöscht : user_pref("CT2475029.UserID", "UN25597903909414897");
Gelöscht : user_pref("CT2475029.WeatherNetwork", "");
Gelöscht : user_pref("CT2475029.WeatherPollDate", "Tue May 10 2011 22:57:48 GMT+0200");
Gelöscht : user_pref("CT2475029.WeatherUnit", "C");
Gelöscht : user_pref("CT2475029.backendstorage.ctid", "435432343735303239");
Gelöscht : user_pref("CT2475029.backendstorage.eule_tb_id", "65323830303430393462376230343732663032363034343736[...]
Gelöscht : user_pref("CT2475029.backendstorage.export", "636C6F736564");
Gelöscht : user_pref("CT2475029.backendstorage.firstinstall", "796573");
Gelöscht : user_pref("CT2475029.backendstorage.gsdomain", "");
Gelöscht : user_pref("CT2475029.backendstorage.lastexport", "323031312D30352D3137");
Gelöscht : user_pref("CT2475029.backendstorage.partner_id", "3937346665643236");
Gelöscht : user_pref("CT2475029.backendstorage.runtoolbar", "323031312D30352D3137");
Gelöscht : user_pref("CT2475029.ct2481020.AppTrackingLastCheckTime", "Tue May 17 2011 21:16:58 GMT+0200");
Gelöscht : user_pref("CT2475029.ct2481020.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2475029.ct2481020.FeedLastCount129076858299680990", 649);
Gelöscht : user_pref("CT2475029.ct2481020.GroupingInvalidateCache", false);
Gelöscht : user_pref("CT2475029.ct2481020.GroupingLastCheckTime", "Tue May 17 2011 21:16:47 GMT+0200");
Gelöscht : user_pref("CT2475029.ct2481020.GroupingLastErrorCode", "");
Gelöscht : user_pref("CT2475029.ct2481020.GroupingLastResponse", true);
Gelöscht : user_pref("CT2475029.ct2481020.GroupingLastServerUpdateTime", "129484884546300000");
Gelöscht : user_pref("CT2475029.ct2481020.InvalidateCache", false);
Gelöscht : user_pref("CT2475029.ct2481020.LanguagePackLastCheckTime", "Tue May 17 2011 21:16:48 GMT+0200");
Gelöscht : user_pref("CT2475029.ct2481020.Locale", "de");
Gelöscht : user_pref("CT2475029.ct2481020.RadioLastCheckTime", "Tue May 17 2011 21:16:48 GMT+0200");
Gelöscht : user_pref("CT2475029.ct2481020.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2475029.ct2481020.RadioLastUpdateServer", "3");
Gelöscht : user_pref("CT2475029.ct2481020.SearchInNewTabLastCheckTime", "Tue May 17 2011 21:16:49 GMT+0200");
Gelöscht : user_pref("CT2475029.ct2481020.SettingsLastCheckTime", "Tue May 17 2011 21:16:47 GMT+0200");
Gelöscht : user_pref("CT2475029.ct2481020.SettingsLastUpdate", "1304242869");
Gelöscht : user_pref("CT2475029.ct2481020.ThirdPartyComponentsLastCheck", "Tue May 10 2011 22:57:47 GMT+0200");
Gelöscht : user_pref("CT2475029.ct2481020.ThirdPartyComponentsLastUpdate", "1255344657");
Gelöscht : user_pref("CT2475029.ct2481020.globalFirstTimeInfoLastCheckTime", "Tue May 17 2011 21:16:49 GMT+0200[...]
Gelöscht : user_pref("CT2475029.ct2481020.toolbarAppMetaDataLastCheckTime", "Tue May 17 2011 21:16:48 GMT+0200"[...]
Gelöscht : user_pref("CT2475029.ct2481020.toolbarContextMenuLastCheckTime", "Tue May 17 2011 21:16:48 GMT+0200"[...]
Gelöscht : user_pref("CT2475029.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...]
Gelöscht : user_pref("CT2475029.isAppTrackingManagerOn", true);
Gelöscht : user_pref("CT2475029.myStuffEnabled", true);
Gelöscht : user_pref("CT2475029.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2475029.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2475029.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2475029.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2475029.oldAppsList", "200,129058856464344002,129058856464656507,129469746101488132,129[...]
Gelöscht : user_pref("CT2475029.testingCtid", "");
Gelöscht : user_pref("CT2475029.toolbarAppMetaDataLastCheckTime", "Tue May 10 2011 22:57:46 GMT+0200");
Gelöscht : user_pref("CT2475029.toolbarContextMenuLastCheckTime", "Tue May 10 2011 22:57:48 GMT+0200");
Gelöscht : user_pref("CT2475029.usagesFlag", 1);
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/868510/864310/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"")[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2475029", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2481020", [...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2475029",[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63440294476430[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2475029/CT2475029[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2481020/CT2475029[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"634[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/1344951.xml", "\"7fb807a51e3d23ea09a3[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16887175.xml", "\"d2c7343209b33516a77[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/17151925.xml", "\"dca0b4e62f11b6b940c[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20536157.xml", "\"948b54c06a74dbea00a[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/30261067.xml", "\"9e93e5df49048405369[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/34655603.xml", "\"288bfe46891cda4df27[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/759251.xml", "\"91e6783a0eff7d06c7437[...]
Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/816653.xml", "\"219ac7e4928b09ad4c135[...]
Gelöscht : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "CT2475029");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "myashampoo");
Gelöscht : user_pref("CommunityToolbar.IsEngineShown", false);
Gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2475029");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2475029");
Gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue May 17 2011 21:16:17 GMT+02[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue May 17 2011 16:38:19 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue May 17 2011 21:16:15 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "a3d2e711-7022-4eeb-8c9c-362c67ce0473");
Gelöscht : user_pref("CommunityToolbar.globalUserId", "994b5254-716a-4826-81fe-6ac840802d52");
Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2475029");
Gelöscht : user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Tue May 10 2011 22:57:50 GMT+0200"[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Tue May 10 2011 22:57:50 GMT+0200[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Tue May 10 2011 22:57:50 GMT+0200[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Tue May 10 2011 22:57:50 GMT+0200[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Tue May 10 2011 22:57:50 GMT+0200[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_34655603.LastCheckTime", "Tue May 10 2011 22:57:50 GMT+0200[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_759251.LastCheckTime", "Tue May 10 2011 22:57:50 GMT+0200")[...]
Gelöscht : user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Tue May 10 2011 22:57:50 GMT+0200")[...]
