| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: U-Search und Startsear - in der SuchmaschineWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.10.2012, 19:32
| #1 |
 |  U-Search und Startsear - in der Suchmaschine Hallo liebe Community, ich bin neu hier und habe leider nicht so viele Kenntnisse in diesem Bereich. Deshalb wende ich mich an euch. Beim Download des Programms Groovedown habe ich unfreiwillig mehrere Suchmaschinen/Toolbars erhalten. Darunter ist u-search, sweetim und startsear.ch. Im Internet bin ich dann auf einige Seiten gestoßen, die sagten, man solle in den jeweiligen Browsern die Suchmaschine löschen, Startseite ändern und Addons entfernen. Außerdem die Software löschen und Registry. Habe ich alles getan, allerdings habe ich bei Chrome, das ich nicht nutze, immernoch die Startseite Startsear.ch. Deshalb bitte ich um eure Hilfe. Vielen Dank! So, mal schauen, ob ich alles richtig mache. Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.18.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 maurice :: MAURICE-PC [Administrator] 18.10.2012 19:54:50 mbam-log-2012-10-18 (19-57-47).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 198924 Laufzeit: 2 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (Trojan.StartPage) -> Daten: hxxp://u-search.net/?a=1&e=1 -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (Trojan.StartPage) -> Daten: hxxp://u-search.net/?a=1&e=1 -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://u-search.net/?a=1&e=1) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Logfile OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.10.2012 20:08:57 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\maurice\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 50,34% Memory free 6,98 Gb Paging File | 4,99 Gb Available in Paging File | 71,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 890,41 Gb Total Space | 806,14 Gb Free Space | 90,54% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 19,40 Gb Free Space | 48,49% Space Free | Partition Type: NTFS Computer Name: MAURICE-PC | User Name: maurice | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\maurice\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft) PRC - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe (Anvisoft) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\PROGRA~2\MICROS~3\Office14\1033\GrooveIntlResource.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (asdsrv) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe (Anvisoft) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (asdrs) -- C:\Windows\SysNative\drivers\asdrs.sys (Anvisoft) DRV:64bit: - (asdrm) -- C:\Windows\SysNative\drivers\asdrm.sys (Anvisoft) DRV:64bit: - (asdws) -- C:\Windows\SysNative\drivers\asdws.sys () DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.) DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{6F11EBFA-AC42-4990-A05E-AC3416ABCE53}: "URL" = hxxp://startsear.ch/?aff=3&q={searchTerms} IE - HKLM\..\SearchScopes\{A98F9DA1-095C-4F9E-8414-13E789676B79}: "URL" = hxxp://u-search.net/?a=1&e=1&q={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3382567481-3059933938-823961423-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-3382567481-3059933938-823961423-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3382567481-3059933938-823961423-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3382567481-3059933938-823961423-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3382567481-3059933938-823961423-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393 IE - HKU\S-1-5-21-3382567481-3059933938-823961423-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker@overlord1337:1.2 FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.8 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 10:02:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 10:02:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.29 10:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maurice\AppData\Roaming\mozilla\Extensions [2012.10.18 17:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maurice\AppData\Roaming\mozilla\Firefox\Profiles\nohedadz.default\extensions [2012.10.08 11:25:59 | 000,000,000 | ---D | M] (WOT) -- C:\Users\maurice\AppData\Roaming\mozilla\Firefox\Profiles\nohedadz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.09.16 14:04:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\maurice\AppData\Roaming\mozilla\Firefox\Profiles\nohedadz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.05.05 12:52:14 | 000,363,041 | ---- | M] () (No name found) -- C:\Users\maurice\AppData\Roaming\mozilla\firefox\profiles\nohedadz.default\extensions\client@anonymox.net.xpi [2012.07.06 08:55:53 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\maurice\AppData\Roaming\mozilla\firefox\profiles\nohedadz.default\extensions\elemhidehelper@adblockplus.org.xpi [2012.08.23 08:41:43 | 000,029,003 | ---- | M] () (No name found) -- C:\Users\maurice\AppData\Roaming\mozilla\firefox\profiles\nohedadz.default\extensions\groovesharkUnlocker@overlord1337.xpi [2012.10.18 15:59:14 | 000,529,693 | ---- | M] () (No name found) -- C:\Users\maurice\AppData\Roaming\mozilla\firefox\profiles\nohedadz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.07.25 12:05:46 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\maurice\AppData\Roaming\mozilla\firefox\profiles\nohedadz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.01.22 10:34:37 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\maurice\AppData\Roaming\mozilla\firefox\profiles\nohedadz.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.09.07 10:02:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.07 10:02:09 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.17 22:04:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 13:44:57 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.17 22:04:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.17 22:04:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.17 22:04:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.17 22:04:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Live? Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKU\S-1-5-21-3382567481-3059933938-823961423-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\maurice\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\maurice\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.209.32.12 88.209.32.38 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E402F878-83D6-4346-B616-4923CEF8C0AC}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E94F8658-7079-4071-AA59-FB256BF9D92F}: DhcpNameServer = 88.209.32.12 88.209.32.38 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.18 19:58:02 | 000,000,000 | ---D | C] -- C:\Users\maurice\log [2012.10.18 19:51:52 | 000,000,000 | ---D | C] -- C:\Users\maurice\AppData\Roaming\Malwarebytes [2012.10.18 19:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.18 19:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.18 19:50:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.18 19:50:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.18 18:00:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.10.18 16:02:40 | 000,000,000 | ---D | C] -- C:\Users\maurice\AppData\Roaming\Anvisoft [2012.10.18 16:02:32 | 000,023,376 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrs.sys [2012.10.18 16:02:32 | 000,018,768 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrm.sys [2012.10.18 16:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft [2012.10.18 16:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft [2012.10.18 16:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft [2012.10.17 13:33:03 | 000,000,000 | ---D | C] -- C:\Users\maurice\AppData\Roaming\Avira [2012.10.17 13:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.17 13:27:37 | 000,129,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.10.17 13:27:37 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.10.17 13:27:37 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.10.17 13:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.17 13:27:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.10.17 12:37:02 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2012.10.17 12:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator [2012.10.13 00:29:35 | 000,000,000 | ---D | C] -- C:\Users\maurice\AppData\Roaming\Rovio [2012.10.13 00:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio [2012.10.13 00:29:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rovio [2012.10.11 21:49:03 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.10.11 21:49:03 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.10.11 21:49:03 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.10.11 21:48:44 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.10.11 21:48:41 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.10.11 21:48:39 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.10.11 21:48:39 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.10.11 21:48:25 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.10.11 21:48:23 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.10.11 21:48:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.10.11 21:48:23 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.10.11 21:48:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.10.11 21:48:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.10.11 21:48:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.10.11 21:48:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.11 21:48:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.11 21:48:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.11 21:48:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.10.11 21:48:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.10.11 21:48:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.10.11 21:48:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.10.11 21:48:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.10.11 21:48:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.10.11 21:48:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.10.11 21:48:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.11 21:48:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.11 21:48:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.11 21:48:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.10.11 21:48:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.10.11 21:48:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.10.11 21:48:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.11 21:48:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.11 21:48:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.10.11 21:48:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.10.11 21:48:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.10.11 21:48:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.10.11 21:48:18 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012.10.11 21:48:08 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.10.11 21:48:07 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.10.08 23:40:50 | 000,000,000 | ---D | C] -- C:\Users\maurice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.10.08 23:40:39 | 000,000,000 | ---D | C] -- C:\Games [2012.09.26 08:53:23 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe [2012.09.22 18:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2012.09.22 18:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2012.09.22 17:44:53 | 000,000,000 | ---D | C] -- C:\Users\maurice\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.22 17:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.09.22 17:44:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2012.09.22 17:44:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.09.22 17:43:54 | 000,000,000 | ---D | C] -- C:\Users\maurice\AppData\Roaming\DVDVideoSoft [2012.09.22 08:44:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.09.22 08:44:24 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.09.22 08:44:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.09.22 08:44:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.09.22 08:44:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.09.22 08:44:23 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.09.22 08:44:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.09.22 08:44:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.09.22 08:44:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.09.22 08:44:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.09.22 08:44:20 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.09.22 08:44:20 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.09.22 08:44:18 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.09.22 08:44:18 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.09.22 08:44:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.18 20:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.18 19:54:05 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.18 19:19:14 | 000,000,000 | ---- | M] () -- C:\Users\maurice\defogger_reenable [2012.10.18 19:15:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.18 17:40:51 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.18 17:40:51 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.18 17:33:32 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.18 17:33:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.18 17:33:22 | 2812,383,232 | -HS- | M] () -- C:\hiberfil.sys [2012.10.18 17:29:44 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.10.18 16:02:32 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk [2012.10.17 13:27:46 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.17 12:37:02 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2012.10.16 10:52:17 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.16 10:52:17 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.16 10:52:17 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.16 10:52:17 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.16 10:52:17 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.13 00:29:25 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds.lnk [2012.10.12 11:17:12 | 000,002,712 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.10.08 22:00:11 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.10.08 22:00:11 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.10.01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.18 19:50:47 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.18 19:19:14 | 000,000,000 | ---- | C] () -- C:\Users\maurice\defogger_reenable [2012.10.18 16:02:32 | 000,017,232 | ---- | C] () -- C:\Windows\SysNative\drivers\asdws.sys [2012.10.18 16:02:32 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk [2012.10.17 13:27:46 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.13 00:29:25 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds.lnk [2012.09.22 18:11:37 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.12.18 00:31:00 | 000,000,653 | ---- | C] () -- C:\Users\maurice\AppData\Roaming\gd.db [2011.12.18 00:31:00 | 000,000,270 | ---- | C] () -- C:\Users\maurice\AppData\Roaming\groovedown.settings [2011.12.05 00:51:49 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2011.10.09 16:46:35 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.10.09 16:46:35 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT [2011.10.09 13:07:09 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.07.08 08:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.06.28 20:26:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.06.27 23:01:38 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > ExtraOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.10.2012 20:08:57 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\maurice\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,49 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 50,34% Memory free
6,98 Gb Paging File | 4,99 Gb Available in Paging File | 71,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 890,41 Gb Total Space | 806,14 Gb Free Space | 90,54% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 19,40 Gb Free Space | 48,49% Space Free | Partition Type: NTFS
