| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Funde von Malwarebytes (5 REgistry Keys, 2 Files)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.12.2012, 00:53
| #1 | |
 |  Funde von Malwarebytes (5 REgistry Keys, 2 Files) Hallo! Erster Post seid gnädig  Ich habe mir Malwarebytes geholt und einen Systemcheck gemacht. Es fand 5 Infizierungen, davon waren 2 Files und 5 Registry keys. Dies sind die wichtigen Teile des Logs: Zitat:
Wichtig: Seltsamerweise existiert der Ordner "Temp1_1957-coladosenhalter[1].zip" nicht als ich in dem Temp Ordner suchte. Trotzdem wurde dort ein Virus gefunden. Vielleicht wichtig: Ich habe die Datei in dem system32 Ordner (nvs2.inf) von Kaspersky Pure auf Viren untersuchen lassen. Kaspersky erkannte KEINE Bedrohung. Ich besitzt Hijack This, weiß aber nicht genau was ich damit machen soll. Das Komplette Log ist im Anhang. Ich hab gesehen, dass logs normalerweise in Spoilern stehen. Wie erstellt man die? MFG Rupertbayern |
|
10.12.2012, 16:10
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Funde von Malwarebytes (5 REgistry Keys, 2 Files) Hallo und
__________________ Warum postest du das Log unvollstämdig, das macht doch keinen Sinn!  Poste die Logs immer vollständig! Bitte beachten => http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
11.12.2012, 18:24
| #3 |
| | Funde von Malwarebytes (5 REgistry Keys, 2 Files) Ok danke hier sind die Logs:
__________________Zuerst Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.08.05 Windows Vista x86 NTFS Internet Explorer 7.0.6000.16982 Name :: Name [Administrator] Schutz: Deaktiviert 08.12.2012 19:57:28 mbam-log-2012-12-08 (23-11-14).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 263865 Laufzeit: 54 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 5 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (Adware.VideoEgg) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\AdTools, Inc. (Adware.AdTools) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\fcn (Rogue.Residue) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\IGB (Rogue.Residue) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Name 2\AppData\Local\Temp\Temp1_1957-coladosenhalter[1].zip\coladosenhalter.exe (PUP.Joke.Geschenk) -> Keine Aktion durchgeführt. C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Keine Aktion durchgeführt. (Ende) HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:45:39, on 09.12.2012 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16982) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\ModLEDKey.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\avmwlanstick\FRITZWLanMini.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Users\Name\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\MOUSE Editor\MouseEditor.exe C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Targa VFD Display\Targa VFD Display.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\conime.exe J:\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Defraggler\Defraggler.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Taskmgr.exe C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mein Name\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe J:\Chrome Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll O1 - Hosts: localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [MoLed] ModLEDKey.exe O4 - HKLM\..\Run: [AuditVista] O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe" O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [StartCCC] "J:\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [OscarEditor] "C:\Program Files\MOUSE Editor\MouseEditor.exe" Minimum O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Startup: Xfire.lnk = C:\Users\Mein Name\Documents\Xfire\Xfire.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Free YouTube Download - C:\Users\Mein Name\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Mein Name\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O15 - Trusted Zone: *.clonewarsadventures.com O15 - Trusted Zone: *.freerealms.com O15 - Trusted Zone: *.soe.com O15 - Trusted Zone: *.sony.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - hxxp://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - hxxp://asp04.photoprintit.de/microsite/5372/defaults/activex/IPSUploader.cab O20 - AppInit_DLLs: C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL, C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll, C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Kaspersky PURE (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Verwaltungsservice vom CryproStorage-System (CSObjectsSrv) - Infowatch - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe O23 - Service: Freemium Self Update Service (FreemiumSelfUpdateService) - Unknown owner - C:\Program Files\Freetec\SystemStore\Freemium.SelfUpdate.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c9aaf7304af78b) (gupdate1c9aaf7304af78b) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - J:\HiPatchService.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - J:\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - J:\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: MySecurityCenter License Service - Unknown owner - C:\Program Files\MySecurityCenter\Programs\service.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Self Update Service (SelfUpdateService) - Unknown owner - C:\Program Files\Freetec\SystemStore\SelfUpdate.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: System Store (SystemStore) - Unknown owner - C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe O23 - Service: System Store Service (SystemStoreService) - Unknown owner - C:\Program Files\Freetec\SystemStore\SystemStore.exe O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe -- End of file - 14954 bytes Programm OTL Das erste mit dem Namen OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.12.2012 01:29:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\"Mein Name"\Desktop Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 42,65% Memory free 7,22 Gb Paging File | 5,27 Gb Available in Paging File | 72,96% Paging File free Paging file location(s): c:\pagefile.sys 9000 9000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 8,80 Gb Free Space | 1,93% Space Free | Partition Type: NTFS Drive D: | 5,69 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive J: | 732,42 Gb Total Space | 183,59 Gb Free Space | 25,07% Space Free | Partition Type: NTFS Drive R: | 199,09 Gb Total Space | 38,56 Gb Free Space | 19,37% Space Free | Partition Type: NTFS Computer Name: Name | User Name: Name | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.09 01:02:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\"Mein Name"\Desktop\OTL.