Gelöscht : user_pref("browser.babylon.HPOnNewTab", "1");
Gelöscht : user_pref("extensions.BabylonToolbar.cntry", "DE");
Gelöscht : user_pref("extensions.BabylonToolbar.firstRun", false);
Gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "F66F3D2E1F390DB769FAAF19AC3FD149");
Gelöscht : user_pref("extensions.BabylonToolbar.lastActv", "28");
Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 28);
Gelöscht : user_pref("extensions.facemoods.DNSErrUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=5");
Gelöscht : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Gelöscht : user_pref("extensions.facemoods.dfltSrch", true);
Gelöscht : user_pref("extensions.facemoods.dfltSrchPrvdr", "Facemoods Search");
Gelöscht : user_pref("extensions.facemoods.dnsErr", true);
Gelöscht : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.3");
Gelöscht : user_pref("extensions.facemoods.firstRun", false);
Gelöscht : user_pref("extensions.facemoods.first_time", false);
Gelöscht : user_pref("extensions.facemoods.hmpg", true);
Gelöscht : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=ddrnw");
Gelöscht : user_pref("extensions.facemoods.id", "_#0448c9490000000000007a7905b6aac8");
Gelöscht : user_pref("extensions.facemoods.instlDay", "_#15248");
Gelöscht : user_pref("extensions.facemoods.mntz", "");
Gelöscht : user_pref("extensions.facemoods.newTab", true);
Gelöscht : user_pref("extensions.facemoods.newTabUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=2");
Gelöscht : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
Gelöscht : user_pref("extensions.facemoods.searchProviderAdded", true);
Gelöscht : user_pref("extensions.facemoods.sid", "_#e005119fa9ff4ceb8f9a557ab1db2a0b");
Gelöscht : user_pref("extensions.facemoods.tlbrSrchUrl", "hxxp://start.facemoods.com/?a=ddrnw&f=3");
Gelöscht : user_pref("extensions.facemoods.uninst", true);
Gelöscht : user_pref("extensions.facemoods.update", "_#v1.4.0");
Gelöscht : user_pref("extensions.facemoods.vrsn", "_#1.4.17.11");
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&q=");
-\\ Opera v12.2.1578.0
Datei : C:\Users\Joel\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [28399 octets] - [12/10/2012 21:24:19]
AdwCleaner[S1].txt - [28445 octets] - [12/10/2012 21:43:05]
########## EOF - C:\AdwCleaner[S1].txt - [28506 octets] ##########
|
|
12.10.2012, 21:05
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fund JAVA/Dldr.Lamar.GA ja könnte sein, aber da ist ja auch was von den anderen Scannern gefunden worden! Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.10.2012, 21:14
| #11 |
| | Fund JAVA/Dldr.Lamar.GA zu 1. Ja geht alles ohne erkennbare Probleme. (Yontoo konnte der AdwareCleaner auch entfernen, ist nicht mehr in der Liste bei den installierten Programmen. zu 2. Habe beim Durchschauen nur einen leeren Ordner gefunden, der Metin2 heißt. Ist ein Onlinespiel welches ich auch kurze Zeit mal gespielt hatte, welches mittlerweile aber wieder deinstalliert ist. Würde dies also nicht als gefährlich identifizieren (Auf was genau sollen leere Ordner eigentlich hinweisen?) |
|
13.10.2012, 15:03
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fund JAVA/Dldr.Lamar.GA Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.10.2012, 16:00
| #13 |
| | Fund JAVA/Dldr.Lamar.GA Hier das Logfile. Soll ich dann vielleicht noch einen Vollscan mit MBAM machen? Habe ich nicht mehr gemacht seitdem Avira Funde gemeldet hatte, nur den Quickscan von dem ich das Log hier gepostet hatte und der Komplettdurchlauf am 03.10. Code:
ATTFilter OTL logfile created on: 13.10.2012 16:36:27 - Run 7 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joel\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,03 Gb Available Physical Memory | 75,85% Memory free 8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,27% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 49,34 Gb Free Space | 50,53% Space Free | Partition Type: NTFS Drive E: | 247,15 Gb Total Space | 190,89 Gb Free Space | 77,23% Space Free | Partition Type: NTFS Drive F: | 195,31 Gb Total Space | 83,98 Gb Free Space | 43,00% Space Free | Partition Type: NTFS Drive G: | 195,31 Gb Total Space | 159,70 Gb Free Space | 81,77% Space Free | Partition Type: NTFS Drive H: | 195,31 Gb Total Space | 6,24 Gb Free Space | 3,19% Space Free | Partition Type: NTFS Drive I: | 195,31 Gb Total Space | 178,20 Gb Free Space | 91,24% Space Free | Partition Type: NTFS Drive J: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,93% Space Free | Partition Type: NTFS Drive K: | 123,96 Gb Total Space | 114,93 Gb Free Space | 92,71% Space Free | Partition Type: NTFS Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Joel\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 (Macrovision Europe Ltd.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - E:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs) PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) ========== Modules (No Company Name) ========== MOD - C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0017\~de6248.tmp () MOD - C:\Users\Joel\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0017\~df394b.tmp () MOD - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () MOD - C:\Windows\SysWOW64\APOMngr.DLL () MOD - C:\Windows\SysWOW64\CmdRtr.DLL () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Hamachi2Svc) -- E:\Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (Sound Blaster X-Fi MB Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe (Creative Labs) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe () SRV - (ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe () SRV - (SandraAgentSrv) -- E:\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe (SiSoftware) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) ========== Driver Services (SafeList) ========== DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.) DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (PAC207) -- C:\Windows\SysNative\drivers\PFC027.SYS (PixArt Imaging Inc.) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SANDRA) -- E:\SiSoftware Sandra Lite 2010.SP3\WNt500x64\sandra.sys (SiSoftware) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) DRV - (Secdrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-537142579-2558697306-3944272275-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-537142579-2558697306-3944272275-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-537142579-2558697306-3944272275-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = IE - HKU\S-1-5-21-537142579-2558697306-3944272275-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-537142579-2558697306-3944272275-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CD A4 04 C7 29 31 CD 01 [binary data] IE - HKU\S-1-5-21-537142579-2558697306-3944272275-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-537142579-2558697306-3944272275-1001\..\SearchScopes\{0EE8F119-12A5-4222-8835-FDC5C98606F5}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-537142579-2558697306-3944272275-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-537142579-2558697306-3944272275-1007\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: d2nagent@isaaclw.com:0.4.4 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.8 FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:10.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}:5.0.18 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.17 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.9 FF - prefs.js..extensions.enabledItems: d2nagent@isaaclw.com:0.4.3 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Users\Joel\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 01:55:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.08 01:55:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 01:55:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.08 01:55:09 | 000,000,000 | ---D | M] [2010.10.29 19:25:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Extensions [2012.10.11 16:58:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions [2012.09.16 03:01:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Joel\AppData\Roaming\mozilla\Firefox\Profiles\lauwvq25.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.08.22 10:49:48 | 000,015,611 | ---- | M] () (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\firefox\profiles\lauwvq25.default\extensions\d2nagent@isaaclw.com.xpi [2012.08.30 00:35:57 | 000,199,396 | ---- | M] () (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\firefox\profiles\lauwvq25.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.08.04 17:10:56 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\firefox\profiles\lauwvq25.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.11 16:58:29 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Joel\AppData\Roaming\mozilla\firefox\profiles\lauwvq25.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.10.08 20:45:35 | 000,000,950 | ---- | M] () -- C:\Users\Joel\AppData\Roaming\mozilla\firefox\profiles\lauwvq25.default\searchplugins\icqplugin-1.xml [2012.10.07 23:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.08 01:55:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.09.08 01:55:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.08 01:55:14 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.23 20:15:07 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] E:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-537142579-2558697306-3944272275-1001..\Run: [ASRockIES] File not found O4 - HKU\S-1-5-21-537142579-2558697306-3944272275-1001..\Run: [ASRockOCTuner] File not found O4 - HKU\S-1-5-21-537142579-2558697306-3944272275-1001..