Computer Name: MAURICE-PC | User Name: maurice | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3382567481-3059933938-823961423-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F76F6C2-D8AA-40E0-9D1F-839BECB3B1FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{102D139A-9EE9-4C9D-A441-C512FE953944}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{219EF556-E942-4B8C-903F-4BC1D87A29C8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{21F425AB-583A-454B-9A07-E1DB24ED5160}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{409F37AC-339B-4F9A-A34B-6FD01C2746C2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{468B5847-E350-4313-A95F-3ABD856DEFA2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{48E5A1FE-5DD2-403D-8D64-5F8D1A9BA6F8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4BD78800-4B4C-4934-8465-2D53F47726E2}" = rport=138 | protocol=17 | dir=out | app=system |
"{65D39B0D-EA71-4E1F-8E56-67B05B8DCC90}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{71331471-A5BF-44B0-AA21-54071A839546}" = lport=139 | protocol=6 | dir=in | app=system |
"{72AE458C-146E-4601-97DF-A2FAA4F262DB}" = lport=137 | protocol=17 | dir=in | app=system |
"{7B492D07-1269-4AD6-92A6-FAD5F4DD0F29}" = lport=445 | protocol=6 | dir=in | app=system |
"{83A7B532-4A8C-4918-B91B-56FFB8586E94}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8D4CC644-1F55-4486-B7F7-014A39E080F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{93D21C40-1D7A-44BD-A9EC-479A9812D02F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{95B443CF-B5E3-42B8-9B77-A18662BDFBB6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B4FBA95D-FD4E-4E2C-BB93-7C7C8FD5578C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9F3473E-66B5-4C14-B1AF-84E4F888E2EF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C7C7D8F5-010A-4AFD-9B50-D6E7B988A434}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DC53CEB8-34EC-4BAD-80A4-2DCC5FDE71B0}" = rport=137 | protocol=17 | dir=out | app=system |
"{E397D1AB-FA6C-4813-A066-4B0A63A4BBF4}" = rport=445 | protocol=6 | dir=out | app=system |
"{E7CEE7D4-0C15-4E59-B0E5-4E6B9044B003}" = rport=139 | protocol=6 | dir=out | app=system |
"{E8BA07E6-2DCC-44C9-8B17-978F9156632C}" = lport=138 | protocol=17 | dir=in | app=system |
"{EBE3363D-BE55-47AD-801B-EFEDE6D762D0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EE6C384F-A120-464E-A216-0290B69DF9D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F8B33207-E2D3-48E8-8D6F-B47A069944E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BD2415-747C-4371-9FEE-AACEB51AF826}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0B5E8991-82C4-4026-9DE2-2C6BB9BE5B7C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0BCA327B-2CF4-4514-B405-BA0DD04EC720}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0F0341BF-ECCF-4FA3-A5B1-D98D8631ED5C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{16207F27-E370-4AFD-A963-EEA943D13737}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{19825E72-9B8D-41CD-81FB-31C9F9CE0688}" = protocol=6 | dir=out | app=system |
"{1982FBA0-F4E0-448C-BE0F-32B5C519AA73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1FB70C2B-DF8A-4661-A5E0-A0900F98C413}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2187D781-BD75-4CED-88DE-C20D40CFBE7A}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{22EC5CDF-C35F-486F-BCE7-5D5F53CEC100}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{32FAF918-7AE6-4013-A6A5-858C3000AA61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{403F28E2-BFFF-4541-B588-6538FAEE4CBE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{414F7001-AAF2-4D14-953D-B2BBC7ECB9C8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4334BD52-24A2-4BC8-B62E-AEB09FC313E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{585954A1-1AE8-49CB-8985-337FA70B238D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{7012EA25-68DA-48CA-BADD-2D226E306A2B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{82CD8FB5-C9A4-4649-B81E-D1F2B56AF12C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{887DBA83-4B89-475E-A2CA-FE40706DBDCA}" = protocol=58 | dir=in | app=system |
"{8A7163ED-17A2-4045-B2A9-5A72FF11D855}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8D180E38-7102-43AA-8C6B-E80CBFC21EAF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{91A69346-617D-428A-9E32-5A3762A86BBC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A5D02DFB-D2D3-476D-B3BF-42996628F632}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A671F003-46E0-492B-863A-5C6632F88232}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{AB54476A-3705-4E1F-A60D-4918642AA3F7}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{C4065FA8-B6B0-4DD0-B089-CC0261D862C9}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{C9892CF7-376B-482F-835F-48D4A725030E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CA217305-D9BD-4A58-BEA6-D8D1563ED6DF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CF82593B-8D27-43ED-9B0C-20DB601491B4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E2CB7BC2-4129-4245-B2A2-5EE06BF8DB82}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8BA434F-3751-4264-BB64-81A691281D5C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{F938FEA7-0A31-4EA1-8E01-B80529E42BFF}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{F99906FE-70B4-4A3A-8975-38984A497FDF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{514655A9-07F5-4701-BE54-7D7412EE133E}C:\games\paintball2\paintball2.exe" = protocol=6 | dir=in | app=c:\games\paintball2\paintball2.exe |
"TCP Query User{EA5BE255-9955-4BE7-9423-4C075E64425D}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{0B527BCD-5A1D-45F7-B2DD-D9FBA742E730}C:\program files (x86)\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{BA0ED1E8-C71E-454F-8D0A-7EF93EE6A49A}C:\games\paintball2\paintball2.exe" = protocol=17 | dir=in | app=c:\games\paintball2\paintball2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{3BFAF653-4B91-2C87-82FE-DAF4C0F7BF18}" = AMD Drag and Drop Transcoding
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8836C1BC-29E8-6A94-9D8F-F2D5FDC6F865}" = ATI AVIVO64 Codecs
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9184BC0D-EC76-3910-E813-BFC3ED0DBCB1}" = ccc-utility64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B72CAB06-4420-F4D1-AFBB-AF9093D3D237}" = ATI Catalyst Install Manager
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E0DF4F3F-629F-B9E2-C80C-CBA0A0305537}" = AMD Media Foundation Decoders
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-Bit)
"{EE483CF3-AE65-E262-268A-493B8A91D920}" = AMD Fuel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0565E7DD-8930-8F67-9D25-5D1DCC033DF0}" = CCC Help Swedish
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0CE0711D-A5E3-4E98-B3C0-0227A5E000CA}" = Angry Birds
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{109D0519-2F01-0D66-C43A-55BFEDEDF2DD}" = CCC Help Danish
"{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1" = Kalenderchen 5
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{1571CDD5-B5BC-94E9-A745-D3E3A215316C}" = CCC Help Spanish
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{298BE2A8-908F-C904-20E7-C13CD1CBB44A}" = CCC Help English
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69143066-1887-30B9-CBC4-BF91626AB643}" = CCC Help Japanese
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.0.0
"{81FC1973-09F4-8ADE-0CC5-9FBEF8B7E064}" = CCC Help German
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E5E0BB7-2604-72C4-EB4F-FDE56037CA73}" = CCC Help Dutch
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{98ACB7E6-3FEA-A8DD-832B-D1F540811E1D}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A68B8A41-A5D1-DC7E-B496-F90F4DA45D0C}" = CCC Help French
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC726FD7-1766-F446-EF0A-7C988A5F7755}" = CCC Help Italian
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B525C699-B111-377C-857A-4419F5A5094F}" = CCC Help Finnish
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D7AAEF77-5094-AEDA-C940-110C00FB6823}" = AMD VISION Engine Control Center
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0781699-4AA9-1ADA-3E2E-315A139C78F4}" = Catalyst Control Center Localization All
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F77F8226-DA60-1CC1-02FA-76E8F4B07FF5}" = CCC Help Norwegian
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Anvi Smart Defender" = Anvi Smart Defender 1.6
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"Avira AntiVir Desktop" = Avira Free Antivirus
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.3.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.1.11
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3382567481-3059933938-823961423-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.08.2012 02:30:57 | Computer Name = maurice-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 03.08.2012 02:40:23 | Computer Name = maurice-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 03.08.2012 13:53:10 | Computer Name = maurice-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 14.0.1.4577 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1014 Startzeit:
01cd71a0a626ae6c Endzeit: 29 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
125e261a-dd94-11e1-ae79-8c89a5551564
Error - 06.08.2012 10:54:26 | Computer Name = maurice-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 09.08.2012 02:20:14 | Computer Name = maurice-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 10.08.2012 15:55:16 | Computer Name = maurice-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 12.08.2012 02:32:50 | Computer Name = maurice-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 13.08.2012 13:17:32 | Computer Name = maurice-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 14.08.2012 14:09:24 | Computer Name = maurice-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 15.08.2012 10:47:44 | Computer Name = maurice-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 17.10.2012 07:19:14 | Computer Name = maurice-PC | Source = DCOM | ID = 10010
Description =
Error - 17.10.2012 07:25:15 | Computer Name = maurice-PC | Source = DCOM | ID = 10010
Description =
Error - 17.10.2012 07:34:54 | Computer Name = maurice-PC | Source = DCOM | ID = 10010
Description =
Error - 17.10.2012 08:53:13 | Computer Name = maurice-PC | Source = DCOM | ID = 10010
Description =
Error - 17.10.2012 08:54:59 | Computer Name = maurice-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 17.10.2012 08:55:06 | Computer Name = maurice-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 17.10.2012 09:37:02 | Computer Name = maurice-PC | Source = DCOM | ID = 10010
Description =
Error - 17.10.2012 18:18:11 | Computer Name = maurice-PC | Source = DCOM | ID = 10010
Description =
Error - 18.10.2012 01:55:49 | Computer Name = maurice-PC | Source = DCOM | ID = 10010
Description =
Error - 18.10.2012 11:32:31 | Computer Name = maurice-PC | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
19.10.2012, 13:07
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | U-Search und Startsear - in der Suchmaschine Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
20.10.2012, 13:55
| #3 |
| | U-Search und Startsear - in der Suchmaschine Vielen Dank erst einmal für die Hilfe!
__________________So, hier die Log-Inhalte. Die Funde vom ersten Quick-Scan sind noch in Quarantäne. Früherer Malwarebytes-Quick-Scan Code:
ATTFilter cMalwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.10.18.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 maurice :: MAURICE-PC [Administrator] 18.10.2012 19:54:50 mbam-log-2012-10-18 (19-54-50).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 198924 Laufzeit: 2 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (Trojan.StartPage) -> Daten: Google -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs|Tabs (Trojan.StartPage) -> Daten: Google -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (Google) Gut: (Google) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 Malwarebytes : Free Anti-Malware download Datenbank Version: v2012.10.19.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 maurice :: MAURICE-PC [Administrator] 19.10.2012 17:41:37 mbam-log-2012-10-19 (17-41-37).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 332213 Laufzeit: 55 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6852e495dda5b24a8559420d58bc6171
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-20 11:22:42
# local_time=2012-10-20 01:22:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 257606 257606 0 0
# compatibility_mode=5893 16776574 100 94 33257893 102360708 0 0
# compatibility_mode=7937 16777214 0 25 161823 161823 0 0
# compatibility_mode=8192 67108863 100 0 155 155 0 0
# scanned=35505
# found=1
# cleaned=0
# scan_time=1304
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6852e495dda5b24a8559420d58bc6171
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-20 12:42:39
# local_time=2012-10-20 02:42:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 259004 259004 0 0
# compatibility_mode=5893 16776574 100 94 33259291 102362106 0 0
# compatibility_mode=7937 16777214 0 25 163221 163221 0 0
# compatibility_mode=8192 67108863 100 0 1553 1553 0 0
# scanned=144045
# found=4
# cleaned=0
# scan_time=4703
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Users\maurice\AppData\Local\Temp\BetterInstaller.exe a variant of Win32/Somoto.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\maurice\Downloads\PDFCreator-1_2_3_setup(1).exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Users\maurice\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
|
|
21.10.2012, 12:28
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | U-Search und Startsear - in der Suchmaschine adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.10.2012, 14:52
| #5 |
| | U-Search und Startsear - in der Suchmaschine ok, hier die Logdatei Code:
ATTFilter
# AdwCleaner v2.005 - Datei am 21/10/2012 um 15:41:28 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : maurice - MAURICE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\maurice\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\nohedadz.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [19031 octets] - [17/10/2012 13:15:55]
AdwCleaner[S1].txt - [19195 octets] - [17/10/2012 13:18:39]
AdwCleaner[R2].txt - [9305 octets] - [17/10/2012 13:33:29]
AdwCleaner[S2].txt - [9367 octets] - [17/10/2012 13:34:27]
AdwCleaner[R3].txt - [1279 octets] - [21/10/2012 15:41:28]
########## EOF - C:\AdwCleaner[R3].txt - [1339 octets] ##########
Daher poste ich jetzt den ersten Suchlauf: Code:
ATTFilter # AdwCleaner v2.005 - Datei am 17/10/2012 um 13:15:55 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : maurice - MAURICE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\maurice\Downloads\adwcleaner2.005.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\nohedadz.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\nohedadz.default\searchplugins\Startsear.xml
Ordner Gefunden : C:\Program Files (x86)\Ask.com
Ordner Gefunden : C:\Program Files (x86)\StartSearch plugin
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\maurice\AppData\Local\APN
Ordner Gefunden : C:\Users\maurice\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\maurice\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\maurice\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\APN
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gefunden : HKCU\Software\StartSearch
Schlüssel Gefunden : HKLM\Software\APN
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\startsearch Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\nohedadz.default\prefs.js
Gefunden : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gefunden : user_pref("extensions.asktb.apn_dbr", "ff_14.0.1");
Gefunden : user_pref("extensions.asktb.cbid", "^ABT");
Gefunden : user_pref("extensions.asktb.config-updated", false);
Gefunden : user_pref("extensions.asktb.cr-o", "APN10395");
Gefunden : user_pref("extensions.asktb.crumb", "2012.08.08+23.45.30-toolbar001iad-DE-QmF5cmV1dGgsR2VybWFueQ%3D%[...]
Gefunden : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc=[...]
Gefunden : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Gefunden : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Gefunden : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
Gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-[...]