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- J:\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.26 16:59:56 | 005,686,272 | ---- | M] () -- C:\Program Files\Freetec\SystemStore\Freemium.SelfUpdate.exe PRC - [2012.09.21 12:45:08 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe PRC - [2012.08.15 11:44:44 | 000,008,704 | ---- | M] (Hi-Rez Studios) -- J:\HiPatchService.exe PRC - [2012.04.24 13:21:01 | 000,014,848 | ---- | M] () -- C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe PRC - [2012.02.22 03:26:24 | 003,325,952 | ---- | M] () -- C:\Program Files\MOUSE Editor\MouseEditor.exe PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe PRC - [2010.10.01 21:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe PRC - [2010.08.27 02:07:06 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2009.12.21 16:34:38 | 000,743,992 | ---- | M] (Infowatch) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe PRC - [2008.12.18 14:32:52 | 000,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- J:\ATI\ATI.ACE\Core-Static\MOM.exe PRC - [2008.12.18 13:19:44 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- J:\ATI\ATI.ACE\Core-Static\CCC.exe PRC - [2008.06.03 11:35:22 | 000,078,696 | ---- | M] () -- C:\Program Files\MySecurityCenter\Programs\Service.exe PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2007.04.22 08:34:58 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2006.11.09 16:15:06 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModLEDKey.exe ========== Modules (No Company Name) ========== MOD - [2012.12.08 20:57:03 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll MOD - [2012.12.08 20:57:03 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3693.42556__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll MOD - [2012.12.08 20:57:02 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2012.12.08 20:57:02 | 000,692,224 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3693.42508__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll MOD - [2012.12.08 20:57:02 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2012.12.08 20:57:02 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3693.42522__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2012.12.08 20:57:02 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2012.12.08 20:57:02 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2012.12.08 20:57:02 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2012.12.08 20:57:02 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3693.42517__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2012.12.08 20:57:02 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.42450__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2012.12.08 20:57:02 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3693.42499__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2012.12.08 20:57:02 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3693.42456__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2012.12.08 20:57:02 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2012.12.08 20:57:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.42451__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2012.12.08 20:57:02 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll MOD - [2012.12.08 20:57:02 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll MOD - [2012.12.08 20:57:01 | 001,036,288 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.3693.42473__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.dll MOD - [2012.12.08 20:57:01 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3693.42488__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2012.12.08 20:57:01 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3693.42512__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2012.12.08 20:57:01 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2012.12.08 20:57:01 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2012.12.08 20:57:01 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2012.12.08 20:57:01 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2012.12.08 20:57:01 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2012.12.08 20:57:01 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.3693.42472__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.dll MOD - [2012.12.08 20:57:01 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3693.42503__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2012.12.08 20:57:01 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3693.42536__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2012.12.08 20:57:00 | 000,798,720 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3693.42518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2012.12.08 20:57:00 | 000,712,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3693.42452__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2012.12.08 20:57:00 | 000,675,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3693.42500__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll MOD - [2012.12.08 20:57:00 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2012.12.08 20:57:00 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3693.42482__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2012.12.08 20:57:00 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2012.12.08 20:57:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2012.12.08 20:57:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2012.12.08 20:57:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2012.12.08 20:57:00 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2012.12.08 20:57:00 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3693.42497__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2012.12.08 20:57:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2012.12.08 20:57:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2012.12.08 20:57:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2012.12.08 20:57:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2012.12.08 20:57:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2012.12.08 