\Run: [zASRockInstantBoot] File not found O4 - HKU\S-1-5-21-537142579-2558697306-3944272275-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-537142579-2558697306-3944272275-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EC940EA-F80F-41D9-B652-128D376145C8}: DhcpNameServer = 192.168.1.1 217.237.151.97 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk - C:\PROGRA~2\Secunia\PSI\psi_tray.exe - (Secunia) MsConfig:64bit - StartUpFolder: C:^Users^Joel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - () MsConfig:64bit - StartUpReg: Babylon Client - hkey= - key= - File not found MsConfig:64bit - StartUpReg: BabylonToolbar - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - E:\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) MsConfig:64bit - StartUpReg: VirtualCloneDrive - hkey= - key= - E:\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - E:\Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8E42172B-C49C-98C0-9433-78D8426FD611} - Browser Customizations ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.11 16:56:51 | 000,060,776 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.10.11 16:56:51 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.10.11 16:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.10.07 23:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader [2012.10.07 23:54:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.10.07 23:53:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.10.06 17:21:44 | 000,000,000 | ---D | C] -- C:\Users\Joel\Desktop\Castle_Crashers-FANiSO [2012.10.06 17:21:30 | 000,000,000 | ---D | C] -- C:\Users\Joel\Desktop\Slender v0.9.7 [2012.10.02 16:40:24 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\SIX_Projects [2012.09.25 20:57:14 | 000,000,000 | ---D | C] -- C:\Users\Joel\Documents\Runes of Magic Kalydo [2012.09.25 20:36:44 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Kalydo [2012.09.24 21:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.09.24 21:45:32 | 000,096,768 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.09.24 21:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.09.20 16:07:29 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\six-zsync [2012.09.20 16:07:29 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\six-updater [2012.09.20 16:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Six Projects [2012.09.20 16:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Projects [2012.09.20 16:00:16 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\Downloaded Installations [2012.09.20 15:42:34 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\ArmA 2 OA [2012.09.20 14:55:58 | 000,000,000 | ---D | C] -- C:\Users\Joel\Documents\ArmA 2 Other Profiles [2012.09.20 14:53:42 | 000,000,000 | ---D | C] -- C:\Users\Joel\Documents\ArmA 2 [2012.09.20 14:53:42 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\ArmA 2 [2012.09.20 14:53:36 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2012.09.20 14:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2012.09.15 17:10:08 | 000,000,000 | ---D | C] -- C:\temp [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.13 16:34:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL.exe [2012.10.13 16:15:03 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.13 16:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.13 11:17:28 | 000,022,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.13 11:17:28 | 000,022,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.13 11:10:36 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.13 11:10:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.13 11:10:04 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2012.10.13 11:10:03 | 427,751,653 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.10.12 21:23:44 | 000,538,327 | ---- | M] () -- C:\Users\Joel\Desktop\adwcleaner.exe [2012.10.10 16:31:24 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.10 16:31:24 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.10 16:31:24 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.10 16:31:24 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.10 16:31:24 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.07 23:22:18 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.10.07 22:48:37 | 000,307,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.03 00:21:00 | 000,060,776 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.10.03 00:21:00 | 000,052,584 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.10.03 00:21:00 | 000,016,127 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.09.20 16:02:50 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Updater.lnk [2012.09.20 16:02:50 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Six Launcher.lnk [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.12 21:23:39 | 000,538,327 | ---- | C] () -- C:\Users\Joel\Desktop\adwcleaner.exe [2012.10.11 16:55:51 | 000,016,127 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2012.10.07 23:22:18 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012.10.07 23:22:18 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk [2012.09.20 16:00:58 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Updater.lnk [2012.09.20 16:00:58 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Six Launcher.lnk [2012.05.30 22:05:23 | 000,002,172 | ---- | C] () -- C:\Users\Joel\.recently-used.xbel [2012.01.14 01:34:30 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.22 17:41:38 | 105,854,917 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\.minecraft.rar [2011.09.23 19:41:14 | 000,000,807 | ---- | C] () -- C:\Windows\eReg.dat [2011.08.02 19:12:53 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011.05.22 19:08:16 | 000,007,605 | ---- | C] () -- C:\Users\Joel\AppData\Local\Resmon.ResmonCfg [2010.11.10 14:26:13 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010.11.03 22:26:04 | 013,803,520 | ---- | C] () -- C:\ProgramData\sandra.mda [2010.10.30 17:43:02 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini [2010.10.30 17:43:02 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini [2010.10.30 17:43:02 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini [2010.10.30 17:42:36 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.10.30 17:42:36 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.09 22:19:04 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\.minecraft [2012.07.20 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\.terasology [2011.02.03 00:26:12 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Ashampoo [2010.12.02 16:45:47 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Canneverbe Limited [2011.01.28 16:15:40 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\FOG Downloader [2012.06.13 18:04:18 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Foxit Software [2011.08.02 19:12:54 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\FreeAudioPack [2012.05.12 02:06:18 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\go [2012.05.30 21:58:35 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\gtk-2.0 [2012.10.13 14:51:00 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\ICQ [2012.01.14 01:40:04 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\ICSharpCode [2012.09.25 20:36:44 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Kalydo [2011.12.31 01:54:03 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Leadertech [2010.12.26 22:24:20 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\LolClient [2011.05.17 18:17:23 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Notepad++ [2012.01.14 01:40:40 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\NuGet [2010.11.02 18:11:02 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\OpenOffice.org [2010.10.30 15:28:57 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Opera [2012.10.02 16:40:50 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\six-updater [2012.09.20 16:07:29 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\six-zsync [2011.08.16 00:47:15 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\TeamViewer [2012.02.04 01:03:19 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Teeworlds [2012.08.26 01:52:00 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\TS3Client ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.10.09 22:19:04 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\.minecraft [2012.07.20 23:11:48 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\.terasology [2012.05.13 20:46:54 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Adobe [2011.02.03 00:26:12 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Ashampoo [2011.12.29 21:15:48 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Avira [2010.12.02 16:45:47 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Canneverbe Limited [2012.01.23 21:45:37 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\dvdcss [2011.01.28 16:15:40 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\FOG Downloader [2012.06.13 18:04:18 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Foxit Software [2011.08.02 19:12:54 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\FreeAudioPack [2012.05.12 02:06:18 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\go [2012.05.30 21:58:35 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\gtk-2.0 [2012.10.13 14:51:00 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\ICQ [2012.01.14 01:40:04 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\ICSharpCode [2010.10.30 00:02:17 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Identities [2012.09.25 20:36:44 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Kalydo [2011.12.31 01:54:03 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Leadertech [2011.12.31 01:54:27 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Logitech [2010.12.26 22:24:20 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\LolClient [2010.10.30 15:32:54 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Macromedia [2012.05.11 18:31:16 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Malwarebytes [2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Media Center Programs [2012.05.13 20:46:54 | 000,000,000 | --SD | M] -- C:\Users\Joel\AppData\Roaming\Microsoft [2011.09.18 13:58:06 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\mIRC [2010.10.29 19:25:59 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Mozilla [2011.05.17 18:17:23 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Notepad++ [2012.01.14 01:40:40 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\NuGet [2011.10.15 13:45:49 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\NVIDIA [2010.11.02 18:11:02 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\OpenOffice.org [2010.10.30 15:28:57 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Opera [2010.10.31 12:21:23 | 000,000,000 | RH-D | M] -- C:\Users\Joel\AppData\Roaming\SecuROM [2012.10.02 16:40:50 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\six-updater [2012.09.20 16:07:29 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\six-zsync [2012.10.13 14:32:36 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Skype [2011.05.29 10:17:06 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\skypePM [2012.05.12 12:35:02 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\SUPERAntiSpyware.com [2011.08.16 00:47:15 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\TeamViewer [2012.02.04 01:03:19 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Teeworlds [2012.08.26 01:52:00 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\TS3Client [2012.03.08 18:31:41 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\vlc [2010.11.17 18:35:25 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.05.11 22:16:02 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Joel\AppData\Roaming\.minecraft\Minecraft.exe [2012.08.30 09:23:06 | 000,142,568 | ---- | M] (Eximion B.V.) -- C:\Users\Joel\AppData\Roaming\Kalydo\KalydoPlayer\bin2\appinstall.exe [2012.09.25 20:43:03 | 000,088,042 | ---- | M] (Eximion B.V.) -- C:\Users\Joel\AppData\Roaming\Kalydo\KalydoPlayer\bin2\appuninstall.exe [2012.08.31 11:08:48 | 000,379,328 | ---- | M] (Eximion B.V.) -- C:\Users\Joel\AppData\Roaming\Kalydo\KalydoPlayer\bin2\kalELLaunch.exe [2012.10.09 18:53:04 | 002,209,216 | ---- | M] (Eximion B.V.) -- C:\Users\Joel\AppData\Roaming\Kalydo\KalydoPlayer\bin2\kalydoloader.exe [2012.09.25 20:36:44 | 000,126,112 | ---- | M] (Eximion B.V.) -- C:\Users\Joel\AppData\Roaming\Kalydo\KalydoPlayer\bin2\uninstall.exe < %SYSTEMDRIVE%\*.exe > [2007.11.07 08:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