Gefunden : user_pref("extensions.asktb.first-restart-after-config-update", true);
Gefunden : user_pref("extensions.asktb.fresh-install", false);
Gefunden : user_pref("extensions.asktb.guid", "1e32d5ec-4811-4c96-ad73-46862878e3f2");
Gefunden : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gefunden : user_pref("extensions.asktb.if", "first");
Gefunden : user_pref("extensions.asktb.l", "dis");
Gefunden : user_pref("extensions.asktb.last-config-req", "1344975388672");
Gefunden : user_pref("extensions.asktb.locale", "de_DE");
Gefunden : user_pref("extensions.asktb.localePref", true);
Gefunden : user_pref("extensions.asktb.location", "Bayreuth,Germany");
Gefunden : user_pref("extensions.asktb.notification-shown", true);
Gefunden : user_pref("extensions.asktb.o", "APN10395");
Gefunden : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gefunden : user_pref("extensions.asktb.qsrc", "2871");
Gefunden : user_pref("extensions.asktb.r", "2");
Gefunden : user_pref("extensions.asktb.sa", "YES");
Gefunden : user_pref("extensions.asktb.saguid", "B16A0AD6-6EBF-45B3-9044-5A6615217594");
Gefunden : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gefunden : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Gefunden : user_pref("extensions.asktb.socialmini-native-on", true);
Gefunden : user_pref("extensions.asktb.themeid", "");
Gefunden : user_pref("extensions.asktb.timeinstalled", "09.08.2012 08:46:03");
Gefunden : user_pref("extensions.asktb.to", "");
Gefunden : user_pref("extensions.asktb.v", "3.15.4.100013");
Gefunden : user_pref("extensions.asktb.version", "5.15.4.23930");
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gefunden [l.1] : icon_url ={"backup":{"_signature":"XxJVFKggD0j+vIoMvXWsg4hYTR3vclEbot8tiVOxaZU=","_version":4,"extensions":{"ids":["ahfgeienlihckogmohjhadlkjgocpleb"]},"homepage":"hxxp:\/\/u-search.net\/?a=1&e=1","homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxp:\/\/startsear.ch\/?aff=3&cf=c9163289-28fe-11e1-a761-8c89a5551564"]}},"browser":{"last_known_google_url":"hxxp:\/\/www.google.de\/","last_prompted_google_url":"hxxp:\/\/www.google.de\/","window_placement":{"bottom":974,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":17477,"default_apps_install_state":2,"default_search_provider":{"enabled":true,"encodings":"UTF-8","","id":"7","instant_url":"","keyword":"u-search.net","name":"Web Search","prepopulate_id":"0","search_url":"hxxp:\/\/u-search.net\/?a=1&e=2&q={searchTerms}","suggest_url":""},"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_history":false,"import_search_engine":false,"make_chrome_default":true,"require_eula":true,"show_welcome_page":false,"skip_first_run_ui":true,"system_level":true,"verbose_logging":false},"dns_prefetching":{"host_referral_list":[2,["hxxp:\/\/facebook.com\/",["hxxp:\/\/www.facebook.com\/",2.18161534513063]],["hxxp:\/\/google.de\/",["hxxp:\/\/www.google.de\/",2.529573049612]],["hxxp:\/\/hotmail.com\/",["hxxps:\/\/login.live.com\/",2.529573049612]],["hxxp:\/\/maps.google.de\/",["hxxp:\/\/gg.google.com\/",3.49232100133,"hxxp:\/\/id.google.de\/",2.208657065706,"hxxp:\/\/khm0.google.de\/",2.850489033518,"hxxp:\/\/khm1.google.de\/",3.49232100133,"hxxp:\/\/maps.google.de\/",8.947892727732,"hxxp:\/\/maps.gstatic.com\/",14.082548470228,"hxxp:\/\/mt0.google.com\/",19.217204212724,"hxxp:\/\/mt1.google.com\/",20.179952164442,"hxxp:\/\/www.google.com\/",2.529573049612]],["hxxp:\/\/reiseauskunft.bahn.de\/",["hxxp:\/\/survey.122.2o7.net\/",2.46669258295135,"hxxp:\/\/t.bahn.de\/",2.77847208879555,"hxxp:\/\/www.img-bahn.de\/",24.6110347242082]],["hxxp:\/\/search.searchcompletion.com\/",["hxxp:\/\/cdn1.predictad.com\/",1.88069528281846,"hxxp:\/\/cdn1.searchcompletion.com\/",0.852290865956379,"hxxp:\/\/geo.widdit.com\/",0.395563729304647,"hxxp:\/\/search.searchcompletion.com\/",2.3948974912495,"hxxp:\/\/static.app.widdit.com\/",0.852290865956379,"hxxp:\/\/www.google-analytics.com\/",0.852290865956379]],["hxxp:\/\/startpins.com\/",["hxxp:\/\/ajax.googleapis.com\/",2.6037004,"hxxp:\/\/startpins.com\/",8.8797842,"hxxp:\/\/stats.startpins.com\/",2.6037004]],["hxxp:\/\/startsear.ch\/",["hxxp:\/\/search.searchcompletion.com\/",1.3095390748442,"hxxp:\/\/startpins.com\/",3.2643408]],["hxxp:\/\/www.db.de\/",["hxxp:\/\/www.deutschebahn.com\/",3.31719991256544]],["hxxp:\/\/www.deutschebahn.com\/",["hxxp:\/\/www.deutschebahn.com\/",36.3959923625405,"hxxp:\/\/www.etracker.de\/",2.5692887007988]],["hxxp:\/\/www.google.de\/",["hxxp:\/\/id.google.de\/",1.45771366336596,"hxxp:\/\/ssl.gstatic.com\/",0.853361440452545,"hxxp:\/\/www.google.com\/",0.641556891074585,"hxxp:\/\/www.google.de\/",8.75425293393105]],["hxxp:\/\/www.salzburg.info\/",["hxxp:\/\/analytics.modul.ac.at\/",2.529573049612,"hxxp:\/\/www.google-analytics.com\/",2.208657065706,"hxxp:\/\/www.salzburg.info\/",21.784532083972]],["hxxps:\/\/login.live.com\/",["hxxps:\/\/login.live.com\/",2.208657065706,"hxxps:\/\/secure.shared.live.com\/",4.455068953048]],["hxxps:\/\/secure.shared.live.com\/",["hxxps:\/\/secure.shared.live.com\/",3.49232100133]]],"startup_list":[1,"hxxp:\/\/ajax.googleapis.com\/","hxxp:\/\/startpins.com\/","hxxp:\/\/startsear.ch\/","hxxp:\/\/stats.startpins.com\/"]},"download":{"directory_upgrade":true,"extensions_to_open":""},"extensions":{"autoupdate":{"next_check":"12988762562200499"},"chrome_url_overrides":{"bookmarks":["chrome-extension:\/\/eemcgdkfndhakfknompkggombfjjjeno\/main.html"]},"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["appNotifications","management","webstorePrivate"]},"app_launcher_ordinal":"n","page_ordinal":"n"}}},"google":{"services":{"username":""}},"homepage":"hxxp:\/\/u-search.net\/?a=1&e=1","homepage_is_newtabpage":false,"hxxp_throttling":{"enabled":true},"instant":{"enabled_time":"12974162663252220"},"net":{"hxxp_server_properties":{"clients1.google.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":16}],"supports_spdy":true},"www.google.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":32},{"id":6,"value":0}],"supports_spdy":true}}},"ntp":{"app_page_names":["Apps"],"pref_version":3,"promo_closed":false,"promo_end":1342994400,"promo_group":0,"promo_group_max":1,"promo_group_timeslice":0,"promo_increment":1,"promo_initial_segment":1,"promo_line":"Haben Sie ein Smartphone oder Tablet? <a href=\"hxxps:\/\/www.google.com\/chrome\/mobile\/?utm_source=chrome&utm_medium=ntp&utm_campaign=ntp-promo\">Holen Sie sich Chrome Mobile<\/a>","promo_num_groups":1,"promo_resource_cache_update":"1343576161.86507","promo_start":1341828000,"promo_views":0,"promo_views_max":15},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"last_internal_directory":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\21.0.1180.60","plugins_list":[{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\21.0.1180.60\\gcswf32.dll","version":"10,3,181,22"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32.dll","version":"11,1,102,55"},{"enabled":true,"name":"Java Deployment Toolkit 6.0.260.3","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npdeployJava1.dll","version":"6.0.260.3"},{"enabled":true,"name":"Java(TM) Platform SE 6 U26","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npjp2.dll","version":"6.0.260.3"},{"enabled":false,"name":"Adobe Acrobat","path":"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll","version":"10.1.2.45"},{"enabled":true,"name":"Silverlight Plug-In","path":"c:\\Program Files (x86)\\Microsoft Silverlight\\4.0.60831.0\\npctrl.dll","version":"4.0.60831.0"},{"enabled":true,"name":"Shockwave for Director","path":"C:\\Windows\\system32\\Adobe\\Director\\np32dsw.dll","version":"11.6r626"},{"enabled":true,"name":"Microsoft Office 2010","path":"C:\\PROGRA~2\\MICROS~3\\Office14\\NPSPWRAP.DLL","version":"14.0.4761.1000"},{"enabled":true,"name":"Chrome NaCl","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\21.0.1180.60\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\21.0.1180.60\\pdf.dll","version":""},{"enabled":true,"name":"Google Update","path":"C:\\Program Files (x86)\\Google\\Update\\1.3.21.79\\npGoogleUpdate3.dll","version":"1.3.21.79"},{"enabled":true,"name":"Windows Live? Photo Gallery","path":"C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll","version":"15.4.3508.1109_ship.wlx.w4m4 (ship)"},{"enabled":true,"name":"Windows Activation Technologies","path":"C:\\Windows\\system32\\Wat\\npWatWeb.dll","version":"7.1.7600.16395"},{"enabled":true,"name":"Default Plug-in","path":"default_plugin","version":"1"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"Java"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Silverlight"},{"enabled":true,"name":"Shockwave"},{"enabled":true,"name":"Microsoft Office"},{"enabled":false,"name":"Chrome NaCl"},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Windows Live? Photo Gallery"},{"enabled":true,"name":"Windows Activation Technologies"},{"enabled":true,"name":"Default Plug-in"}]},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"pref_version":1},"exited_cleanly":true,"name":"Erster Nutzer"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"urls_to_restore_on_startup":["hxxp:\/\/startsear.ch\/?aff=3&cf=c9163289-28fe-11e1-a761-8c89a5551564"]},"tabs":{"use_vertical_tabs":false}}
*************************
AdwCleaner[R1].txt - [18916 octets] - [17/10/2012 13:15:55]
########## EOF - C:\AdwCleaner[R1].txt - [18977 octets] ##########
|
|
21.10.2012, 16:33
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | U-Search und Startsear - in der Suchmaschine adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ --> U-Search und Startsear - in der Suchmaschine |
|
21.10.2012, 16:45
| #7 |
| | U-Search und Startsear - in der Suchmaschine Zuerst das Ergebnis vom ersten Durchlauf vor ein paar Tagen: Code:
ATTFilter # AdwCleaner v2.005 - Datei am 17/10/2012 um 13:18:39 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : maurice - MAURICE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\maurice\Downloads\adwcleaner2.005.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\nohedadz.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\nohedadz.default\searchplugins\Startsear.xml
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\StartSearch plugin
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\maurice\AppData\Local\APN
Ordner Gelöscht : C:\Users\maurice\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\maurice\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\maurice\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\startsearch Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\nohedadz.default\prefs.js
C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\nohedadz.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.apn_dbr", "ff_14.0.1");
Gelöscht : user_pref("extensions.asktb.cbid", "^ABT");
Gelöscht : user_pref("extensions.asktb.config-updated", false);
Gelöscht : user_pref("extensions.asktb.cr-o", "APN10395");
Gelöscht : user_pref("extensions.asktb.crumb", "2012.08.08+23.45.30-toolbar001iad-DE-QmF5cmV1dGgsR2VybWFueQ%3D%[...]
Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc=[...]
Gelöscht : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Gelöscht : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Gelöscht : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-[...]