20:57:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2012.12.08 20:56:59 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll MOD - [2012.12.08 20:56:59 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2012.12.08 20:56:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2012.12.08 20:56:59 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll MOD - [2012.12.08 20:56:59 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2012.12.08 20:56:59 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2012.12.08 20:56:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2012.12.08 20:56:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2012.12.08 20:56:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2012.12.08 20:56:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2012.12.08 20:56:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll MOD - [2012.12.08 20:56:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll MOD - [2012.12.08 20:56:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2012.12.08 20:56:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll MOD - [2012.12.08 20:56:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2012.12.08 20:56:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2012.12.08 20:56:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2012.12.08 20:56:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2012.12.08 20:56:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2012.12.08 20:56:59 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2012.12.08 20:56:58 | 000,503,808 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3693.42564__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2012.12.08 20:56:58 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2012.12.08 20:56:58 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2012.12.08 20:56:58 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2012.12.08 20:56:58 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2012.12.08 20:56:58 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2012.12.08 20:56:58 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2012.12.08 20:56:58 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2012.12.08 20:56:58 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2012.12.08 20:56:58 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2012.12.08 20:56:58 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2012.12.08 20:56:58 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2012.12.08 20:56:58 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2012.12.08 20:56:58 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2012.12.08 20:56:58 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3309.28633__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.dll MOD - [2012.12.08 20:56:58 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2012.12.08 20:56:58 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2012.12.08 20:56:58 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2012.12.08 20:56:58 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll MOD - [2012.12.08 20:56:58 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2012.12.08 20:56:57 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2012.12.08 20:56:57 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2012.12.08 20:56:57 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll MOD - [2012.12.08 20:56:57 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2012.12.08 20:56:57 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2012.12.08 20:56:57 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2012.12.08 20:56:57 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2012.12.08 20:56:57 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2012.12.08 20:56:57 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2012.12.08 20:56:57 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2012.12.08 20:56:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2012.12.08 20:56:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2012.12.08 20:56:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2012.12.08 20:56:57 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2012.12.08 20:56:57 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2012.12.08 20:56:57 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3693.42437__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2012.12.08 20:56:56 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2012.12.08 20:56:56 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2012.12.08 20:56:55 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll MOD - [2012.12.08 20:56:55 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3693.42439__90ba9c70f846762e\APM.Server.dll MOD - [2012.12.08 20:56:55 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll MOD - [2012.12.08 20:56:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2012.12.08 20:56:55 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll MOD - [2012.12.08 20:56:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2012.02.22 03:26:24 | 003,325,952 | ---- | M] () -- C:\Program Files\MOUSE Editor\MouseEditor.exe MOD - [2012.02.07 04:20:13 | 002,413,568 | ---- | M] () -- C:\Program Files\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll MOD - [2011.11.12 11:56:53 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03858406f9a9514402888707e8b93abe\System.Web.ni.dll MOD - [2011.11.12 11:56:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll MOD - [2011.11.12 11:56:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll MOD - [2011.11.12 11:56:11 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\cccf9e783368088a6d357cc45f446478\Accessibility.ni.dll MOD - [2011.11.12 08:49:46 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll MOD - [2011.11.12 08:49:19 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll MOD - [2011.11.12 08:49:06 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll MOD - [2011.08.10 06:43:19 | 000,118,272 | ---- | M] () -- C:\Program Files\MOUSE Editor\dll\DLL_Wheel4D.dll MOD - [2011.04.12 08:14:04 | 000,063,488 | ---- | M] () -- C:\Program Files\MOUSE Editor\dll\DLL_AnalyzeGesturesInRight.dll MOD - [2011.03.21 12:33:17 | 000,999,424 | ---- | M] () -- C:\Program Files\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll MOD - [2011.01.09 13:45:55 | 000,088,064 | ---- | M] () -- C:\Program Files\MOUSE Editor\dll\DLL_MouseDeviceManager.dll