13.10.2012, 17:53
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fund JAVA/Dldr.Lamar.GA Nein Kontrollscans machen wir eh später noch Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.10.2012, 18:02
| #15 |
| | Fund JAVA/Dldr.Lamar.GA Hab ich gemacht, hier das Log. Ich lasse derzeitig alle Schädlingsbekämpfungsprogramme die von dir gefordert werden als Administrator ausführen, auch wenn es nicht explizit gefordert ist, sollte ich weiter so verfahren oder kann das irgendwelche Nachteile haben? Code:
ATTFilter 18:58:19.0666 0272 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
18:58:19.0791 0272 ============================================================
18:58:19.0791 0272 Current date / time: 2012/10/13 18:58:19.0791
18:58:19.0791 0272 SystemInfo:
18:58:19.0791 0272
18:58:19.0791 0272 OS Version: 6.1.7601 ServicePack: 1.0
18:58:19.0791 0272 Product type: Workstation
18:58:19.0791 0272 ComputerName: JOEL-PC
18:58:19.0806 0272 UserName: Joel
18:58:19.0806 0272 Windows directory: C:\Windows
18:58:19.0806 0272 System windows directory: C:\Windows
18:58:19.0806 0272 Running under WOW64
18:58:19.0806 0272 Processor architecture: Intel x64
18:58:19.0806 0272 Number of processors: 4
18:58:19.0806 0272 Page size: 0x1000
18:58:19.0806 0272 Boot type: Normal boot
18:58:19.0806 0272 ============================================================
18:58:21.0072 0272 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xEC93D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
18:58:21.0087 0272 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:58:21.0134 0272 ============================================================
18:58:21.0134 0272 \Device\Harddisk0\DR0:
18:58:21.0134 0272 MBR partitions:
18:58:21.0134 0272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x42F, BlocksNum 0x1869FEF1
18:58:21.0150 0272 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x186A035F, BlocksNum 0x124F8021
18:58:21.0166 0272 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2AB983BF, BlocksNum 0xF7ED0A1
18:58:21.0166 0272 \Device\Harddisk1\DR1:
18:58:21.0166 0272 MBR partitions:
18:58:21.0166 0272 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x188325
18:58:21.0166 0272 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x188364, BlocksNum 0xC35065D
18:58:21.0166 0272 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0xC4D9000, BlocksNum 0x1EE4C800
18:58:21.0181 0272 \Device\Harddisk1\DR1\Partition4: MBR, Type 0x7, StartLBA 0x2B326800, BlocksNum 0x1869F800
18:58:21.0181 0272 \Device\Harddisk1\DR1\Partition5: MBR, Type 0x7, StartLBA 0x439C7000, BlocksNum 0x1869F800
18:58:21.0197 0272 \Device\Harddisk1\DR1\Partition6: MBR, Type 0x7, StartLBA 0x5C067800, BlocksNum 0x1869E800
18:58:21.0197 0272 ============================================================
18:58:21.0259 0272 C: <-> \Device\Harddisk1\DR1\Partition2
18:58:21.0306 0272 E: <-> \Device\Harddisk1\DR1\Partition3
18:58:21.0400 0272 F: <-> \Device\Harddisk1\DR1\Partition4
18:58:21.0431 0272 G: <-> \Device\Harddisk1\DR1\Partition5
18:58:21.0478 0272 H: <-> \Device\Harddisk1\DR1\Partition6
18:58:21.0525 0272 I: <-> \Device\Harddisk0\DR0\Partition1
18:58:21.0556 0272 J: <-> \Device\Harddisk0\DR0\Partition2
18:58:21.0587 0272 K: <-> \Device\Harddisk0\DR0\Partition3
18:58:21.0603 0272 ============================================================
18:58:21.0603 0272 Initialize success
18:58:21.0603 0272 ============================================================
18:59:18.0346 1088 ============================================================
18:59:18.0346 1088 Scan started
18:59:18.0346 1088 Mode: Manual; SigCheck; TDLFS;
18:59:18.0346 1088 ============================================================
18:59:19.0331 1088 ================ Scan system memory ========================
18:59:19.0331 1088 System memory - ok
18:59:19.0331 1088 ================ Scan services =============================
18:59:19.0409 1088 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
18:59:19.0518 1088 !SASCORE - ok
18:59:19.0643 1088 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:59:19.0768 1088 1394ohci - ok
18:59:19.0784 1088 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:59:19.0815 1088 ACPI - ok
18:59:19.0831 1088 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:59:19.0909 1088 AcpiPmi - ok
18:59:20.0002 1088 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:59:20.0034 1088 AdobeARMservice - ok
18:59:20.0143 1088 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:59:20.0174 1088 AdobeFlashPlayerUpdateSvc - ok
18:59:20.0206 1088 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:59:20.0237 1088 adp94xx - ok
18:59:20.0252 1088 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:59:20.0268 1088 adpahci - ok
18:59:20.0284 1088 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:59:20.0299 1088 adpu320 - ok
18:59:20.0331 1088 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:59:20.0456 1088 AeLookupSvc - ok
18:59:20.0487 1088 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:59:20.0534 1088 AFD - ok
18:59:20.0565 1088 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:59:20.0581 1088 agp440 - ok
18:59:20.0596 1088 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:59:20.0643 1088 ALG - ok
18:59:20.0659 1088 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:59:20.0659 1088 aliide - ok
18:59:20.0690 1088 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:59:20.0690 1088 amdide - ok
18:59:20.0721 1088 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:59:20.0799 1088 AmdK8 - ok
18:59:20.0815 1088 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:59:20.0846 1088 AmdPPM - ok
18:59:20.0893 1088 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:59:20.0909 1088 amdsata - ok
18:59:20.0924 1088 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:59:20.0940 1088 amdsbs - ok
18:59:20.0956 1088 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:59:20.0956 1088 amdxata - ok
18:59:21.0018 1088 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:59:21.0065 1088 AntiVirSchedulerService - ok
18:59:21.0096 1088 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:59:21.0127 1088 AntiVirService - ok
18:59:21.0159 1088 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:59:21.0268 1088 AppID - ok
18:59:21.0284 1088 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:59:21.0331 1088 AppIDSvc - ok
18:59:21.0346 1088 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:59:21.0393 1088 Appinfo - ok
18:59:21.0409 1088 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:59:21.0456 1088 arc - ok
18:59:21.0471 1088 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:59:21.0487 1088 arcsas - ok
18:59:21.0581 1088 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:59:21.0612 1088 aspnet_state - ok
18:59:21.0643 1088 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:59:21.0690 1088 AsyncMac - ok
18:59:21.0721 1088 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:59:21.0721 1088 atapi - ok
18:59:21.0752 1088 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
18:59:21.0893 1088 atksgt - ok
18:59:21.0971 1088 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:59:22.0081 1088 AudioEndpointBuilder - ok
18:59:22.0081 1088 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:59:22.0112 1088 AudioSrv - ok
18:59:22.0159 1088 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:59:22.0174 1088 avgntflt - ok
18:59:22.0206 1088 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:59:22.0237 1088 avipbb - ok
18:59:22.0252 1088 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:59:22.0252 1088 avkmgr - ok
18:59:22.0284 1088 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:59:22.0377 1088 AxInstSV - ok
18:59:22.0409 1088 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:59:22.0440 1088 b06bdrv - ok
18:59:22.0471 1088 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:59:22.0518 1088 b57nd60a - ok
18:59:22.0565 1088 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:59:22.0612 1088 BDESVC - ok
18:59:22.0627 1088 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:59:22.0690 1088 Beep - ok
18:59:22.0721 1088 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:59:22.0752 1088 BFE - ok
18:59:22.0799 1088 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:59:22.0846 1088 BITS - ok
18:59:22.0877 1088 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:59:22.0893 1088 blbdrive - ok
18:59:22.0924 1088 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:59:22.0940 1088 bowser - ok
18:59:22.0971 1088 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:59:23.0049 1088 BrFiltLo - ok
18:59:23.0065 1088 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:59:23.0112 1088 BrFiltUp - ok
18:59:23.0127 1088 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:59:23.0159 1088 Browser - ok
18:59:23.0190 1088 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:59:23.0221 1088 Brserid - ok
18:59:23.0237 1088 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:59:23.0268 1088 BrSerWdm - ok
18:59:23.0284 1088 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:59:23.0331 1088 BrUsbMdm - ok
18:59:23.0346 1088 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:59:23.0362 1088 BrUsbSer - ok