Gelöscht : user_pref("extensions.asktb.first-restart-after-config-update", true);
Gelöscht : user_pref("extensions.asktb.fresh-install", false);
Gelöscht : user_pref("extensions.asktb.guid", "1e32d5ec-4811-4c96-ad73-46862878e3f2");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelöscht : user_pref("extensions.asktb.if", "first");
Gelöscht : user_pref("extensions.asktb.l", "dis");
Gelöscht : user_pref("extensions.asktb.last-config-req", "1344975388672");
Gelöscht : user_pref("extensions.asktb.locale", "de_DE");
Gelöscht : user_pref("extensions.asktb.localePref", true);
Gelöscht : user_pref("extensions.asktb.location", "Bayreuth,Germany");
Gelöscht : user_pref("extensions.asktb.notification-shown", true);
Gelöscht : user_pref("extensions.asktb.o", "APN10395");
Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Gelöscht : user_pref("extensions.asktb.r", "2");
Gelöscht : user_pref("extensions.asktb.sa", "YES");
Gelöscht : user_pref("extensions.asktb.saguid", "B16A0AD6-6EBF-45B3-9044-5A6615217594");
Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gelöscht : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Gelöscht : user_pref("extensions.asktb.socialmini-native-on", true);
Gelöscht : user_pref("extensions.asktb.themeid", "");
Gelöscht : user_pref("extensions.asktb.timeinstalled", "09.08.2012 08:46:03");
Gelöscht : user_pref("extensions.asktb.to", "");
Gelöscht : user_pref("extensions.asktb.v", "3.15.4.100013");
Gelöscht : user_pref("extensions.asktb.version", "5.15.4.23930");
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.1] : icon_url ={"backup":{"_signature":"XxJVFKggD0j+vIoMvXWsg4hYTR3vclEbot8tiVOxaZU=","_version":4,"extensions":{"ids":["ahfgeienlihckogmohjhadlkjgocpleb"]},"homepage":"hxxp:\/\/u-search.net\/?a=1&e=1","homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxp:\/\/startsear.ch\/?aff=3&cf=c9163289-28fe-11e1-a761-8c89a5551564"]}},"browser":{"last_known_google_url":"hxxp:\/\/www.google.de\/","last_prompted_google_url":"hxxp:\/\/www.google.de\/","window_placement":{"bottom":974,"left":10,"maximized":false,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":17477,"default_apps_install_state":2,"default_search_provider":{"enabled":true,"encodings":"UTF-8","","id":"7","instant_url":"","keyword":"u-search.net","name":"Web Search","prepopulate_id":"0","search_url":"hxxp:\/\/u-search.net\/?a=1&e=2&q={searchTerms}","suggest_url":""},"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_history":false,"import_search_engine":false,"make_chrome_default":true,"require_eula":true,"show_welcome_page":false,"skip_first_run_ui":true,"system_level":true,"verbose_logging":false},"dns_prefetching":{"host_referral_list":[2,["hxxp:\/\/facebook.com\/",["hxxp:\/\/www.facebook.com\/",2.18161534513063]],["hxxp:\/\/google.de\/",["hxxp:\/\/www.google.de\/",2.529573049612]],["hxxp:\/\/hotmail.com\/",["hxxps:\/\/login.live.com\/",2.529573049612]],["hxxp:\/\/maps.google.de\/",["hxxp:\/\/gg.google.com\/",3.49232100133,"hxxp:\/\/id.google.de\/",2.208657065706,"hxxp:\/\/khm0.google.de\/",2.850489033518,"hxxp:\/\/khm1.google.de\/",3.49232100133,"hxxp:\/\/maps.google.de\/",8.947892727732,"hxxp:\/\/maps.gstatic.com\/",14.082548470228,"hxxp:\/\/mt0.google.com\/",19.217204212724,"hxxp:\/\/mt1.google.com\/",20.179952164442,"hxxp:\/\/www.google.com\/",2.529573049612]],["hxxp:\/\/reiseauskunft.bahn.de\/",["hxxp:\/\/survey.122.2o7.net\/",2.46669258295135,"hxxp:\/\/t.bahn.de\/",2.77847208879555,"hxxp:\/\/www.img-bahn.de\/",24.6110347242082]],["hxxp:\/\/search.searchcompletion.com\/",["hxxp:\/\/cdn1.predictad.com\/",1.88069528281846,"hxxp:\/\/cdn1.searchcompletion.com\/",0.852290865956379,"hxxp:\/\/geo.widdit.com\/",0.395563729304647,"hxxp:\/\/search.searchcompletion.com\/",2.3948974912495,"hxxp:\/\/static.app.widdit.com\/",0.852290865956379,"hxxp:\/\/www.google-analytics.com\/",0.852290865956379]],["hxxp:\/\/startpins.com\/",["hxxp:\/\/ajax.googleapis.com\/",2.6037004,"hxxp:\/\/startpins.com\/",8.8797842,"hxxp:\/\/stats.startpins.com\/",2.6037004]],["hxxp:\/\/startsear.ch\/",["hxxp:\/\/search.searchcompletion.com\/",1.3095390748442,"hxxp:\/\/startpins.com\/",3.2643408]],["hxxp:\/\/www.db.de\/",["hxxp:\/\/www.deutschebahn.com\/",3.31719991256544]],["hxxp:\/\/www.deutschebahn.com\/",["hxxp:\/\/www.deutschebahn.com\/",36.3959923625405,"hxxp:\/\/www.etracker.de\/",2.5692887007988]],["hxxp:\/\/www.google.de\/",["hxxp:\/\/id.google.de\/",1.45771366336596,"hxxp:\/\/ssl.gstatic.com\/",0.853361440452545,"hxxp:\/\/www.google.com\/",0.641556891074585,"hxxp:\/\/www.google.de\/",8.75425293393105]],["hxxp:\/\/www.salzburg.info\/",["hxxp:\/\/analytics.modul.ac.at\/",2.529573049612,"hxxp:\/\/www.google-analytics.com\/",2.208657065706,"hxxp:\/\/www.salzburg.info\/",21.784532083972]],["hxxps:\/\/login.live.com\/",["hxxps:\/\/login.live.com\/",2.208657065706,"hxxps:\/\/secure.shared.live.com\/",4.455068953048]],["hxxps:\/\/secure.shared.live.com\/",["hxxps:\/\/secure.shared.live.com\/",3.49232100133]]],"startup_list":[1,"hxxp:\/\/ajax.googleapis.com\/","hxxp:\/\/startpins.com\/","hxxp:\/\/startsear.ch\/","hxxp:\/\/stats.startpins.com\/"]},"download":{"directory_upgrade":true,"extensions_to_open":""},"extensions":{"autoupdate":{"next_check":"12988762562200499"},"chrome_url_overrides":{"bookmarks":["chrome-extension:\/\/eemcgdkfndhakfknompkggombfjjjeno\/main.html"]},"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["appNotifications","management","webstorePrivate"]},"app_launcher_ordinal":"n","page_ordinal":"n"}}},"google":{"services":{"username":""}},"homepage":"hxxp:\/\/u-search.net\/?a=1&e=1","homepage_is_newtabpage":false,"hxxp_throttling":{"enabled":true},"instant":{"enabled_time":"12974162663252220"},"net":{"hxxp_server_properties":{"clients1.google.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":16}],"supports_spdy":true},"www.google.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":32},{"id":6,"value":0}],"supports_spdy":true}}},"ntp":{"app_page_names":["Apps"],"pref_version":3,"promo_closed":false,"promo_end":1342994400,"promo_group":0,"promo_group_max":1,"promo_group_timeslice":0,"promo_increment":1,"promo_initial_segment":1,"promo_line":"Haben Sie ein Smartphone oder Tablet? <a href=\"hxxps:\/\/www.google.com\/chrome\/mobile\/?utm_source=chrome&utm_medium=ntp&utm_campaign=ntp-promo\">Holen Sie sich Chrome Mobile<\/a>","promo_num_groups":1,"promo_resource_cache_update":"1343576161.86507","promo_start":1341828000,"promo_views":0,"promo_views_max":15},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"last_internal_directory":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\21.0.1180.60","plugins_list":[{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\21.0.1180.60\\gcswf32.dll","version":"10,3,181,22"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32.dll","version":"11,1,102,55"},{"enabled":true,"name":"Java Deployment Toolkit 6.0.260.3","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npdeployJava1.dll","version":"6.0.260.3"},{"enabled":true,"name":"Java(TM) Platform SE 6 U26","path":"C:\\Program Files (x86)\\Java\\jre6\\bin\\new_plugin\\npjp2.dll","version":"6.0.260.3"},{"enabled":false,"name":"Adobe Acrobat","path":"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll","version":"10.1.2.45"},{"enabled":true,"name":"Silverlight Plug-In","path":"c:\\Program Files (x86)\\Microsoft Silverlight\\4.0.60831.0\\npctrl.dll","version":"4.0.60831.0"},{"enabled":true,"name":"Shockwave for Director","path":"C:\\Windows\\system32\\Adobe\\Director\\np32dsw.dll","version":"11.6r626"},{"enabled":true,"name":"Microsoft Office 2010","path":"C:\\PROGRA~2\\MICROS~3\\Office14\\NPSPWRAP.DLL","version":"14.0.4761.1000"},{"enabled":true,"name":"Chrome NaCl","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\21.0.1180.60\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\21.0.1180.60\\pdf.dll","version":""},{"enabled":true,"name":"Google Update","path":"C:\\Program Files (x86)\\Google\\Update\\1.3.21.79\\npGoogleUpdate3.dll","version":"1.3.21.79"},{"enabled":true,"name":"Windows Live? Photo Gallery","path":"C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll","version":"15.4.3508.1109_ship.wlx.w4m4 (ship)"},{"enabled":true,"name":"Windows Activation Technologies","path":"C:\\Windows\\system32\\Wat\\npWatWeb.dll","version":"7.1.7600.16395"},{"enabled":true,"name":"Default Plug-in","path":"default_plugin","version":"1"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"Java"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Silverlight"},{"enabled":true,"name":"Shockwave"},{"enabled":true,"name":"Microsoft Office"},{"enabled":false,"name":"Chrome NaCl"},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Windows Live? Photo Gallery"},{"enabled":true,"name":"Windows Activation Technologies"},{"enabled":true,"name":"Default Plug-in"}]},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"pref_version":1},"exited_cleanly":true,"name":"Erster Nutzer"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"urls_to_restore_on_startup":["hxxp:\/\/startsear.ch\/?aff=3&cf=c9163289-28fe-11e1-a761-8c89a5551564"]},"tabs":{"use_vertical_tabs":false}}
*************************
AdwCleaner[R1].txt - [19031 octets] - [17/10/2012 13:15:55]
AdwCleaner[S1].txt - [19080 octets] - [17/10/2012 13:18:39]
########## EOF - C:\AdwCleaner[S1].txt - [19141 octets] ##########
und hier die vom letzten, also von eben gerade: Code:
ATTFilter # AdwCleaner v2.005 - Datei am 21/10/2012 um 17:39:57 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : maurice - MAURICE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\maurice\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\maurice\AppData\Roaming\Mozilla\Firefox\Profiles\nohedadz.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\maurice\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [19031 octets] - [17/10/2012 13:15:55]
AdwCleaner[S1].txt - [19195 octets] - [17/10/2012 13:18:39]
AdwCleaner[R2].txt - [9305 octets] - [17/10/2012 13:33:29]
AdwCleaner[S2].txt - [9367 octets] - [17/10/2012 13:34:27]
AdwCleaner[R3].txt - [1408 octets] - [21/10/2012 15:41:28]
AdwCleaner[S3].txt - [1341 octets] - [21/10/2012 17:39:57]
########## EOF - C:\AdwCleaner[S3].txt - [1401 octets] ##########
|
|
21.10.2012, 19:58
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | U-Search und Startsear - in der Suchmaschine Hätte da mal drei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? 3.) Die Werbeeinblendungen bzw Weiterleitungen wie zB Incredibar oder Mystart sind nun weg?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.10.2012, 20:47
| #9 |
| | U-Search und Startsear - in der Suchmaschine Ja, eigentlich geht alles gut. Ich hatte auch eigentlich keine Probleme, bis eben auf die Suchmaschine, die durch das manuelle Entfernen in den jeweiligen Browsern bereits entfernt wurde. Allerdings waren halt teilweise noch Ordner/Software vorhanden und Malwarebytes hatte ja auch noch Sachen gefunden. Die Seiten im Internet werden nun auch schneller aufgerufen. Was mir aber Sorge bereitet ist die Vorarbeit die ich geleistet habe, bevor ich mich hier angemeldet hatte. Da stand auf einer Seite, man solle alles in den Browsern entfernen, adwccleaner laufen lassen und den Anvi Smart Defender suchen lassen. In dieser Log stehen ganz andere Sachen: Code:
ATTFilter
[16:15:01] Scaned virus Worm/Ainslot.A.270751, C:\PROGRA~2\MICROS~3\Office14\1033\SLINTL.DLL
[16:21:43] Scaned virus Spyware.Zeus.352159, C:\Users\maurice\AppData\LocalLow\Google\GOOGLE~1\webdata\f_00025a
[16:38:04] FileGuard: Process 4, found virus W32/Chir.B.272831, path C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\readerupdater.exe
[16:38:04] Scaned virus W32/Chir.B.272831, C:\Windows\INSTAL~1\$PATCH~1\Managed\68AB67~1\100~1.0\READER~2.EXE
[17:15:05] Repaired virus Worm/Ainslot.A.270751, C:\PROGRA~2\MICROS~3\Office14\1033\SLINTL.DLL
[17:15:05] Repaired virus Spyware.Zeus.352159, C:\Users\maurice\AppData\LocalLow\Google\GOOGLE~1\webdata\f_00025a=>default.kml
[17:15:06] Repaired virus W32/Chir.B.272831, C:\Windows\INSTAL~1\$PATCH~1\Managed\68AB67~1\100~1.0\READER~2.EXE
[17:19:13] Key regstriy item modified:\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
[17:19:30] Key regstriy item modified:\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
[17:33:58] Key regstriy item modified:\REGISTRY\USER\S-1-5-21-3382567481-3059933938-823961423-1003\Software\Microsoft\Windows\CurrentVersion\Run
|
|
22.10.2012, 10:18
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | U-Search und Startsear - in der Suchmaschine Mach bitte einen (neuen) CustomScan mit OTL - das Log davon nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.10.2012, 11:12
| #11 |