MOD - [2010.12.12 23:06:09 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll MOD - [2010.12.12 22:54:29 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll MOD - [2010.12.02 10:56:52 | 000,815,104 | ---- | M] () -- C:\Program Files\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll MOD - [2010.11.01 13:16:00 | 000,062,976 | ---- | M] () -- C:\Program Files\MOUSE Editor\dll\DLL_AnalyzeGesturesInOne.dll MOD - [2010.10.01 21:05:46 | 008,972,888 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\QtGui4.dll MOD - [2010.10.01 21:05:42 | 002,456,152 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\QtCore4.dll MOD - [2010.10.01 20:07:46 | 000,733,184 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\localization_manager.dll MOD - [2010.09.20 07:18:57 | 000,085,504 | ---- | M] () -- C:\Program Files\MOUSE Editor\dll\DLL_ZoomControl.dll MOD - [2010.09.20 07:18:54 | 000,054,272 | ---- | M] () -- C:\Program Files\MOUSE Editor\dll\DLL_ScrollbarControl.dll MOD - [2010.08.26 22:58:50 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.11.24 13:36:36 | 000,016,384 | R--- | M] () -- J:\ATI\ATI.ACE\Branding\Branding.dll MOD - [2009.10.30 19:32:30 | 000,410,496 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\dblite.dll MOD - [2009.08.23 18:58:06 | 000,094,208 | ---- | M] () -- J:\Filezilla\FileZilla FTP Client\fzshellext.dll MOD - [2007.01.26 10:58:50 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2006.11.02 16:27:19 | 000,430,080 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - File not found [Disabled | Stopped] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize) SRV - [2012.11.25 14:14:08 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.11.14 07:42:56 | 005,663,232 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Freetec\SystemStore\SelfUpdate.exe -- (SelfUpdateService) SRV - [2012.11.14 07:42:27 | 009,016,320 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Freetec\SystemStore\SystemStore.exe -- (SystemStoreService) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- J:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- J:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.26 16:59:56 | 005,686,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Freetec\SystemStore\Freemium.SelfUpdate.exe -- (FreemiumSelfUpdateService) SRV - [2012.08.15 11:44:44 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- J:\HiPatchService.exe -- (HiPatchService) SRV - [2012.04.24 13:21:01 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe -- (SystemStore) SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.10.01 21:06:36 | 000,348,760 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe -- (AVP) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009.12.21 16:34:38 | 000,743,992 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv) SRV - [2009.07.20 18:36:00 | 003,321,152 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2009.01.05 17:01:52 | 000,122,880 | ---- | M] (Sony DADC Austria AG.) [Auto | Stopped] -- C:\Windows\System32\UAService7.exe -- (UserAccess7) SRV - [2008.06.03 11:35:22 | 000,078,696 | ---- | M] () [Auto | Running] -- C:\Program Files\MySecurityCenter\Programs\Service.exe -- (MySecurityCenter License Service) SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2007.04.22 08:34:57 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.01.30 23:46:04 | 000,299,093 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) SRV - [2007.01.30 23:46:04 | 000,127,059 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) SRV - [2006.10.23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva370.sys -- (XDva370) DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\NIKOLA~1\AppData\Local\Temp\sony_ssm.sys -- (sony_ssm.sys) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.12.08 19:55:07 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.04.30 18:11:35 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF) DRV - [2011.12.04 22:23:51 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2011.08.15 14:51:40 | 000,054,144 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dvdfab.sys -- (dvdfab) DRV - [2010.03.25 19:06:30 | 000,099,728 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV - [2010.03.25 19:06:28 | 000,123,856 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv) DRV - [2010.03.25 19:06:26 | 000,110,608 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt) DRV - [2010.03.25 19:06:26 | 000,041,680 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon) DRV - [2010.03.25 17:53:14 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010.02.03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009.12.14 11:44:24 | 000,088,632 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\CSCrySec.sys -- (CSCrySec) DRV - [2009.12.14 11:44:24 | 000,039,352 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv) DRV - [2009.10.26 14:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2009.10.14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\klbg.sys -- (KLBG) DRV - [2009.10.08 15:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.10.02 18:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt) DRV - [2009.09.14 13:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6) DRV - [2009.09.01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1) DRV - [2007.11.18 02:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.08.09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32) DRV - [2007.06.29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2007.02.21 13:33:54 | 000,080,232 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\sleen15.sys -- (SLEE_15_DRIVER) DRV - [2007.02.07 15:57:42 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo) DRV - [2007.01.26 10:58:50 | 002,305,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2007.01.26 10:58:50 | 002,305,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007.01.23 14:36:46 | 000,299,776 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw88tse.sys -- (HCW88TSE) DRV - [2007.01.23 14:25:30 | 000,207,872 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcw88bda.sys -- (HCW88BDA) DRV - [2007.01.23 14:25:14 | 000,011,904 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Running] -- C:\Windows\System32\drivers\hcw88aud.sys -- (HCW88AUD) DRV - [2006.11.01 21:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) DRV - [2006.10.30 04:31:58 | 000,043,648 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV - [2006.04.06 00:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2006.02.07 12:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\JGOGO.sys -- (JGOGO) DRV - [2005.01.04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLA_de IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=pb_kl1x2hY22OwYv0JBoD9wWflI?