18:59:23.0393 1088 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:59:23.0424 1088 BTHMODEM - ok
18:59:23.0471 1088 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:59:23.0518 1088 bthserv - ok
18:59:23.0534 1088 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:59:23.0565 1088 cdfs - ok
18:59:23.0612 1088 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
18:59:23.0627 1088 cdrom - ok
18:59:23.0659 1088 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:59:23.0737 1088 CertPropSvc - ok
18:59:23.0768 1088 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:59:23.0799 1088 circlass - ok
18:59:23.0815 1088 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:59:23.0831 1088 CLFS - ok
18:59:23.0877 1088 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:59:23.0909 1088 clr_optimization_v2.0.50727_32 - ok
18:59:23.0940 1088 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:59:23.0971 1088 clr_optimization_v2.0.50727_64 - ok
18:59:24.0034 1088 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:59:24.0065 1088 clr_optimization_v4.0.30319_32 - ok
18:59:24.0081 1088 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:59:24.0096 1088 clr_optimization_v4.0.30319_64 - ok
18:59:24.0127 1088 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:59:24.0159 1088 CmBatt - ok
18:59:24.0174 1088 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:59:24.0190 1088 cmdide - ok
18:59:24.0221 1088 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:59:24.0268 1088 CNG - ok
18:59:24.0331 1088 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:59:24.0362 1088 Compbatt - ok
18:59:24.0424 1088 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:59:24.0487 1088 CompositeBus - ok
18:59:24.0487 1088 COMSysApp - ok
18:59:24.0549 1088 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:59:24.0612 1088 crcdisk - ok
18:59:24.0643 1088 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
18:59:24.0659 1088 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:59:24.0659 1088 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:59:24.0690 1088 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
18:59:24.0721 1088 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:59:24.0721 1088 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:59:24.0768 1088 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:59:24.0815 1088 CryptSvc - ok
18:59:24.0846 1088 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
18:59:24.0862 1088 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
18:59:24.0862 1088 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
18:59:24.0893 1088 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:59:24.0940 1088 DcomLaunch - ok
18:59:24.0971 1088 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:59:25.0018 1088 defragsvc - ok
18:59:25.0034 1088 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:59:25.0065 1088 DfsC - ok
18:59:25.0096 1088 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:59:25.0143 1088 Dhcp - ok
18:59:25.0159 1088 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:59:25.0237 1088 discache - ok
18:59:25.0268 1088 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:59:25.0284 1088 Disk - ok
18:59:25.0315 1088 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:59:25.0346 1088 Dnscache - ok
18:59:25.0377 1088 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:59:25.0424 1088 dot3svc - ok
18:59:25.0440 1088 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:59:25.0471 1088 DPS - ok
18:59:25.0502 1088 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:59:25.0534 1088 drmkaud - ok
18:59:25.0596 1088 dump_wmimmc - ok
18:59:25.0643 1088 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:59:25.0674 1088 DXGKrnl - ok
18:59:25.0706 1088 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:59:25.0737 1088 EapHost - ok
18:59:25.0815 1088 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:59:25.0877 1088 ebdrv - ok
18:59:25.0893 1088 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:59:25.0924 1088 EFS - ok
18:59:25.0987 1088 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:59:26.0065 1088 ehRecvr - ok
18:59:26.0081 1088 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:59:26.0112 1088 ehSched - ok
18:59:26.0143 1088 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:59:26.0174 1088 elxstor - ok
18:59:26.0190 1088 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:59:26.0206 1088 ErrDev - ok
18:59:26.0237 1088 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:59:26.0284 1088 EventSystem - ok
18:59:26.0315 1088 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:59:26.0346 1088 exfat - ok
18:59:26.0346 1088 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:59:26.0393 1088 fastfat - ok
18:59:26.0424 1088 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:59:26.0456 1088 Fax - ok
18:59:26.0487 1088 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:59:26.0518 1088 fdc - ok
18:59:26.0549 1088 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:59:26.0596 1088 fdPHost - ok
18:59:26.0596 1088 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:59:26.0643 1088 FDResPub - ok
18:59:26.0659 1088 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:59:26.0674 1088 FileInfo - ok
18:59:26.0690 1088 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:59:26.0706 1088 Filetrace - ok
18:59:26.0721 1088 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:59:26.0737 1088 flpydisk - ok
18:59:26.0768 1088 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:59:26.0784 1088 FltMgr - ok
18:59:26.0815 1088 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:59:26.0862 1088 FontCache - ok
18:59:26.0893 1088 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:59:26.0909 1088 FontCache3.0.0.0 - ok
18:59:27.0002 1088 [ 52B58A46BEEFB238C580B69FD051CB5B ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
18:59:27.0034 1088 ForceWare Intelligent Application Manager (IAM) - ok
18:59:27.0065 1088 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:59:27.0081 1088 FsDepends - ok
18:59:27.0096 1088 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:59:27.0112 1088 Fs_Rec - ok
18:59:27.0143 1088 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:59:27.0159 1088 fvevol - ok
18:59:27.0190 1088 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:59:27.0190 1088 gagp30kx - ok
18:59:27.0237 1088 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:59:27.0284 1088 gpsvc - ok
18:59:27.0346 1088 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:59:27.0377 1088 gupdate - ok
18:59:27.0424 1088 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:59:27.0440 1088 gupdatem - ok
18:59:27.0471 1088 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
18:59:27.0487 1088 hamachi - ok
18:59:27.0502 1088 Hamachi2Svc - ok
18:59:27.0518 1088 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:59:27.0565 1088 hcw85cir - ok
18:59:27.0596 1088 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:59:27.0627 1088 HdAudAddService - ok
18:59:27.0659 1088 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:59:27.0706 1088 HDAudBus - ok
18:59:27.0737 1088 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:59:27.0768 1088 HidBatt - ok
18:59:27.0799 1088 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:59:27.0831 1088 HidBth - ok
18:59:27.0831 1088 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:59:27.0862 1088 HidIr - ok
18:59:27.0877 1088 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:59:27.0940 1088 hidserv - ok
18:59:27.0971 1088 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
18:59:27.0987 1088 HidUsb - ok
18:59:28.0002 1088 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:59:28.0065 1088 hkmsvc - ok
18:59:28.0096 1088 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:59:28.0112 1088 HomeGroupListener - ok
18:59:28.0143 1088 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:59:28.0159 1088 HomeGroupProvider - ok
18:59:28.0174 1088 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:59:28.0190 1088 HpSAMD - ok
18:59:28.0221 1088 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:59:28.0268 1088 HTTP - ok
18:59:28.0284 1088 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:59:28.0299 1088 hwpolicy - ok
18:59:28.0331 1088 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:59:28.0346 1088 i8042prt - ok
18:59:28.0362 1088 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:59:28.0377 1088 iaStorV - ok
18:59:28.0409 1088 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:59:28.0424 1088 idsvc - ok
18:59:28.0471 1088 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:59:28.0471 1088 iirsp - ok
18:59:28.0502 1088 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:59:28.0549 1088 IKEEXT - ok
18:59:28.0581 1088 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:59:28.0581 1088 intelide - ok
18:59:28.0612 1088 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:59:28.0612 1088 intelppm - ok
18:59:28.0643 1088 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:59:28.0706 1088 IPBusEnum - ok
18:59:28.0721 1088 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:59:28.0768 1088 IpFilterDriver - ok
18:59:28.0784 1088 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:59:28.0831 1088 iphlpsvc - ok
18:59:28.0846 1088 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:59:28.0862 1088 IPMIDRV - ok
18:59:28.0893 1088 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:59:28.0924 1088 IPNAT - ok
18:59:28.0940 1088 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:59:28.0971 1088 IRENUM - ok
18:59:28.0987 1088 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:59:28.0987 1088 isapnp - ok
18:59:29.0002 1088 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:59:29.0018 1088 iScsiPrt - ok
18:59:29.0049 1088 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
18:59:29.0049 1088 kbdclass - ok
18:59:29.0081 1088 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:59:29.0127 1088 kbdhid - ok
18:59:29.0143 1088 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:59:29.0159 1088 KeyIso - ok
18:59:29.0190 1088 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:59:29.0221 1088 KSecDD - ok
18:59:29.0237 1088 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:59:29.0252 1088 KSecPkg - ok
18:59:29.0268 1088 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:59:29.0315 1088 ksthunk - ok
18:59:29.0346 1088 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:59:29.0377 1088 KtmRm - ok