| | U-Search und Startsear - in der Suchmaschine Ok, hoffe, das war richtig so: OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.10.2012 12:01:18 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\maurice\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,49 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 57,44% Memory free 6,98 Gb Paging File | 5,09 Gb Available in Paging File | 72,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 890,41 Gb Total Space | 805,84 Gb Free Space | 90,50% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 19,40 Gb Free Space | 48,49% Space Free | Partition Type: NTFS Computer Name: MAURICE-PC | User Name: maurice | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\maurice\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft) PRC - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe (Anvisoft) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (asdsrv) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe (Anvisoft) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (asdrs) -- C:\Windows\SysNative\drivers\asdrs.sys (Anvisoft) DRV:64bit: - (asdrm) -- C:\Windows\SysNative\drivers\asdrm.sys (Anvisoft) DRV:64bit: - (asdws) -- C:\Windows\SysNative\drivers\asdws.sys () DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.) DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{6F11EBFA-AC42-4990-A05E-AC3416ABCE53}: "URL" = hxxp://startsear.ch/?aff=3&q={searchTerms} IE - HKLM\..\SearchScopes\{A98F9DA1-095C-4F9E-8414-13E789676B79}: "URL" = hxxp://u-search.net/?a=1&e=1&q={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3382567481-3059933938-823961423-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-3382567481-3059933938-823961423-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3382567481-3059933938-823961423-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3382567481-3059933938-823961423-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3382567481-3059933938-823961423-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_enDE393 IE - HKU\S-1-5-21-3382567481-3059933938-823961423-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker@overlord1337:1.2 FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.8 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.20 17:12:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.20 17:12:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.29 10:50:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maurice\AppData\Roaming\mozilla\Extensions [2012.10.18 17:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\maurice\AppData\Roaming\mozilla\Firefox\Profiles\nohedadz.default\extensions [2012.10.08 11:25:59 | 000,000,000 | ---D | M] (WOT) -- C:\Users\maurice\AppData\Roaming\mozilla\Firefox\Profiles\nohedadz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.09.16 14:04:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\maurice\AppData\Roaming\mozilla\Firefox\Profiles\nohedadz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.05.05 12:52:14 | 000,363,041 | ---- | M] () (No name found) -- C:\Users\maurice\AppData\Roaming\mozilla\firefox\profiles\nohedadz.default\extensions\client@anonymox.net.xpi [2012.07.06 08:55:53 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\maurice\AppData\Roaming\mozilla\firefox\profiles\nohedadz.default\extensions\elemhidehelper@adblockplus.org.xpi [2012.08.23 08:41:43 | 000,029,003 | ---- | M] () (No name found) -- C:\Users\maurice\AppData\Roaming\mozilla\firefox\profiles\nohedadz.default\extensions\groovesharkUnlocker@overlord1337.xpi [2012.10.18 15:59:14 | 000,529,693 | ---- | M] () (No name found) -- C:\Users\maurice\AppData\Roaming\mozilla\firefox\profiles\nohedadz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.07.25 12:05:46 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\maurice\AppData\Roaming\mozilla\firefox\profiles\nohedadz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.01.22 10:34:37 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\maurice\AppData\Roaming\mozilla\firefox\profiles\nohedadz.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.10.20 17:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.20 17:12:15 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.17 22:04:51 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 13:44:57 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.17 22:04:51 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.17 22:04:51 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.17 22:04:51 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.17 22:04:51 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Live? Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKU\S-1-5-21-3382567481-3059933938-823961423-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\maurice\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\maurice\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.209.32.12 88.209.32.38 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E402F878-83D6-4346-B616-4923CEF8C0AC}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E94F8658-7079-4071-AA59-FB256BF9D92F}: DhcpNameServer = 88.209.32.12 88.209.32.38 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: msacm.siren - File not found Drivers32:64bit: vidc.cvid - File not found Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.20 17:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.20 12:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.10.18 19:58:02 | 000,000,000 | ---D | C] -- C:\Users\maurice\log [2012.10.18 19:51:52 | 000,000,000 | ---D | C] -- C:\Users\maurice\AppData\Roaming\Malwarebytes [2012.10.18 19:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.18 19:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.18 19:50:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.10.18 19:50:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.10.18 19:19:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\maurice\Desktop\OTL.exe [2012.10.18 16:02:40 | 000,000,000 | ---D | C] -- C:\Users\maurice\AppData\Roaming\Anvisoft [2012.10.18 16:02:32 | 000,023,376 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrs.sys [2012.10.18 16:02:32 | 000,018,768 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrm.sys [2012.10.18 16:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft [2012.10.18 16:02:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft [2012.10.18 16:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft [2012.10.17 13:33:03 | 000,000,000 | ---D | C] -- C:\Users\maurice\AppData\Roaming\Avira [2012.10.17 13:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.10.17 13:27:37 | 000,129,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.10.17 13:27:37 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.10.17 13:27:37 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.10.17 13:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.10.17 13:27:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.10.17 12:37:02 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2012.10.17 12:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator [2012.10.13 00:29:35 | 000,000,000 | ---D | C] -- C:\Users\maurice\AppData\Roaming\Rovio [2012.10.13 00:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio [2012.10.13 00:29:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rovio [2012.10.08 23:40:50 | 000,000,000 | ---D | C] -- C:\Users\maurice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.10.08 23:40:39 | 000,000,000 | ---D | C] -- C:\Games [2012.09.22 18:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2012.09.22 18:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2012.09.22 17:44:53 | 000,000,000 | ---D | C] -- C:\Users\maurice\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.22 17:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.09.22 17:44:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2012.09.22 17:44:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.09.22 17:43:54 | 000,000,000 | ---D | C] -- C:\Users\maurice\AppData\Roaming\DVDVideoSoft [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.22 12:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.22 11:43:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\maurice\Desktop\OTL.exe [2012.10.22 11:15:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.22 09:52:38 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.22 09:52:38 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.22 09:43:52 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.22 09:43:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.22 09:43:35 | 2812,383,232 | -HS- | M] () -- C:\hiberfil.sys [2012.10.18 19:54:05 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.18 19:19:14 | 000,000,000 | ---- | M] () -- C:\Users\maurice\defogger_reenable [2012.10.18 16:02:32 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk [2012.10.17 13:27:46 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.17 12:37:02 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2012.10.16 10:52:17 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.16 10:52:17 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.16 10:52:17 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.16 10:52:17 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.16 10:52:17 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.13 00:29:25 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds.lnk [2012.10.12 11:17:12 | 000,002,712 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.10.01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.18 19:50:47 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.18 19:19:14 | 000,000,000 | ---- | C] () -- C:\Users\maurice\defogger_reenable [2012.10.18 16:02:32 | 000,017,232 | ---- | C] () -- C:\Windows\SysNative\drivers\asdws.sys [2012.10.18 16:02:32 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk [2012.10.17 13:27:46 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.10.13 00:29:25 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds.lnk [2012.09.22 18:11:37 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.12.18 00:31:00 | 000,000,653 | ---- | C] () -- C:\Users\maurice\AppData\Roaming\gd.db [2011.12.18 00:31:00 | 000,000,270 | ---- | C] () -- C:\Users\maurice\AppData\Roaming\groovedown.settings [2011.12.05 00:51:49 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2011.10.09 16:46:35 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.10.09 16:46:35 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT [2011.10.09 13:07:09 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.07.08 08:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011.06.28 20:26:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.06.27 23:01:38 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.18 16:02:40 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\Anvisoft [2012.09.22 17:45:00 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\DVDVideoSoft [2012.09.22 17:44:53 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.12 17:30:20 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\Groovedown_Uninstall [2011.10.09 12:26:06 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\Kalenderchen [2011.12.18 00:31:00 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\lang [2012.10.13 00:29:35 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\Rovio [2012.09.13 21:51:13 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\SoftGrid Client [2011.10.09 13:07:57 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\TP [2012.02.01 22:13:06 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.10.02 19:05:01 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\Adobe [2012.10.18 16:02:40 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\Anvisoft [2011.09.29 10:33:14 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\ATI [2012.10.17 13:33:03 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\Avira [2011.10.09 16:49:45 | 000,000,000 | R--D | M] -- C:\Users\maurice\AppData\Roaming\Brother [2011.11.06 18:38:25 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\Corel [2011.10.07 12:36:48 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\CyberLink [2012.07.10 18:43:05 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\dvdcss [2012.09.22 17:45:00 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\DVDVideoSoft [2012.09.22 17:44:53 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.29 10:48:15 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\Google [2012.09.12 17:30:20 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\Groovedown_Uninstall [2011.09.29 10:32:36 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\Identities [2011.10.09 12:26:06 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\Kalenderchen [2011.12.18 00:31:00 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\lang [2011.02.10 22:48:57 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\Macromedia [2012.10.18 19:51:52 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\Malwarebytes [2010.11.21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\Media Center Programs [2012.07.13 20:52:21 | 000,000,000 | --SD | M] -- C:\Users\maurice\AppData\Roaming\Microsoft [2011.09.29 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\Mozilla [2012.10.13 00:29:35 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\Rovio [2012.10.17 14:32:13 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\Skype [2012.09.13 21:51:13 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\SoftGrid Client [2011.09.30 16:45:08 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\Sun [2011.10.09 13:07:57 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\TP [2012.05.05 21:38:11 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\vlc [2012.02.01 22:13:06 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\Windows Live Writer [2011.09.30 16:29:36 | 000,000,000 | ---D | M] -- C:\Users\maurice\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012.09.12 17:30:20 | 000,902,656 | ---- | M] () -- C:\Users\maurice\AppData\Roaming\Groovedown_Uninstall\Groovedown_Uninstall.exe [2011.07.04 22:40:02 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\maurice\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > |
|
22.10.2012, 11:46
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | U-Search und Startsear - in der Suchmaschine Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\..\SearchScopes\{6F11EBFA-AC42-4990-A05E-AC3416ABCE53}: "URL" = http://startsear.ch/?aff=3&q={searchTerms}
IE - HKLM\..\SearchScopes\{A98F9DA1-095C-4F9E-8414-13E789676B79}: "URL" = http://u-search.net/?a=1&e=1&q={searchTerms}
O3 - HKU\S-1-5-21-3382567481-3059933938-823961423-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found
O4 - HKLM..\Run: [] File not found
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.10.2012, 12:10
| #13 |
| | U-Search und Startsear - in der SuchmaschineCode:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6F11EBFA-AC42-4990-A05E-AC3416ABCE53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F11EBFA-AC42-4990-A05E-AC3416ABCE53}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A98F9DA1-095C-4F9E-8414-13E789676B79}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A98F9DA1-095C-4F9E-8414-13E789676B79}\ not found.
Registry value HKEY_USERS\S-1-5-21-3382567481-3059933938-823961423-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorShield deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorUpdater deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: maurice
->Temp folder emptied: 34922919 bytes
->Temporary Internet Files folder emptied: 9055822 bytes
->Java cache emptied: 2337490 bytes
->FireFox cache emptied: 189069399 bytes
->Google Chrome cache emptied: 856432 bytes
->Flash cache emptied: 57309 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119050695 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 70468826 bytes
Total Files Cleaned = 406,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10222012_130606
Files\Folders moved on Reboot...