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.4 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.6 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.1.0.124 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.4 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:1.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\"Mein Name"\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\"Mein Name"\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\"Mein Name"\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.05 17:42:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.15 23:07:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.25 23:44:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2012.04.30 18:15:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\"Mein Name"\Program Files\DNA [2009.08.28 14:43:16 | 000,000,000 | ---D | M] [2008.06.21 21:02:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Extensions [2012.07.23 16:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions [2010.02.02 18:25:45 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2010.04.30 13:36:04 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2010.09.30 20:11:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.09.25 11:46:06 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.04.30 13:35:55 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.05.28 18:42:48 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.05.10 20:29:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.15 19:18:10 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.07.15 19:18:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.30 13:40:34 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.01.07 17:12:01 | 000,000,000 | ---D | M] (CustomizeGoogle) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{fce36c1e-58d8-498a-b2a5-66ad1cedebbb} [2010.07.01 20:55:24 | 000,000,000 | ---D | M] () -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\fbdislike@doweb.fr [2010.01.05 15:50:33 | 000,000,000 | ---D | M] (Ubiquity) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\ubiquity@labs.mozilla.com [2010.04.30 19:50:07 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\Firefox\Profiles\wloyt4hw.default\extensions\YoutubeDownloader@PeterOlayev.com [2012.07.23 16:39:10 | 000,000,950 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\firefox\profiles\wloyt4hw.default\searchplugins\icqplugin-1.xml [2009.08.16 18:58:14 | 000,000,950 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\firefox\profiles\wloyt4hw.default\searchplugins\icqplugin-2.xml [2009.08.16 20:18:24 | 000,000,950 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\firefox\profiles\wloyt4hw.default\searchplugins\icqplugin-3.xml [2009.09.14 07:09:13 | 000,000,950 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\firefox\profiles\wloyt4hw.default\searchplugins\icqplugin-4.xml [2011.05.28 18:42:47 | 000,000,168 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\firefox\profiles\wloyt4hw.default\searchplugins\icqplugin.gif [2011.05.28 18:42:47 | 000,000,618 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\firefox\profiles\wloyt4hw.default\searchplugins\icqplugin.src [2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Roaming\mozilla\firefox\profiles\wloyt4hw.default\searchplugins\icqplugin.xml [2012.04.30 18:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2009.06.16 17:50:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.05.21 15:01:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.30 17:48:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.15 19:19:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.23 22:38:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.20 13:37:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.22 19:25:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.03.12 16:26:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.04.30 18:18:47 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.03.05 17:42:38 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX [2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.05.21 21:03:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.05.21 21:03:15 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.05.21 21:03:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.05.21 21:03:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.05.21 21:03:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://start.icq.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://start.icq.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll CHR - plugin: DNA Plug-in (Enabled) = C:\Users\"Mein Name"\Program Files\DNA\plugins\npbtdna.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: LoL Stream Browser = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp\1.1.6.4_0\ CHR - Extension: AdBlock = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.49_0\ CHR - Extension: Reddit Enhancement Suite = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.1.5_0\ CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkdbaehcjcomcnnjhlmnfddpgoafpcko\1.0.6_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\ CHR - Extension: Google Mail = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012.09.19 20:38:29 | 000,000,733 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: localhost O1 - Hosts: 127.0.0.1 O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab) O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files\XfireXO\tbXfir.dll (Conduit Ltd.) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AuditVista] File not found O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe () O4 - HKLM..\Run: [MoLed] ModLEDKey.exe File not found O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [setc] C:\Program Files\MySecurityCenter\Programs\setc.exe (MySecurityCenter) O4 - HKLM..\Run: [StartCCC] J:\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [OscarEditor] C:\Program Files\MOUSE Editor\MouseEditor.exe () O4 - Startup: C:\Users\"Mein Name"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Users\"Mein Name"\Documents\Xfire\Xfire.exe (Xfire Inc.