18:59:29.0424 1088 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:59:29.0456 1088 LanmanServer - ok
18:59:29.0487 1088 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:59:29.0518 1088 LanmanWorkstation - ok
18:59:29.0612 1088 [ 88E52495B47C67126B510AF53FDB0BC7 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
18:59:29.0627 1088 LBTServ - ok
18:59:29.0706 1088 [ BECBD7CD46776B8739EE18061F45A581 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
18:59:29.0752 1088 LEqdUsb - ok
18:59:29.0799 1088 [ 21D6BD7D62C270059EB8E2B1D4095880 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
18:59:29.0831 1088 LHidEqd - ok
18:59:29.0831 1088 [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:59:29.0846 1088 LHidFilt - ok
18:59:29.0877 1088 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
18:59:29.0893 1088 lirsgt - ok
18:59:29.0924 1088 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:59:29.0956 1088 lltdio - ok
18:59:29.0987 1088 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:59:30.0018 1088 lltdsvc - ok
18:59:30.0034 1088 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:59:30.0049 1088 lmhosts - ok
18:59:30.0081 1088 [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:59:30.0081 1088 LMouFilt - ok
18:59:30.0112 1088 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:59:30.0127 1088 LSI_FC - ok
18:59:30.0143 1088 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:59:30.0159 1088 LSI_SAS - ok
18:59:30.0174 1088 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:59:30.0190 1088 LSI_SAS2 - ok
18:59:30.0206 1088 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:59:30.0221 1088 LSI_SCSI - ok
18:59:30.0237 1088 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:59:30.0284 1088 luafv - ok
18:59:30.0299 1088 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:59:30.0315 1088 Mcx2Svc - ok
18:59:30.0346 1088 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:59:30.0346 1088 megasas - ok
18:59:30.0362 1088 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:59:30.0377 1088 MegaSR - ok
18:59:30.0393 1088 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:59:30.0440 1088 MMCSS - ok
18:59:30.0456 1088 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:59:30.0487 1088 Modem - ok
18:59:30.0518 1088 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:59:30.0534 1088 monitor - ok
18:59:30.0565 1088 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
18:59:30.0581 1088 mouclass - ok
18:59:30.0596 1088 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:59:30.0612 1088 mouhid - ok
18:59:30.0643 1088 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:59:30.0643 1088 mountmgr - ok
18:59:30.0706 1088 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:59:30.0737 1088 MozillaMaintenance - ok
18:59:30.0752 1088 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:59:30.0784 1088 mpio - ok
18:59:30.0799 1088 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:59:30.0831 1088 mpsdrv - ok
18:59:30.0862 1088 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:59:30.0893 1088 MpsSvc - ok
18:59:30.0940 1088 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:59:30.0956 1088 MRxDAV - ok
18:59:30.0987 1088 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:59:31.0018 1088 mrxsmb - ok
18:59:31.0034 1088 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:59:31.0065 1088 mrxsmb10 - ok
18:59:31.0081 1088 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:59:31.0096 1088 mrxsmb20 - ok
18:59:31.0127 1088 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:59:31.0127 1088 msahci - ok
18:59:31.0159 1088 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:59:31.0174 1088 msdsm - ok
18:59:31.0174 1088 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:59:31.0190 1088 MSDTC - ok
18:59:31.0221 1088 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:59:31.0252 1088 Msfs - ok
18:59:31.0268 1088 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:59:31.0299 1088 mshidkmdf - ok
18:59:31.0331 1088 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:59:31.0346 1088 msisadrv - ok
18:59:31.0362 1088 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:59:31.0409 1088 MSiSCSI - ok
18:59:31.0409 1088 msiserver - ok
18:59:31.0424 1088 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:59:31.0471 1088 MSKSSRV - ok
18:59:31.0471 1088 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:59:31.0518 1088 MSPCLOCK - ok
18:59:31.0534 1088 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:59:31.0565 1088 MSPQM - ok
18:59:31.0596 1088 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:59:31.0612 1088 MsRPC - ok
18:59:31.0627 1088 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:59:31.0627 1088 mssmbios - ok
18:59:31.0643 1088 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:59:31.0674 1088 MSTEE - ok
18:59:31.0690 1088 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:59:31.0706 1088 MTConfig - ok
18:59:31.0721 1088 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:59:31.0721 1088 Mup - ok
18:59:31.0752 1088 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:59:31.0831 1088 napagent - ok
18:59:31.0846 1088 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:59:31.0877 1088 NativeWifiP - ok
18:59:31.0909 1088 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:59:31.0940 1088 NDIS - ok
18:59:31.0940 1088 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:59:31.0971 1088 NdisCap - ok
18:59:31.0987 1088 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:59:32.0034 1088 NdisTapi - ok
18:59:32.0049 1088 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:59:32.0081 1088 Ndisuio - ok
18:59:32.0096 1088 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:59:32.0143 1088 NdisWan - ok
18:59:32.0159 1088 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:59:32.0206 1088 NDProxy - ok
18:59:32.0221 1088 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:59:32.0268 1088 NetBIOS - ok
18:59:32.0299 1088 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:59:32.0331 1088 NetBT - ok
18:59:32.0346 1088 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:59:32.0362 1088 Netlogon - ok
18:59:32.0393 1088 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:59:32.0424 1088 Netman - ok
18:59:32.0456 1088 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:32.0471 1088 NetMsmqActivator - ok
18:59:32.0471 1088 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:32.0487 1088 NetPipeActivator - ok
18:59:32.0502 1088 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:59:32.0534 1088 netprofm - ok
18:59:32.0534 1088 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:32.0549 1088 NetTcpActivator - ok
18:59:32.0549 1088 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:59:32.0565 1088 NetTcpPortSharing - ok
18:59:32.0596 1088 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:59:32.0612 1088 nfrd960 - ok
18:59:32.0643 1088 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:59:32.0690 1088 NlaSvc - ok
18:59:32.0721 1088 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:59:32.0752 1088 Npfs - ok
18:59:32.0768 1088 npggsvc - ok
18:59:32.0768 1088 NPPTNT2 - ok
18:59:32.0784 1088 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:59:32.0831 1088 nsi - ok
18:59:32.0846 1088 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:59:32.0877 1088 nsiproxy - ok
18:59:32.0893 1088 [ 20E179A7FE78B37A02D30C4D34C870E7 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
18:59:32.0909 1088 nSvcIp - ok
18:59:32.0971 1088 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:59:33.0018 1088 Ntfs - ok
18:59:33.0034 1088 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:59:33.0065 1088 Null - ok
18:59:33.0096 1088 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
18:59:33.0112 1088 NVENETFD - ok
18:59:33.0159 1088 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
18:59:33.0159 1088 NVHDA - ok
18:59:33.0377 1088 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:59:33.0643 1088 nvlddmkm - ok
18:59:33.0706 1088 [ 0AD267A4674805B61A5D7B911D2A978A ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
18:59:33.0737 1088 NVNET - ok
18:59:33.0768 1088 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:59:33.0784 1088 nvraid - ok
18:59:33.0799 1088 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:59:33.0815 1088 nvstor - ok
18:59:33.0846 1088 [ 1E45F96342429D63DC30E0D9117DA3D8 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
18:59:33.0846 1088 nvstor64 - ok
18:59:33.0893 1088 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
18:59:33.0924 1088 nvsvc - ok
18:59:33.0987 1088 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:59:34.0018 1088 nvUpdatusService - ok
18:59:34.0034 1088 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:59:34.0049 1088 nv_agp - ok
18:59:34.0065 1088 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:59:34.0081 1088 ohci1394 - ok
18:59:34.0112 1088 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:59:34.0143 1088 p2pimsvc - ok
18:59:34.0159 1088 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:59:34.0174 1088 p2psvc - ok
18:59:34.0206 1088 [ 3A6DCEB1848470320E4A3C12D7A35B1C ] PAC207 C:\Windows\system32\DRIVERS\PFC027.SYS
18:59:34.0237 1088 PAC207 - ok
18:59:34.0252 1088 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:59:34.0268 1088 Parport - ok
18:59:34.0299 1088 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:59:34.0299 1088 partmgr - ok
18:59:34.0315 1088 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:59:34.0346 1088 PcaSvc - ok
18:59:34.0362 1088 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:59:34.0377 1088 pci - ok
18:59:34.0393 1088 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:59:34.0393 1088 pciide - ok
18:59:34.0424 1088 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:59:34.0440 1088 pcmcia - ok
18:59:34.0440 1088 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:59:34.0456 1088 pcw - ok
18:59:34.0471 1088 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:59:34.0518 1088 PEAUTH - ok
18:59:34.0581 1088 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:59:34.0627 1088 PerfHost - ok
18:59:34.0706 1088 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:59:34.0784 1088 pla - ok
18:59:34.0862 1088 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:59:34.0893 1088 PlugPlay - ok
18:59:34.0924 1088 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:59:34.0956 1088 PNRPAutoReg - ok
18:59:34.0971 1088 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:59:34.0987 1088 PNRPsvc - ok