C:\Users\maurice\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
22.10.2012, 12:33
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | U-Search und Startsear - in der Suchmaschine Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.10.2012, 17:46
| #15 |
| | U-Search und Startsear - in der Suchmaschine So, hier kommt das nächste: Code:
ATTFilter
18:43:40.0116 3408 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
18:43:40.0428 3408 ============================================================
18:43:40.0428 3408 Current date / time: 2012/10/22 18:43:40.0428
18:43:40.0428 3408 SystemInfo:
18:43:40.0428 3408
18:43:40.0428 3408 OS Version: 6.1.7601 ServicePack: 1.0
18:43:40.0428 3408 Product type: Workstation
18:43:40.0428 3408 ComputerName: MAURICE-PC
18:43:40.0428 3408 UserName: maurice
18:43:40.0428 3408 Windows directory: C:\Windows
18:43:40.0428 3408 System windows directory: C:\Windows
18:43:40.0428 3408 Running under WOW64
18:43:40.0428 3408 Processor architecture: Intel x64
18:43:40.0428 3408 Number of processors: 4
18:43:40.0428 3408 Page size: 0x1000
18:43:40.0428 3408 Boot type: Normal boot
18:43:40.0428 3408 ============================================================
18:43:41.0739 3408 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:43:41.0754 3408 ============================================================
18:43:41.0754 3408 \Device\Harddisk0\DR0:
18:43:41.0754 3408 MBR partitions:
18:43:41.0754 3408 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:43:41.0754 3408 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F4D3800
18:43:41.0754 3408 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6F506000, BlocksNum 0x5000000
18:43:41.0754 3408 ============================================================
18:43:41.0786 3408 C: <-> \Device\Harddisk0\DR0\Partition2
18:43:41.0832 3408 D: <-> \Device\Harddisk0\DR0\Partition3
18:43:41.0832 3408 ============================================================
18:43:41.0832 3408 Initialize success
18:43:41.0832 3408 ============================================================
18:43:55.0436 2288 ============================================================
18:43:55.0436 2288 Scan started
18:43:55.0436 2288 Mode: Manual; SigCheck; TDLFS;
18:43:55.0436 2288 ============================================================
18:43:56.0652 2288 ================ Scan system memory ========================
18:43:56.0652 2288 System memory - ok
18:43:56.0652 2288 ================ Scan services =============================
18:43:56.0855 2288 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:43:57.0011 2288 1394ohci - ok
18:43:57.0027 2288 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:43:57.0042 2288 ACPI - ok
18:43:57.0058 2288 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:43:57.0120 2288 AcpiPmi - ok
18:43:57.0214 2288 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:43:57.0230 2288 AdobeARMservice - ok
18:43:57.0354 2288 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:43:57.0386 2288 AdobeFlashPlayerUpdateSvc - ok
18:43:57.0432 2288 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:43:57.0464 2288 adp94xx - ok
18:43:57.0495 2288 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:43:57.0510 2288 adpahci - ok
18:43:57.0542 2288 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:43:57.0557 2288 adpu320 - ok
18:43:57.0588 2288 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:43:57.0651 2288 AeLookupSvc - ok
18:43:57.0698 2288 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:43:57.0744 2288 AFD - ok
18:43:57.0760 2288 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:43:57.0776 2288 agp440 - ok
18:43:57.0791 2288 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:43:57.0822 2288 ALG - ok
18:43:57.0869 2288 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:43:57.0885 2288 aliide - ok
18:43:57.0932 2288 [ 0BDE3222789749571C3D706F0181203D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:43:57.0978 2288 AMD External Events Utility - ok
18:43:58.0041 2288 AMD FUEL Service - ok
18:43:58.0072 2288 [ 30BFEEE0DFFD5BD79D29157CF080DEED ] amdhub30 C:\Windows\system32\drivers\amdhub30.sys
18:43:58.0103 2288 amdhub30 - ok
18:43:58.0134 2288 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:43:58.0134 2288 amdide - ok
18:43:58.0181 2288 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\drivers\amdiox64.sys
18:43:58.0197 2288 amdiox64 - ok
18:43:58.0228 2288 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:43:58.0259 2288 AmdK8 - ok
18:43:58.0462 2288 [ 75BBD04F450CE109031A215FD4EC667A ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:43:58.0727 2288 amdkmdag - ok
18:43:58.0758 2288 [ ADB8EE976CE4A47C54D39F2581593C03 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:43:58.0790 2288 amdkmdap - ok
18:43:58.0836 2288 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:43:58.0883 2288 AmdPPM - ok
18:43:58.0930 2288 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:43:58.0946 2288 amdsata - ok
18:43:58.0977 2288 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:43:58.0992 2288 amdsbs - ok
18:43:59.0008 2288 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:43:59.0024 2288 amdxata - ok
18:43:59.0055 2288 [ 321533578132C811EC834A1B741C994C ] amdxhc C:\Windows\system32\drivers\amdxhc.sys
18:43:59.0070 2288 amdxhc - ok
18:43:59.0086 2288 [ F9D46B6B322708BD5AFCC8767EBDC901 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
18:43:59.0086 2288 amd_sata - ok
18:43:59.0102 2288 [ 329CC9C7E20DEEBCD4CD10816193EF14 ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
18:43:59.0102 2288 amd_xata - ok
18:43:59.0180 2288 [ 98A8B7D168D035FEFDEFA18F759115F6 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:43:59.0195 2288 AntiVirSchedulerService - ok
18:43:59.0226 2288 [ AAACAE485AE81D0A449FBC754880C791 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:43:59.0258 2288 AntiVirService - ok
18:43:59.0289 2288 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:43:59.0367 2288 AppID - ok
18:43:59.0398 2288 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:43:59.0476 2288 AppIDSvc - ok
18:43:59.0492 2288 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:43:59.0585 2288 Appinfo - ok
18:43:59.0632 2288 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:43:59.0663 2288 arc - ok
18:43:59.0679 2288 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:43:59.0694 2288 arcsas - ok
18:43:59.0741 2288 [ 0BD8FE611928363A6840DE25FB936EF4 ] asdrm C:\Windows\system32\DRIVERS\asdrm.sys
18:43:59.0757 2288 asdrm - ok
18:43:59.0772 2288 [ 35ACF6E4BC66C7CB43B16624F9A986EB ] asdrs C:\Windows\system32\DRIVERS\asdrs.sys
18:43:59.0788 2288 asdrs - ok
18:43:59.0819 2288 [ 3F9CA1ACFCB7CFF153B4B3DDB7E29373 ] asdsrv C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
18:43:59.0850 2288 asdsrv - ok
18:43:59.0882 2288 [ 0BB90B97B7E952FFE876DB76CE213487 ] asdws C:\Windows\system32\DRIVERS\asdws.sys
18:43:59.0882 2288 asdws - ok
18:43:59.0897 2288 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:43:59.0960 2288 AsyncMac - ok
18:43:59.0975 2288 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:43:59.0991 2288 atapi - ok
18:44:00.0022 2288 [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:44:00.0038 2288 AtiHDAudioService - ok
18:44:00.0053 2288 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:44:00.0131 2288 AudioEndpointBuilder - ok
18:44:00.0131 2288 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:44:00.0178 2288 AudioSrv - ok
18:44:00.0209 2288 [ 25B63A3C24A5E0223A35DE2F0D9E0FAF ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:44:00.0240 2288 avgntflt - ok
18:44:00.0287 2288 [ A83691240C1568E6A3EAA5C86D9F8AE3 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:44:00.0318 2288 avipbb - ok
18:44:00.0350 2288 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:44:00.0381 2288 avkmgr - ok
18:44:00.0412 2288 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:44:00.0474 2288 AxInstSV - ok
18:44:00.0506 2288 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:44:00.0537 2288 b06bdrv - ok
18:44:00.0568 2288 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:44:00.0584 2288 b57nd60a - ok
18:44:00.0599 2288 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:44:00.0630 2288 BDESVC - ok
18:44:00.0677 2288 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:44:00.0740 2288 Beep - ok
18:44:00.0786 2288 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:44:00.0864 2288 BFE - ok
18:44:00.0911 2288 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:44:00.0989 2288 BITS - ok
18:44:01.0020 2288 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:44:01.0036 2288 blbdrive - ok
18:44:01.0067 2288 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:44:01.0098 2288 bowser - ok
18:44:01.0114 2288 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:44:01.0145 2288 BrFiltLo - ok
18:44:01.0176 2288 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:44:01.0208 2288 BrFiltUp - ok
18:44:01.0254 2288 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:44:01.0286 2288 Browser - ok
18:44:01.0301 2288 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:44:01.0332 2288 Brserid - ok
18:44:01.0348 2288 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:44:01.0379 2288 BrSerWdm - ok
18:44:01.0395 2288 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:44:01.0442 2288 BrUsbMdm - ok
18:44:01.0442 2288 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:44:01.0473 2288 BrUsbSer - ok
18:44:01.0488 2288 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:44:01.0504 2288 BTHMODEM - ok
18:44:01.0520 2288 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:44:01.0551 2288 bthserv - ok
18:44:01.0566 2288 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:44:01.0613 2288 cdfs - ok
18:44:01.0629 2288 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:44:01.0644 2288 cdrom - ok
18:44:01.0644 2288 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:44:01.0707 2288 CertPropSvc - ok
18:44:01.0738 2288 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:44:01.0754 2288 circlass - ok
18:44:01.0785 2288 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:44:01.0800 2288 CLFS - ok
18:44:01.0863 2288 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:44:01.0878 2288 clr_optimization_v2.0.50727_32 - ok
18:44:01.0941 2288 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:44:01.0972 2288 clr_optimization_v2.0.50727_64 - ok
18:44:02.0034 2288 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:44:02.0066 2288 clr_optimization_v4.0.30319_32 - ok
18:44:02.0081 2288 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:44:02.0097 2288 clr_optimization_v4.0.30319_64 - ok
18:44:02.0128 2288 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:44:02.0175 2288 CmBatt - ok
18:44:02.0206 2288 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:44:02.0222 2288 cmdide - ok
18:44:02.0284 2288 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:44:02.0331 2288 CNG - ok
18:44:02.0346 2288 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:44:02.0362 2288 Compbatt - ok
18:44:02.0393 2288 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:44:02.0424 2288 CompositeBus - ok
18:44:02.0440 2288 COMSysApp - ok
18:44:02.0456 2288 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:44:02.0456 2288 crcdisk - ok
18:44:02.0487 2288 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:44:02.0534 2288 CryptSvc - ok
18:44:02.0596 2288 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
18:44:02.0643 2288 cvhsvc - ok
18:44:02.0674 2288 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:44:02.0768 2288 DcomLaunch - ok
18:44:02.0799 2288 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:44:02.0846 2288 defragsvc - ok
18:44:02.0877 2288 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:44:02.0955 2288 DfsC - ok
18:44:02.0970 2288 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:44:03.0017 2288 Dhcp - ok
18:44:03.0033 2288 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:44:03.0111 2288 discache - ok
18:44:03.0126 2288 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:44:03.0126 2288 Disk - ok
18:44:03.0173 2288 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:44:03.0204 2288 Dnscache - ok
18:44:03.0236 2288 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:44:03.0298 2288 dot3svc - ok
18:44:03.0329 2288 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:44:03.0360 2288 DPS - ok
18:44:03.0376 2288 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:44:03.0407 2288 drmkaud - ok
18:44:03.0438 2288 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:44:03.0454 2288 DXGKrnl - ok
18:44:03.0470 2288 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:44:03.0516 2288 EapHost - ok
18:44:03.0610 2288 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:44:03.0719 2288 ebdrv - ok
18:44:03.0750 2288 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:44:03.0766 2288 EFS - ok
18:44:03.0828 2288 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:44:03.0906 2288 ehRecvr - ok
18:44:03.0922 2288 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:44:03.0984 2288 ehSched - ok
18:44:04.0016 2288 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:44:04.0047 2288 elxstor - ok
18:44:04.0047 2288 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:44:04.0078 2288 ErrDev - ok
18:44:04.0109 2288 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:44:04.0156 2288 EventSystem - ok
18:44:04.0172 2288 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:44:04.0218 2288 exfat - ok
18:44:04.0234 2288 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:44:04.0281 2288 fastfat - ok
18:44:04.0312 2288 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:44:04.0359 2288 Fax - ok
18:44:04.0374 2288 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:44:04.0421 2288 fdc - ok
18:44:04.0437 2288 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:44:04.0484 2288 fdPHost - ok
18:44:04.0499 2288 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:44:04.0530 2288 FDResPub - ok
18:44:04.0546 2288 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:44:04.0562 2288 FileInfo - ok
18:44:04.0577 2288 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:44:04.0640 2288 Filetrace - ok
18:44:04.0655 2288 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:44:04.0671 2288 flpydisk - ok
18:44:04.0686 2288 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:44:04.0702 2288 FltMgr - ok
18:44:04.0749 2288 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:44:04.0764 2288 FontCache - ok
18:44:04.0780 2288 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:44:04.0796 2288 FontCache3.0.0.0 - ok
18:44:04.0796 2288 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:44:04.0811 2288 FsDepends - ok
18:44:04.0827 2288 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:44:04.0842 2288 Fs_Rec - ok
18:44:04.0858 2288 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:44:04.0874 2288 fvevol - ok
18:44:04.0905 2288 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:44:04.0905 2288 gagp30kx - ok
18:44:04.0936 2288 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:44:04.0998 2288 gpsvc - ok
18:44:05.0061 2288 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:44:05.0076 2288 gupdate - ok
18:44:05.0092 2288 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:44:05.0108 2288 gupdatem - ok
18:44:05.0123 2288 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:44:05.0139 2288 hcw85cir - ok
18:44:05.0186 2288 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:44:05.0217 2288 HdAudAddService - ok
18:44:05.0232 2288 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:44:05.0264 2288 HDAudBus - ok
18:44:05.0295 2288 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:44:05.0310 2288 HidBatt - ok