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\"Mein Name"\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\"Mein Name"\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm () O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://asp04.photoprintit.de/microsite/5372/defaults/activex/IPSUploader.cab (IPSUploader Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58A9C5FC-1915-4D77-B2E2-566E50F1BDA9}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg O29 - HKLM SecurityProviders - (credssp.dll) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{04583408-b94c-11e1-995b-001a926c2bd3}\Shell\AutoRun\command - "" = P:\Menu.exe O33 - MountPoints2\{0cf12b6b-f143-11de-bce0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0cf12b6b-f143-11de-bce0-806e6f6e6963}\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a O33 - MountPoints2\{47243f02-2e25-11e2-b2e5-001a926c2bd3}\Shell\AutoRun\command - "" = H:\Menu.exe O33 - MountPoints2\{5ad2bbfd-a733-11e0-bd60-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{5ad2bbfd-a733-11e0-bd60-806e6f6e6963}\Shell\AutoRun\command - "" = H:\pushinst.exe O33 - MountPoints2\{65546bb1-3985-11df-a8a6-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{65546bb1-3985-11df-a8a6-00038a000015}\Shell\AutoRun\command - "" = F:\Launcher.exe O33 - MountPoints2\{f1d9adf8-f147-11de-802b-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{f1d9adf8-f147-11de-802b-00038a000015}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\H\Shell\AutoRun\command - "" = Setup.exe O33 - MountPoints2\H\Shell\Install\command - "" = Setup.exe O33 - MountPoints2\N\Shell - "" = AutoRun O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a O33 - MountPoints2\O\Shell - "" = AutoRun O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.09 01:25:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\"Mein Name"\Desktop\OTL.exe [2012.12.08 20:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.12.08 20:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.12.08 20:53:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.12.08 20:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2012.12.08 19:55:07 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.11.30 23:30:29 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Roaming\Malwarebytes [2012.11.30 23:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.30 23:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.30 23:27:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.30 23:06:22 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2012.11.30 18:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.11.27 21:24:59 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends [2012.11.23 22:16:26 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\Desktop\info 2012 [2012.11.19 09:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Software [2012.11.19 09:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\MOUSE Editor [2012.11.17 20:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2012.11.17 20:33:59 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Roaming\OpenCandy [2012.11.12 19:56:31 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Local\Senstic [2012.11.12 19:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Senstic [2012.11.12 19:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Senstic [2011.01.28 22:54:25 | 000,367,081 | ---- | C] (UTDM & NoBS ) -- C:\Users\"Mein Name"\Punkbuster.Got.Busted.v1.5-NoBS-UTDM.exe [2010.08.26 20:54:36 | 096,962,344 | ---- | C] (Apple Inc.) -- C:\Users\"Mein Name"\iTunesSetup try.exe [2010.08.26 19:02:09 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Users\"Mein Name"\dotNetFx40_Full_setup.exe [2010.08.26 18:57:38 | 002,869,264 | ---- | C] (Microsoft Corporation) -- C:\Users\"Mein Name"\dotNetFx35setup.exe [2009.12.06 21:42:04 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\"Mein Name"\AppData\Roaming\pcouffin.sys [5 C:\Users\"Mein Name"\Documents\*.tmp files -> C:\Users\"Mein Name"\Documents\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.09 01:35:11 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4A3E76D0-E68C-4A21-B28E-86BC8A6BF4F3}.job [2012.12.09 01:35:00 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{51D01088-7933-438B-8322-599140E753AE}.job [2012.12.09 01:35:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6E7C662E-039E-4B71-9DDE-3A534EAA7812}.job [2012.12.09 01:32:01 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2965953352-1890760225-2496969144-1005UA.job [2012.12.09 01:26:18 | 000,007,808 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Local\d3d9caps.dat [2012.12.09 01:25:46 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cb0e3e4e232715.job [2012.12.09 01:20:24 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.09 01:20:23 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.09 01:19:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.09 01:13:38 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys [2012.12.09 01:03:09 | 000,000,020 | ---- | M] () -- C:\Users\"Mein Name"\defogger_reenable [2012.12.09 01:02:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\"Mein Name"\Desktop\OTL.exe [2012.12.09 00:50:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.09 00:28:13 | 000,211,968 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.08 20:09:07 | 000,001,662 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2012.12.08 19:55:07 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.12.08 19:19:09 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.08 18:09:19 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl [2012.12.07 10:30:02 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.12.02 14:53:19 | 000,219,266 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\vvanchor3.JPG [2012.12.02 14:09:06 | 000,191,691 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\vvanchor2.JPG [2012.12.02 14:08:52 | 000,190,784 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\vvanchor.JPG [2012.12.02 11:32:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2965953352-1890760225-2496969144-1005Core.job [2012.12.02 10:17:50 | 000,102,169 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\rfo2.JPG [2012.12.02 10:17:28 | 000,194,171 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\rfo.JPG [2012.11.30 23:36:34 | 000,000,576 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.30 