18:59:35.0018 1088 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:59:35.0081 1088 PolicyAgent - ok
18:59:35.0096 1088 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:59:35.0143 1088 Power - ok
18:59:35.0159 1088 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:59:35.0190 1088 PptpMiniport - ok
18:59:35.0221 1088 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:59:35.0237 1088 Processor - ok
18:59:35.0252 1088 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:59:35.0268 1088 ProfSvc - ok
18:59:35.0284 1088 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:59:35.0284 1088 ProtectedStorage - ok
18:59:35.0315 1088 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:59:35.0362 1088 Psched - ok
18:59:35.0424 1088 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
18:59:35.0440 1088 PSI - ok
18:59:35.0502 1088 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:59:35.0534 1088 ql2300 - ok
18:59:35.0549 1088 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:59:35.0565 1088 ql40xx - ok
18:59:35.0581 1088 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:59:35.0612 1088 QWAVE - ok
18:59:35.0643 1088 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:59:35.0706 1088 QWAVEdrv - ok
18:59:35.0706 1088 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:59:35.0752 1088 RasAcd - ok
18:59:35.0784 1088 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:59:35.0815 1088 RasAgileVpn - ok
18:59:35.0815 1088 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:59:35.0846 1088 RasAuto - ok
18:59:35.0862 1088 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:59:35.0909 1088 Rasl2tp - ok
18:59:35.0924 1088 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:59:35.0971 1088 RasMan - ok
18:59:35.0987 1088 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:59:36.0034 1088 RasPppoe - ok
18:59:36.0049 1088 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:59:36.0081 1088 RasSstp - ok
18:59:36.0112 1088 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:59:36.0190 1088 rdbss - ok
18:59:36.0206 1088 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:59:36.0206 1088 rdpbus - ok
18:59:36.0221 1088 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:59:36.0252 1088 RDPCDD - ok
18:59:36.0284 1088 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:59:36.0331 1088 RDPENCDD - ok
18:59:36.0346 1088 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:59:36.0362 1088 RDPREFMP - ok
18:59:36.0393 1088 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:59:36.0409 1088 RDPWD - ok
18:59:36.0456 1088 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:59:36.0487 1088 rdyboost - ok
18:59:36.0502 1088 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:59:36.0549 1088 RemoteAccess - ok
18:59:36.0565 1088 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:59:36.0612 1088 RemoteRegistry - ok
18:59:36.0612 1088 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:59:36.0643 1088 RpcEptMapper - ok
18:59:36.0659 1088 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:59:36.0690 1088 RpcLocator - ok
18:59:36.0706 1088 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:59:36.0737 1088 RpcSs - ok
18:59:36.0768 1088 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:59:36.0799 1088 rspndr - ok
18:59:36.0815 1088 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:59:36.0831 1088 SamSs - ok
18:59:36.0862 1088 [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA E:\SiSoftware Sandra Lite 2010.SP3\WNt500x64\Sandra.sys
18:59:36.0877 1088 SANDRA - ok
18:59:36.0893 1088 [ D307353C423C75D4A7EF5B25B43684DA ] SandraAgentSrv E:\SiSoftware Sandra Lite 2010.SP3\RpcAgentSrv.exe
18:59:36.0924 1088 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning
18:59:36.0924 1088 SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)
18:59:36.0987 1088 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
18:59:37.0002 1088 SASDIFSV - ok
18:59:37.0049 1088 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
18:59:37.0065 1088 SASKUTIL - ok
18:59:37.0096 1088 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:59:37.0127 1088 sbp2port - ok
18:59:37.0159 1088 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:59:37.0206 1088 SCardSvr - ok
18:59:37.0221 1088 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:59:37.0268 1088 scfilter - ok
18:59:37.0299 1088 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:59:37.0346 1088 Schedule - ok
18:59:37.0377 1088 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:59:37.0393 1088 SCPolicySvc - ok
18:59:37.0424 1088 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:59:37.0440 1088 SDRSVC - ok
18:59:37.0471 1088 [ 3EA8A16169C26AFBEB544E0E48421186 ] Secdrv C:\Windows\system32\drivers\SECDRV.SYS
18:59:37.0518 1088 Secdrv - ok
18:59:37.0518 1088 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:59:37.0565 1088 seclogon - ok
18:59:37.0627 1088 [ 64D9CAC9C60EE8C2D7AEB33D6503D8BC ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
18:59:37.0674 1088 Secunia PSI Agent - ok
18:59:37.0690 1088 [ 791729C12F58D65489645624BEF6E5F5 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
18:59:37.0721 1088 Secunia Update Agent - ok
18:59:37.0737 1088 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:59:37.0768 1088 SENS - ok
18:59:37.0784 1088 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:59:37.0815 1088 SensrSvc - ok
18:59:37.0831 1088 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:59:37.0846 1088 Serenum - ok
18:59:37.0862 1088 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:59:37.0877 1088 Serial - ok
18:59:37.0893 1088 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:59:37.0909 1088 sermouse - ok
18:59:37.0940 1088 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:59:37.0987 1088 SessionEnv - ok
18:59:38.0002 1088 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:59:38.0018 1088 sffdisk - ok
18:59:38.0034 1088 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:59:38.0049 1088 sffp_mmc - ok
18:59:38.0065 1088 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:59:38.0081 1088 sffp_sd - ok
18:59:38.0096 1088 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:59:38.0112 1088 sfloppy - ok
18:59:38.0143 1088 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:59:38.0190 1088 SharedAccess - ok
18:59:38.0221 1088 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:59:38.0252 1088 ShellHWDetection - ok
18:59:38.0268 1088 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:59:38.0284 1088 SiSRaid2 - ok
18:59:38.0299 1088 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:59:38.0315 1088 SiSRaid4 - ok
18:59:38.0440 1088 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:59:38.0518 1088 Skype C2C Service - ok
18:59:38.0549 1088 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:59:38.0549 1088 SkypeUpdate - ok
18:59:38.0581 1088 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:59:38.0612 1088 Smb - ok
18:59:38.0643 1088 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:59:38.0659 1088 SNMPTRAP - ok
18:59:38.0706 1088 [ FFC5F7ED77AA59AA0A6B70F3D7A22A93 ] Sound Blaster X-Fi MB Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
18:59:38.0721 1088 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:59:38.0721 1088 Sound Blaster X-Fi MB Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:59:38.0737 1088 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:59:38.0752 1088 spldr - ok
18:59:38.0784 1088 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:59:38.0831 1088 Spooler - ok
18:59:38.0924 1088 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:59:39.0018 1088 sppsvc - ok
18:59:39.0034 1088 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:59:39.0065 1088 sppuinotify - ok
18:59:39.0096 1088 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:59:39.0127 1088 srv - ok
18:59:39.0159 1088 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:59:39.0174 1088 srv2 - ok
18:59:39.0190 1088 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:59:39.0221 1088 srvnet - ok
18:59:39.0237 1088 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:59:39.0268 1088 SSDPSRV - ok
18:59:39.0268 1088 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:59:39.0299 1088 SstpSvc - ok
18:59:39.0362 1088 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:59:39.0377 1088 Stereo Service - ok
18:59:39.0409 1088 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:59:39.0424 1088 stexstor - ok
18:59:39.0456 1088 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:59:39.0487 1088 stisvc - ok
18:59:39.0502 1088 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:59:39.0518 1088 swenum - ok
18:59:39.0549 1088 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:59:39.0581 1088 swprv - ok
18:59:39.0643 1088 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:59:39.0674 1088 SysMain - ok
18:59:39.0706 1088 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:59:39.0721 1088 TabletInputService - ok
18:59:39.0737 1088 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:59:39.0799 1088 TapiSrv - ok
18:59:39.0815 1088 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:59:39.0846 1088 TBS - ok
18:59:39.0909 1088 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:59:39.0940 1088 Tcpip - ok
18:59:39.0971 1088 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:59:40.0002 1088 TCPIP6 - ok
18:59:40.0034 1088 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:59:40.0081 1088 tcpipreg - ok
18:59:40.0096 1088 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:59:40.0127 1088 TDPIPE - ok
18:59:40.0143 1088 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:59:40.0174 1088 TDTCP - ok
18:59:40.0206 1088 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:59:40.0237 1088 tdx - ok
18:59:40.0362 1088 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
18:59:40.0487 1088 TeamViewer7 - ok
18:59:40.0518 1088 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:59:40.0534 1088 TermDD - ok
18:59:40.0549 1088 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:59:40.0596 1088 TermService - ok
18:59:40.0627 1088 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:59:40.0643 1088 Themes - ok
18:59:40.0659 1088 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:59:40.0690 1088 THREADORDER - ok
18:59:40.0706 1088 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:59:40.0737 1088 TrkWks - ok
18:59:40.0784 1088 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:59:40.0846 1088 TrustedInstaller - ok