18:44:05.0310 2288 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:44:05.0342 2288 HidBth - ok
18:44:05.0373 2288 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:44:05.0373 2288 HidIr - ok
18:44:05.0388 2288 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:44:05.0435 2288 hidserv - ok
18:44:05.0498 2288 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:44:05.0513 2288 HidUsb - ok
18:44:05.0544 2288 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:44:05.0607 2288 hkmsvc - ok
18:44:05.0622 2288 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:44:05.0685 2288 HomeGroupListener - ok
18:44:05.0716 2288 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:44:05.0747 2288 HomeGroupProvider - ok
18:44:05.0778 2288 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:44:05.0794 2288 HpSAMD - ok
18:44:05.0810 2288 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:44:05.0872 2288 HTTP - ok
18:44:05.0888 2288 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:44:05.0903 2288 hwpolicy - ok
18:44:05.0934 2288 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:44:05.0950 2288 i8042prt - ok
18:44:05.0966 2288 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:44:05.0981 2288 iaStorV - ok
18:44:06.0012 2288 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:44:06.0044 2288 idsvc - ok
18:44:06.0200 2288 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
18:44:06.0356 2288 igfx - ok
18:44:06.0371 2288 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:44:06.0387 2288 iirsp - ok
18:44:06.0434 2288 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:44:06.0480 2288 IKEEXT - ok
18:44:06.0574 2288 [ 8F6ED52134EBB4CE2953EC37C9275497 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:44:06.0636 2288 IntcAzAudAddService - ok
18:44:06.0652 2288 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:44:06.0668 2288 intelide - ok
18:44:06.0699 2288 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
18:44:06.0730 2288 intelppm - ok
18:44:06.0761 2288 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:44:06.0792 2288 IPBusEnum - ok
18:44:06.0808 2288 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:44:06.0855 2288 IpFilterDriver - ok
18:44:06.0870 2288 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:44:06.0933 2288 iphlpsvc - ok
18:44:06.0948 2288 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:44:06.0964 2288 IPMIDRV - ok
18:44:06.0980 2288 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:44:07.0011 2288 IPNAT - ok
18:44:07.0042 2288 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:44:07.0073 2288 IRENUM - ok
18:44:07.0104 2288 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:44:07.0104 2288 isapnp - ok
18:44:07.0136 2288 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:44:07.0151 2288 iScsiPrt - ok
18:44:07.0167 2288 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:44:07.0182 2288 kbdclass - ok
18:44:07.0198 2288 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:44:07.0214 2288 kbdhid - ok
18:44:07.0229 2288 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:44:07.0245 2288 KeyIso - ok
18:44:07.0276 2288 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:44:07.0276 2288 KSecDD - ok
18:44:07.0292 2288 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:44:07.0307 2288 KSecPkg - ok
18:44:07.0307 2288 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:44:07.0354 2288 ksthunk - ok
18:44:07.0385 2288 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:44:07.0448 2288 KtmRm - ok
18:44:07.0479 2288 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:44:07.0510 2288 LanmanServer - ok
18:44:07.0526 2288 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:44:07.0557 2288 LanmanWorkstation - ok
18:44:07.0588 2288 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:44:07.0635 2288 lltdio - ok
18:44:07.0666 2288 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:44:07.0697 2288 lltdsvc - ok
18:44:07.0713 2288 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:44:07.0760 2288 lmhosts - ok
18:44:07.0791 2288 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:44:07.0791 2288 LSI_FC - ok
18:44:07.0806 2288 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:44:07.0822 2288 LSI_SAS - ok
18:44:07.0838 2288 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:44:07.0853 2288 LSI_SAS2 - ok
18:44:07.0869 2288 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:44:07.0884 2288 LSI_SCSI - ok
18:44:07.0916 2288 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:44:07.0962 2288 luafv - ok
18:44:07.0994 2288 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:44:08.0025 2288 Mcx2Svc - ok
18:44:08.0056 2288 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:44:08.0072 2288 megasas - ok
18:44:08.0087 2288 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:44:08.0103 2288 MegaSR - ok
18:44:08.0165 2288 Microsoft SharePoint Workspace Audit Service - ok
18:44:08.0196 2288 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:44:08.0259 2288 MMCSS - ok
18:44:08.0290 2288 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:44:08.0368 2288 Modem - ok
18:44:08.0384 2288 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:44:08.0399 2288 monitor - ok
18:44:08.0430 2288 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:44:08.0446 2288 mouclass - ok
18:44:08.0462 2288 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:44:08.0508 2288 mouhid - ok
18:44:08.0540 2288 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:44:08.0555 2288 mountmgr - ok
18:44:08.0618 2288 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:44:08.0649 2288 MozillaMaintenance - ok
18:44:08.0680 2288 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:44:08.0711 2288 mpio - ok
18:44:08.0742 2288 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:44:08.0774 2288 mpsdrv - ok
18:44:08.0820 2288 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:44:08.0898 2288 MpsSvc - ok
18:44:08.0914 2288 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:44:08.0945 2288 MRxDAV - ok
18:44:08.0976 2288 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:44:09.0008 2288 mrxsmb - ok
18:44:09.0039 2288 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:44:09.0054 2288 mrxsmb10 - ok
18:44:09.0101 2288 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:44:09.0132 2288 mrxsmb20 - ok
18:44:09.0164 2288 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:44:09.0179 2288 msahci - ok
18:44:09.0195 2288 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:44:09.0210 2288 msdsm - ok
18:44:09.0242 2288 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:44:09.0273 2288 MSDTC - ok
18:44:09.0288 2288 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:44:09.0335 2288 Msfs - ok
18:44:09.0351 2288 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:44:09.0429 2288 mshidkmdf - ok
18:44:09.0444 2288 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:44:09.0460 2288 msisadrv - ok
18:44:09.0491 2288 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:44:09.0538 2288 MSiSCSI - ok
18:44:09.0538 2288 msiserver - ok
18:44:09.0569 2288 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:44:09.0600 2288 MSKSSRV - ok
18:44:09.0632 2288 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:44:09.0663 2288 MSPCLOCK - ok
18:44:09.0678 2288 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:44:09.0710 2288 MSPQM - ok
18:44:09.0725 2288 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:44:09.0756 2288 MsRPC - ok
18:44:09.0788 2288 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:44:09.0803 2288 mssmbios - ok
18:44:09.0819 2288 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:44:09.0850 2288 MSTEE - ok
18:44:09.0881 2288 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:44:09.0912 2288 MTConfig - ok
18:44:09.0944 2288 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:44:09.0944 2288 Mup - ok
18:44:09.0975 2288 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:44:10.0022 2288 napagent - ok
18:44:10.0068 2288 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:44:10.0084 2288 NativeWifiP - ok
18:44:10.0131 2288 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:44:10.0178 2288 NDIS - ok
18:44:10.0209 2288 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:44:10.0271 2288 NdisCap - ok
18:44:10.0318 2288 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:44:10.0365 2288 NdisTapi - ok
18:44:10.0380 2288 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:44:10.0443 2288 Ndisuio - ok
18:44:10.0474 2288 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:44:10.0521 2288 NdisWan - ok
18:44:10.0536 2288 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:44:10.0568 2288 NDProxy - ok
18:44:10.0568 2288 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:44:10.0614 2288 NetBIOS - ok
18:44:10.0630 2288 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:44:10.0677 2288 NetBT - ok
18:44:10.0708 2288 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:44:10.0708 2288 Netlogon - ok
18:44:10.0739 2288 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:44:10.0786 2288 Netman - ok
18:44:10.0817 2288 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:44:10.0848 2288 netprofm - ok
18:44:10.0895 2288 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:44:10.0911 2288 NetTcpPortSharing - ok
18:44:10.0926 2288 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:44:10.0942 2288 nfrd960 - ok
18:44:10.0958 2288 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:44:10.0989 2288 NlaSvc - ok
18:44:11.0004 2288 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:44:11.0036 2288 Npfs - ok
18:44:11.0051 2288 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:44:11.0082 2288 nsi - ok
18:44:11.0082 2288 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:44:11.0129 2288 nsiproxy - ok
18:44:11.0192 2288 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:44:11.0254 2288 Ntfs - ok
18:44:11.0254 2288 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:44:11.0301 2288 Null - ok
18:44:11.0550 2288 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:44:11.0847 2288 nvlddmkm - ok
18:44:11.0878 2288 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:44:11.0894 2288 nvraid - ok
18:44:11.0909 2288 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:44:11.0925 2288 nvstor - ok
18:44:11.0940 2288 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:44:11.0956 2288 nv_agp - ok
18:44:11.0972 2288 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:44:11.0987 2288 ohci1394 - ok
18:44:12.0034 2288 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:44:12.0065 2288 ose - ok
18:44:12.0190 2288 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:44:12.0362 2288 osppsvc - ok
18:44:12.0377 2288 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:44:12.0408 2288 p2pimsvc - ok
18:44:12.0440 2288 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:44:12.0455 2288 p2psvc - ok
18:44:12.0471 2288 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
18:44:12.0486 2288 Parport - ok
18:44:12.0518 2288 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:44:12.0533 2288 partmgr - ok
18:44:12.0549 2288 Partner Service - ok
18:44:12.0564 2288 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:44:12.0596 2288 PcaSvc - ok
18:44:12.0596 2288 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:44:12.0611 2288 pci - ok
18:44:12.0642 2288 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:44:12.0658 2288 pciide - ok
18:44:12.0674 2288 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:44:12.0689 2288 pcmcia - ok
18:44:12.0689 2288 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:44:12.0705 2288 pcw - ok
18:44:12.0736 2288 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:44:12.0783 2288 PEAUTH - ok
18:44:12.0861 2288 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:44:12.0892 2288 PerfHost - ok
18:44:12.0954 2288 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:44:13.0032 2288 pla - ok
18:44:13.0079 2288 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:44:13.0126 2288 PlugPlay - ok
18:44:13.0142 2288 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:44:13.0157 2288 PNRPAutoReg - ok
18:44:13.0173 2288 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:44:13.0188 2288 PNRPsvc - ok
18:44:13.0220 2288 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:44:13.0298 2288 PolicyAgent - ok
18:44:13.0329 2288 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:44:13.0376 2288 Power - ok
18:44:13.0407 2288 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:44:13.0454 2288 PptpMiniport - ok
18:44:13.0469 2288 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:44:13.0485 2288 Processor - ok
18:44:13.0516 2288 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:44:13.0516 2288 ProfSvc - ok
18:44:13.0532 2288 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:44:13.0547 2288 ProtectedStorage - ok
18:44:13.0578 2288 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:44:13.0610 2288 Psched - ok
18:44:13.0625 2288 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
18:44:13.0641 2288 PSI_SVC_2 - ok
18:44:13.0688 2288 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:44:13.0719 2288 ql2300 - ok
18:44:13.0750 2288 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:44:13.0766 2288 ql40xx - ok
18:44:13.0781 2288 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:44:13.0797 2288 QWAVE - ok
18:44:13.0812 2288 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:44:13.0828 2288 QWAVEdrv - ok
18:44:13.0844 2288 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:44:13.0890 2288 RasAcd - ok
18:44:13.0906 2288 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:44:13.0953 2288 RasAgileVpn - ok
18:44:13.0968 2288 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:44:14.0015 2288 RasAuto - ok
18:44:14.0031 2288 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:44:14.0062 2288 Rasl2tp - ok
18:44:14.0078 2288 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:44:14.0124 2288 RasMan - ok
18:44:14.0140 2288 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:44:14.0187 2288 RasPppoe - ok
18:44:14.0218 2288 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:44:14.0249 2288 RasSstp - ok
18:44:14.0280 2288 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:44:14.0327 2288 rdbss - ok
18:44:14.0343 2288 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
18:44:14.0358 2288 rdpbus - ok
18:44:14.0374 2288 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:44:14.0436 2288 RDPCDD - ok
18:44:14.0452 2288 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:44:14.0483 2288 RDPENCDD - ok
18:44:14.0499 2288 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:44:14.0530 2288 RDPREFMP - ok
18:44:14.0546 2288 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:44:14.0592 2288 RDPWD - ok
18:44:14.0608 2288 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:44:14.0608 2288 rdyboost - ok
18:44:14.0639 2288 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:44:14.0686 2288 RemoteAccess - ok
18:44:14.0686 2288 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:44:14.0748 2288 RemoteRegistry - ok
18:44:14.0764 2288 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:44:14.0811 2288 RpcEptMapper - ok
18:44:14.0826 2288 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:44:14.0842 2288 RpcLocator - ok
18:44:14.0858 2288 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:44:14.0889 2288 RpcSs - ok
18:44:14.0904 2288 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:44:14.0936 2288 rspndr - ok
18:44:14.0982 2288 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
18:44:14.0998 2288 RTL8167 - ok
18:44:15.0045 2288 [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
18:44:15.0060 2288 RTL8192su - ok