20:42:49 | 000,002,087 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\Google Chrome.lnk [2012.11.30 18:45:33 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.30 15:32:09 | 000,187,830 | ---- | M] () -- C:\Users\"Mein Name"y\Desktop\lol bug.JPG [2012.11.27 21:25:00 | 000,000,506 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\XAMPP Control Panel.lnk [2012.11.23 16:26:41 | 000,139,832 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.11.23 16:26:15 | 000,281,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2012.11.19 09:51:47 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Mouse Editor.lnk [2012.11.18 12:10:18 | 000,000,724 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\lol.launcher.admin.exe - Verknüpfung.lnk [2012.11.17 22:51:05 | 000,281,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2012.11.17 20:34:29 | 000,000,992 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\DVDVideoSoft Free Studio.lnk [2012.11.17 20:34:28 | 000,000,696 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\Free YouTube Download.lnk [2012.11.17 20:16:38 | 000,712,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.17 20:16:38 | 000,142,794 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.17 20:16:37 | 000,764,096 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.17 20:16:37 | 000,166,684 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.13 21:36:14 | 000,002,591 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\Microsoft Office Word 2007.lnk [2012.11.13 07:33:07 | 000,107,285 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\zauber.jpg [2012.11.12 18:01:26 | 000,150,962 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\zauberflööte.JPG [5 C:\Users\"Mein Name"\Documents\*.tmp files -> C:\Users\"Mein Name"\Documents\*.tmp -> ] [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.09 01:02:47 | 000,000,020 | ---- | C] () -- C:\Users\"Mein Name"\defogger_reenable [2012.12.08 20:09:07 | 000,001,662 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk [2012.12.08 19:19:09 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.06 12:21:41 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys [2012.12.02 14:53:16 | 000,219,266 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\vvanchor3.JPG [2012.12.02 14:09:03 | 000,191,691 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\vvanchor2.JPG [2012.12.02 14:08:44 | 000,190,784 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\vvanchor.JPG [2012.12.02 10:17:47 | 000,102,169 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\rfo2.JPG [2012.12.02 10:17:25 | 000,194,171 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\rfo.JPG [2012.11.30 23:27:53 | 000,000,576 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.30 18:45:33 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.30 15:31:59 | 000,187,830 | ---- | C] () -- C:\Users\"Mein Name"y\Desktop\lol bug.JPG [2012.11.27 21:25:00 | 000,000,506 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\XAMPP Control Panel.lnk [2012.11.19 09:51:47 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Mouse Editor.lnk [2012.11.18 12:10:22 | 000,000,724 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\lol.launcher.admin.exe - Verknüpfung.lnk [2012.11.17 20:34:28 | 000,000,696 | ---- | C] () -- C:\Users\"Mein Name"y\Desktop\Free YouTube Download.lnk [2012.11.16 20:19:09 | 000,001,658 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LOL Recorder.lnk [2012.11.13 07:33:07 | 000,107,285 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\zauber.jpg [2012.11.12 18:01:23 | 000,150,962 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\zauberflööte.JPG [2012.10.24 05:27:50 | 000,042,440 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2012.06.05 00:27:31 | 000,000,053 | ---- | C] () -- C:\Users\"Mein Name"\jagex_cl_runescape_LIVE.dat [2012.06.05 00:27:31 | 000,000,001 | ---- | C] () -- C:\Users\"Mein Name"\random.dat [2012.04.30 18:18:23 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2012.04.30 18:18:23 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2012.01.15 19:25:34 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.01.11 18:01:33 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe [2012.01.02 23:34:23 | 000,000,600 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\winscp.rnd [2011.12.26 17:53:00 | 000,000,000 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\{194E177D-9D30-4CF7-B8D9-C1E24D923C40} [2011.07.05 19:28:11 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2011.06.19 09:07:37 | 000,000,102 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\fusioncache.dat [2011.05.31 13:28:58 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat [2011.04.27 10:36:05 | 117,342,208 | ---- | C] () -- C:\Users\"Mein Name"\kavkis.msi [2011.02.08 20:06:45 | 000,006,274 | ---- | C] () -- C:\Users\"Mein Name"\.recently-used.xbel [2011.02.05 15:17:39 | 000,281,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.01.23 17:52:05 | 000,061,208 | ---- | C] () -- C:\Windows\System32\MPEG4E-uninstall.exe [2010.10.23 19:49:20 | 000,000,458 | ---- | C] () -- C:\Users\"Mein Name"\NWT.lnk [2010.04.04 17:04:03 | 000,021,504 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\WebpageIcons.db [2009.12.26 15:11:24 | 000,138,904 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\PnkBstrK.sys [2009.12.06 21:47:45 | 000,001,041 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\vso_ts_preview.xml [2009.12.06 21:42:04 | 000,087,608 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\inst.exe [2009.12.06 21:42:04 | 000,007,887 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\pcouffin.cat [2009.12.06 21:42:04 | 000,001,144 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\pcouffin.inf [2009.01.21 16:13:35 | 000,000,099 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\wgkoaos.bat [2009.01.21 16:13:13 | 000,002,413 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\wgkoaos_navps.dat [2009.01.21 16:13:12 | 000,021,971 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\wgkoaos_nav.dat [2009.01.21 16:13:12 | 000,003,326 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\wgkoaos.dat [2008.07.13 14:03:28 | 000,000,099 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\ismxydep.bat [2007.08.30 21:08:32 | 000,211,968 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.04.30 15:55:13 | 000,000,552 