18:59:40.0877 1088 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:59:40.0909 1088 tssecsrv - ok
18:59:40.0940 1088 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:59:40.0987 1088 TsUsbFlt - ok
18:59:41.0018 1088 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:59:41.0096 1088 tunnel - ok
18:59:41.0112 1088 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:59:41.0127 1088 uagp35 - ok
18:59:41.0159 1088 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:59:41.0190 1088 udfs - ok
18:59:41.0237 1088 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:59:41.0252 1088 UI0Detect - ok
18:59:41.0268 1088 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:59:41.0299 1088 uliagpkx - ok
18:59:41.0331 1088 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
18:59:41.0346 1088 umbus - ok
18:59:41.0362 1088 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:59:41.0377 1088 UmPass - ok
18:59:41.0393 1088 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:59:41.0440 1088 upnphost - ok
18:59:41.0471 1088 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:59:41.0487 1088 usbccgp - ok
18:59:41.0518 1088 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:59:41.0534 1088 usbcir - ok
18:59:41.0549 1088 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:59:41.0565 1088 usbehci - ok
18:59:41.0596 1088 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:59:41.0612 1088 usbhub - ok
18:59:41.0627 1088 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:59:41.0643 1088 usbohci - ok
18:59:41.0674 1088 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:59:41.0690 1088 usbprint - ok
18:59:41.0721 1088 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:59:41.0752 1088 usbscan - ok
18:59:41.0768 1088 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:59:41.0799 1088 USBSTOR - ok
18:59:41.0815 1088 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:59:41.0831 1088 usbuhci - ok
18:59:41.0846 1088 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:59:41.0893 1088 UxSms - ok
18:59:41.0924 1088 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:59:41.0940 1088 VaultSvc - ok
18:59:41.0987 1088 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:59:42.0034 1088 vdrvroot - ok
18:59:42.0127 1088 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:59:42.0190 1088 vds - ok
18:59:42.0206 1088 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:59:42.0221 1088 vga - ok
18:59:42.0221 1088 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:59:42.0268 1088 VgaSave - ok
18:59:42.0284 1088 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:59:42.0299 1088 vhdmp - ok
18:59:42.0331 1088 [ 7999B714275315DA05A2EC3C0F80D9D2 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
18:59:42.0377 1088 VIAHdAudAddService - ok
18:59:42.0393 1088 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:59:42.0409 1088 viaide - ok
18:59:42.0409 1088 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:59:42.0424 1088 volmgr - ok
18:59:42.0456 1088 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:59:42.0471 1088 volmgrx - ok
18:59:42.0502 1088 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:59:42.0502 1088 volsnap - ok
18:59:42.0534 1088 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:59:42.0549 1088 vsmraid - ok
18:59:42.0596 1088 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:59:42.0643 1088 VSS - ok
18:59:42.0674 1088 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:59:42.0690 1088 vwifibus - ok
18:59:42.0737 1088 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:59:42.0799 1088 W32Time - ok
18:59:42.0815 1088 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:59:42.0831 1088 WacomPen - ok
18:59:42.0862 1088 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:59:42.0893 1088 WANARP - ok
18:59:42.0909 1088 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:59:42.0924 1088 Wanarpv6 - ok
18:59:43.0002 1088 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:59:43.0049 1088 WatAdminSvc - ok
18:59:43.0096 1088 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:59:43.0159 1088 wbengine - ok
18:59:43.0190 1088 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:59:43.0206 1088 WbioSrvc - ok
18:59:43.0237 1088 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:59:43.0268 1088 wcncsvc - ok
18:59:43.0284 1088 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:59:43.0299 1088 WcsPlugInService - ok
18:59:43.0315 1088 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:59:43.0315 1088 Wd - ok
18:59:43.0346 1088 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:59:43.0362 1088 Wdf01000 - ok
18:59:43.0377 1088 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:59:43.0440 1088 WdiServiceHost - ok
18:59:43.0456 1088 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:59:43.0471 1088 WdiSystemHost - ok
18:59:43.0487 1088 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:59:43.0518 1088 WebClient - ok
18:59:43.0549 1088 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:59:43.0581 1088 Wecsvc - ok
18:59:43.0596 1088 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:59:43.0643 1088 wercplsupport - ok
18:59:43.0659 1088 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:59:43.0690 1088 WerSvc - ok
18:59:43.0706 1088 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:59:43.0737 1088 WfpLwf - ok
18:59:43.0752 1088 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:59:43.0768 1088 WIMMount - ok
18:59:43.0768 1088 WinDefend - ok
18:59:43.0784 1088 WinHttpAutoProxySvc - ok
18:59:43.0815 1088 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:59:43.0846 1088 Winmgmt - ok
18:59:43.0893 1088 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:59:43.0956 1088 WinRM - ok
18:59:43.0987 1088 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:59:44.0002 1088 WinUsb - ok
18:59:44.0034 1088 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:59:44.0081 1088 Wlansvc - ok
18:59:44.0174 1088 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:59:44.0237 1088 wlidsvc - ok
18:59:44.0252 1088 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:59:44.0268 1088 WmiAcpi - ok
18:59:44.0299 1088 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:59:44.0315 1088 wmiApSrv - ok
18:59:44.0331 1088 WMPNetworkSvc - ok
18:59:44.0362 1088 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:59:44.0377 1088 WPCSvc - ok
18:59:44.0393 1088 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:59:44.0424 1088 WPDBusEnum - ok
18:59:44.0440 1088 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:59:44.0471 1088 ws2ifsl - ok
18:59:44.0487 1088 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:59:44.0502 1088 wscsvc - ok
18:59:44.0502 1088 WSearch - ok
18:59:44.0581 1088 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:59:44.0643 1088 wuauserv - ok
18:59:44.0674 1088 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:59:44.0721 1088 WudfPf - ok
18:59:44.0737 1088 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:59:44.0784 1088 WUDFRd - ok
18:59:44.0799 1088 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:59:44.0831 1088 wudfsvc - ok
18:59:44.0862 1088 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:59:44.0877 1088 WwanSvc - ok
18:59:44.0971 1088 X6va003 - ok
18:59:45.0002 1088 X6va005 - ok
18:59:45.0034 1088 ================ Scan global ===============================
18:59:45.0049 1088 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:59:45.0065 1088 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:59:45.0081 1088 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:59:45.0096 1088 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:59:45.0112 1088 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:59:45.0112 1088 [Global] - ok
18:59:45.0112 1088 ================ Scan MBR ==================================
18:59:45.0127 1088 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
18:59:45.0206 1088 \Device\Harddisk0\DR0 - ok
18:59:45.0221 1088 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
18:59:45.0721 1088 \Device\Harddisk1\DR1 - ok
18:59:45.0721 1088 ================ Scan VBR ==================================
18:59:45.0721 1088 [ 6E2C9E6BCD4068CE56486D81AE2C29B1 ] \Device\Harddisk0\DR0\Partition1
18:59:45.0721 1088 \Device\Harddisk0\DR0\Partition1 - ok
18:59:45.0752 1088 [ 691AB1056A67CC1F9669751164718594 ] \Device\Harddisk0\DR0\Partition2
18:59:45.0752 1088 \Device\Harddisk0\DR0\Partition2 - ok
18:59:45.0768 1088 [ EA8880FED5BF4770C605D24163287CE2 ] \Device\Harddisk0\DR0\Partition3
18:59:45.0784 1088 \Device\Harddisk0\DR0\Partition3 - ok
18:59:45.0784 1088 [ 15CD0DC8570D9418348A4394A84F921D ] \Device\Harddisk1\DR1\Partition1
18:59:45.0784 1088 \Device\Harddisk1\DR1\Partition1 - ok
18:59:45.0815 1088 [ 41ED1CC5803E552AC1043286AD3AD47E ] \Device\Harddisk1\DR1\Partition2
18:59:45.0815 1088 \Device\Harddisk1\DR1\Partition2 - ok
18:59:45.0831 1088 [ B8ADB13740F86461425DC032AE2F0F0E ] \Device\Harddisk1\DR1\Partition3
18:59:45.0831 1088 \Device\Harddisk1\DR1\Partition3 - ok
18:59:45.0831 1088 [ EA43A297968AC5B9829FC813F73A98CE ] \Device\Harddisk1\DR1\Partition4
18:59:45.0846 1088 \Device\Harddisk1\DR1\Partition4 - ok
18:59:45.0862 1088 [ 69C22EA7E51FAC26896988B67445C758 ] \Device\Harddisk1\DR1\Partition5
18:59:45.0862 1088 \Device\Harddisk1\DR1\Partition5 - ok
18:59:45.0877 1088 [ B9ED64235E26DB137667A6FA7319A46C ] \Device\Harddisk1\DR1\Partition6
18:59:45.0877 1088 \Device\Harddisk1\DR1\Partition6 - ok
18:59:45.0877 1088 ============================================================
18:59:45.0877 1088 Scan finished
18:59:45.0877 1088 ============================================================
18:59:45.0909 1324 Detected object count: 5
18:59:45.0909 1324 Actual detected object count: 5
19:00:01.0112 1324 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:01.0112 1324 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:00:01.0112 1324 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:01.0112 1324 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:00:01.0112 1324 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:01.0112 1324 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:00:01.0127 1324 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:01.0127 1324 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:00:01.0127 1324 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:00:01.0127 1324 Sound Blaster X-Fi MB Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