18:44:15.0076 2288 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:44:15.0092 2288 SamSs - ok
18:44:15.0123 2288 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:44:15.0123 2288 sbp2port - ok
18:44:15.0154 2288 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:44:15.0216 2288 SCardSvr - ok
18:44:15.0216 2288 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:44:15.0263 2288 scfilter - ok
18:44:15.0294 2288 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:44:15.0341 2288 Schedule - ok
18:44:15.0357 2288 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:44:15.0388 2288 SCPolicySvc - ok
18:44:15.0404 2288 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:44:15.0435 2288 SDRSVC - ok
18:44:15.0450 2288 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:44:15.0482 2288 secdrv - ok
18:44:15.0528 2288 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:44:15.0591 2288 seclogon - ok
18:44:15.0622 2288 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:44:15.0669 2288 SENS - ok
18:44:15.0684 2288 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:44:15.0700 2288 SensrSvc - ok
18:44:15.0747 2288 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
18:44:15.0778 2288 Serenum - ok
18:44:15.0809 2288 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
18:44:15.0825 2288 Serial - ok
18:44:15.0856 2288 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:44:15.0887 2288 sermouse - ok
18:44:15.0934 2288 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:44:15.0981 2288 SessionEnv - ok
18:44:16.0012 2288 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:44:16.0059 2288 sffdisk - ok
18:44:16.0090 2288 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:44:16.0106 2288 sffp_mmc - ok
18:44:16.0121 2288 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:44:16.0137 2288 sffp_sd - ok
18:44:16.0168 2288 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:44:16.0184 2288 sfloppy - ok
18:44:16.0230 2288 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
18:44:16.0262 2288 Sftfs - ok
18:44:16.0308 2288 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
18:44:16.0340 2288 sftlist - ok
18:44:16.0355 2288 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:44:16.0371 2288 Sftplay - ok
18:44:16.0371 2288 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:44:16.0386 2288 Sftredir - ok
18:44:16.0386 2288 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
18:44:16.0402 2288 Sftvol - ok
18:44:16.0418 2288 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
18:44:16.0433 2288 sftvsa - ok
18:44:16.0464 2288 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:44:16.0496 2288 SharedAccess - ok
18:44:16.0527 2288 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:44:16.0574 2288 ShellHWDetection - ok
18:44:16.0605 2288 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:44:16.0605 2288 SiSRaid2 - ok
18:44:16.0636 2288 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:44:16.0652 2288 SiSRaid4 - ok
18:44:16.0714 2288 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:44:16.0745 2288 SkypeUpdate - ok
18:44:16.0776 2288 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:44:16.0808 2288 Smb - ok
18:44:16.0823 2288 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:44:16.0839 2288 SNMPTRAP - ok
18:44:16.0839 2288 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:44:16.0854 2288 spldr - ok
18:44:16.0886 2288 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:44:16.0917 2288 Spooler - ok
18:44:17.0010 2288 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:44:17.0088 2288 sppsvc - ok
18:44:17.0104 2288 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:44:17.0135 2288 sppuinotify - ok
18:44:17.0151 2288 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:44:17.0182 2288 srv - ok
18:44:17.0198 2288 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:44:17.0213 2288 srv2 - ok
18:44:17.0229 2288 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:44:17.0244 2288 srvnet - ok
18:44:17.0276 2288 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:44:17.0338 2288 SSDPSRV - ok
18:44:17.0354 2288 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:44:17.0385 2288 SstpSvc - ok
18:44:17.0400 2288 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:44:17.0400 2288 stexstor - ok
18:44:17.0432 2288 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:44:17.0478 2288 stisvc - ok
18:44:17.0494 2288 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:44:17.0510 2288 swenum - ok
18:44:17.0525 2288 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:44:17.0556 2288 swprv - ok
18:44:17.0619 2288 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:44:17.0712 2288 SysMain - ok
18:44:17.0728 2288 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:44:17.0744 2288 TabletInputService - ok
18:44:17.0759 2288 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:44:17.0790 2288 TapiSrv - ok
18:44:17.0806 2288 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:44:17.0853 2288 TBS - ok
18:44:17.0884 2288 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:44:17.0931 2288 Tcpip - ok
18:44:17.0946 2288 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:44:17.0993 2288 TCPIP6 - ok
18:44:18.0009 2288 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:44:18.0040 2288 tcpipreg - ok
18:44:18.0071 2288 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:44:18.0087 2288 TDPIPE - ok
18:44:18.0118 2288 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:44:18.0134 2288 TDTCP - ok
18:44:18.0149 2288 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:44:18.0180 2288 tdx - ok
18:44:18.0212 2288 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:44:18.0212 2288 TermDD - ok
18:44:18.0243 2288 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:44:18.0290 2288 TermService - ok
18:44:18.0321 2288 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:44:18.0352 2288 Themes - ok
18:44:18.0368 2288 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:44:18.0399 2288 THREADORDER - ok
18:44:18.0414 2288 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:44:18.0461 2288 TrkWks - ok
18:44:18.0524 2288 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:44:18.0586 2288 TrustedInstaller - ok
18:44:18.0602 2288 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:44:18.0648 2288 tssecsrv - ok
18:44:18.0664 2288 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:44:18.0680 2288 TsUsbFlt - ok
18:44:18.0711 2288 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:44:18.0742 2288 TsUsbGD - ok
18:44:18.0789 2288 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:44:18.0851 2288 tunnel - ok
18:44:18.0867 2288 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:44:18.0882 2288 uagp35 - ok
18:44:18.0898 2288 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:44:18.0960 2288 udfs - ok
18:44:18.0976 2288 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:44:19.0007 2288 UI0Detect - ok
18:44:19.0038 2288 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:44:19.0054 2288 uliagpkx - ok
18:44:19.0085 2288 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:44:19.0101 2288 umbus - ok
18:44:19.0116 2288 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:44:19.0148 2288 UmPass - ok
18:44:19.0163 2288 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:44:19.0210 2288 upnphost - ok
18:44:19.0226 2288 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:44:19.0272 2288 usbccgp - ok
18:44:19.0319 2288 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:44:19.0350 2288 usbcir - ok
18:44:19.0382 2288 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:44:19.0397 2288 usbehci - ok
18:44:19.0428 2288 [ 573D192E268F0C5B486B7E96F661E538 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
18:44:19.0444 2288 usbfilter - ok
18:44:19.0460 2288 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
18:44:19.0491 2288 usbhub - ok
18:44:19.0506 2288 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:44:19.0538 2288 usbohci - ok
18:44:19.0569 2288 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:44:19.0600 2288 usbprint - ok
18:44:19.0631 2288 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:44:19.0694 2288 USBSTOR - ok
18:44:19.0740 2288 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:44:19.0772 2288 usbuhci - ok
18:44:19.0787 2288 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:44:19.0818 2288 UxSms - ok
18:44:19.0834 2288 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:44:19.0850 2288 VaultSvc - ok
18:44:19.0865 2288 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:44:19.0881 2288 vdrvroot - ok
18:44:19.0912 2288 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:44:19.0959 2288 vds - ok
18:44:19.0974 2288 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:44:19.0990 2288 vga - ok
18:44:20.0006 2288 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:44:20.0052 2288 VgaSave - ok
18:44:20.0068 2288 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:44:20.0084 2288 vhdmp - ok
18:44:20.0099 2288 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:44:20.0115 2288 viaide - ok
18:44:20.0130 2288 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:44:20.0146 2288 volmgr - ok
18:44:20.0162 2288 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:44:20.0177 2288 volmgrx - ok
18:44:20.0193 2288 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:44:20.0208 2288 volsnap - ok
18:44:20.0240 2288 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:44:20.0240 2288 vsmraid - ok
18:44:20.0286 2288 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:44:20.0349 2288 VSS - ok
18:44:20.0349 2288 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:44:20.0380 2288 vwifibus - ok
18:44:20.0411 2288 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:44:20.0427 2288 vwififlt - ok
18:44:20.0442 2288 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:44:20.0474 2288 W32Time - ok
18:44:20.0520 2288 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:44:20.0552 2288 WacomPen - ok
18:44:20.0598 2288 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:44:20.0645 2288 WANARP - ok
18:44:20.0645 2288 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:44:20.0676 2288 Wanarpv6 - ok
18:44:20.0801 2288 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:44:20.0864 2288 WatAdminSvc - ok
18:44:20.0910 2288 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:44:20.0988 2288 wbengine - ok
18:44:21.0004 2288 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:44:21.0035 2288 WbioSrvc - ok
18:44:21.0066 2288 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:44:21.0144 2288 wcncsvc - ok
18:44:21.0160 2288 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:44:21.0191 2288 WcsPlugInService - ok
18:44:21.0207 2288 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:44:21.0222 2288 Wd - ok
18:44:21.0238 2288 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:44:21.0269 2288 Wdf01000 - ok
18:44:21.0285 2288 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:44:21.0300 2288 WdiServiceHost - ok
18:44:21.0316 2288 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:44:21.0332 2288 WdiSystemHost - ok
18:44:21.0332 2288 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:44:21.0347 2288 WebClient - ok
18:44:21.0378 2288 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:44:21.0425 2288 Wecsvc - ok
18:44:21.0472 2288 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:44:21.0534 2288 wercplsupport - ok
18:44:21.0550 2288 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:44:21.0597 2288 WerSvc - ok
18:44:21.0612 2288 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:44:21.0644 2288 WfpLwf - ok
18:44:21.0675 2288 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:44:21.0675 2288 WIMMount - ok
18:44:21.0706 2288 WinDefend - ok
18:44:21.0706 2288 WinHttpAutoProxySvc - ok
18:44:21.0753 2288 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:44:21.0831 2288 Winmgmt - ok
18:44:21.0893 2288 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:44:21.0987 2288 WinRM - ok
18:44:22.0034 2288 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:44:22.0034 2288 WinUsb - ok
18:44:22.0065 2288 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:44:22.0112 2288 Wlansvc - ok
18:44:22.0190 2288 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:44:22.0205 2288 wlcrasvc - ok
18:44:22.0299 2288 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:44:22.0361 2288 wlidsvc - ok
18:44:22.0361 2288 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:44:22.0392 2288 WmiAcpi - ok
18:44:22.0408 2288 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:44:22.0455 2288 wmiApSrv - ok
18:44:22.0470 2288 WMPNetworkSvc - ok
18:44:22.0486 2288 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:44:22.0502 2288 WPCSvc - ok
18:44:22.0517 2288 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:44:22.0533 2288 WPDBusEnum - ok
18:44:22.0548 2288 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:44:22.0595 2288 ws2ifsl - ok
18:44:22.0611 2288 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:44:22.0642 2288 wscsvc - ok
18:44:22.0642 2288 WSearch - ok
18:44:22.0673 2288 [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA ] wsvd C:\Windows\system32\DRIVERS\wsvd.sys
18:44:22.0689 2288 wsvd - ok
18:44:22.0767 2288 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:44:22.0845 2288 wuauserv - ok
18:44:22.0860 2288 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:44:22.0907 2288 WudfPf - ok
18:44:22.0938 2288 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:44:22.0970 2288 WUDFRd - ok
18:44:23.0001 2288 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:44:23.0048 2288 wudfsvc - ok
18:44:23.0079 2288 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:44:23.0110 2288 WwanSvc - ok
18:44:23.0157 2288 ================ Scan global ===============================
18:44:23.0172 2288 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:44:23.0188 2288 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:44:23.0204 2288 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:44:23.0235 2288 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:44:23.0266 2288 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:44:23.0282 2288 [Global] - ok
18:44:23.0282 2288 ================ Scan MBR ==================================
18:44:23.0297 2288 [ 8BCB23B30DB1819E7D8DDAE01AEBB583 ] \Device\Harddisk0\DR0
18:44:26.0121 2288 \Device\Harddisk0\DR0 - ok
18:44:26.0121 2288 ================ Scan VBR ==================================
18:44:26.0152 2288 [ EDD1B3901780B9213D4FC96A17D5FAB6 ] \Device\Harddisk0\DR0\Partition1
18:44:26.0152 2288 \Device\Harddisk0\DR0\Partition1 - ok
18:44:26.0168 2288 [ FA92D7C756E5B6EE75F4B4BA968F882B ] \Device\Harddisk0\DR0\Partition2
18:44:26.0183 2288 \Device\Harddisk0\DR0\Partition2 - ok
18:44:26.0199 2288 [ 91B467B0C2818BCA93D4211F419BB818 ] \Device\Harddisk0\DR0\Partition3
18:44:26.0214 2288 \Device\Harddisk0\DR0\Partition3 - ok
18:44:26.0214 2288 ============================================================
18:44:26.0214 2288 Scan finished
18:44:26.0214 2288 ============================================================
18:44:26.0230 4992 Detected object count: 0
18:44:26.0230 4992 Actual detected object count: 0
|
|
| Themen zu U-Search und Startsear - in der Suchmaschine |
| adobe, antivir, autorun, avira, bho, browser, converter, defender, desktop, document, error, excel, explorer, firefox, flash player, format, home, install.exe, internet, logfile, microsoft office starter 2010, mozilla, mp3, msiexec.exe, plug-in, realtek, richtlinie, security, software, spyware, startsear.ch, suchmaschine, sweetim, trojan.startpage, u-search.net, unfreiwillig, ändern |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