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\d3d8caps.dat [2007.04.21 09:51:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.04.16 11:38:11 | 000,007,808 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\d3d9caps.dat [2007.04.14 19:37:42 | 000,005,526 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\wklnhst.dat [2007.04.14 18:46:40 | 000,001,346 | RHS- | C] () -- C:\Users\"Mein Name"\ntuser.pol ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.09.17 19:01:38 | 011,315,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.08.27 01:18:12 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010.04.26 19:35:43 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Canneverbe Limited [2010.05.30 13:10:50 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Chilirec [2012.12.08 19:26:21 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\DAEMON Tools Lite [2010.12.07 19:06:23 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Dev-Cpp [2011.12.18 17:50:00 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\DiskAid [2010.04.06 15:02:34 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Disney Interactive Studios [2009.08.28 14:35:28 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\DNA [2012.01.07 18:00:46 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\DocumentsToGoDesktop [2011.12.16 22:44:32 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Dropbox [2012.01.14 21:17:20 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\DVDFab [2012.11.17 20:34:50 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\DVDVideoSoft [2012.11.17 20:34:38 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.16 22:51:50 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\FileZilla [2010.01.05 17:06:11 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\FreeFLVConverter [2012.05.15 14:46:49 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Freemium [2009.11.03 16:42:06 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\FreeVideoConverter [2010.01.05 12:04:03 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\fretsonfire [2010.12.26 18:01:43 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\GARMIN [2011.02.08 20:06:45 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\gtk-2.0 [2010.01.08 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\IcoFX [2011.06.02 16:45:34 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\ICQ [2008.11.14 19:28:41 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\InterTrust [2010.12.12 22:57:58 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\iTSfv [2011.08.05 18:04:23 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Jens Lorek [2010.05.16 16:32:56 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Leadertech [2010.05.10 19:30:07 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Leawo [2011.10.18 12:59:37 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\LolClient [2012.05.24 19:01:15 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\LolClient2 [2011.12.24 15:26:54 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\MAGIX [2010.05.10 20:36:09 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\MPEG Streamclip [2011.04.04 16:35:38 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Notepad++ [2009.10.07 16:20:06 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\OCS [2012.11.17 20:33:59 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\OpenCandy [2009.12.01 12:52:49 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Opera [2012.08.09 11:07:16 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Origin [2012.09.19 20:25:14 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\redsn0w [2009.01.29 18:39:36 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Serif [2010.10.01 19:17:57 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\SharePod [2010.04.04 17:16:41 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Similarity [2011.12.16 23:13:20 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\smc [2010.01.15 18:28:05 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Soldat [2009.12.20 18:17:07 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\streamripper [2011.09.18 18:44:46 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\TCXConverter [2009.04.26 15:57:12 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Template [2009.09.10 07:28:38 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\TubeBox [2011.05.10 15:55:04 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Uploader.6A755FBD4A9495E76557F9D696C5965FE7FBEA15.1 [2012.12.08 19:26:21 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Vso [2012.06.16 18:22:30 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\wargaming.net [2010.01.05 13:40:57 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\Wormux [2012.05.17 13:53:40 | 000,000,000 | ---D | M] -- C:\Users\"Mein Name"\AppData\Roaming\X-Chat 2 ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > Das zweite Log mit dem Namen Extras hat nicht reingepasst (>120000 Zeichen) Es ist aber mit den anderen Logs (Malware, Hijack, 2 OTL) im Anhang gezippt. Ich hoffe das hilft MFG rupertbayern |
|
11.12.2012, 22:08
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Funde von Malwarebytes (5 REgistry Keys, 2 Files) Sind das alle Logs von Malwarebytes? Was ist mit Logs von anderen Scannern, gab es da Funde? Code:
ATTFilter Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.12.2012, 12:06
| #5 |
| | Funde von Malwarebytes (5 REgistry Keys, 2 Files) Tatsächlich habe ich Windows Vista ohne SP1 oder SP2. Ich habe bereits versucht SP1 zu installieren, was ja notwendig ist um SP2 zu installieren, jedoch bekomme ich immer einen Error. Das, von Microsoft bereitgetellte Tool um diesen Error zu beseitigen spuckt ebenfalls einen Error aus. Dannach gab ich auf. Den Internet Explorer benutze ich nicht, deswegen habe ich diesen auch nie manuell geupgedated. Ich habe noch zwei weitere Malwarebytes Logs. Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.30.10 Windows Vista x86 NTFS Internet Explorer 7.0.6000.16982 Mein Name :: Mein Name [Administrator] Schutz: Aktiviert 30.11.2012 23:39:38 mbam-log-2012-12-01 (01-06-36).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 267949 Laufzeit: 1 Stunde(n), 4 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 5 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (Adware.VideoEgg) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\AdTools, Inc. (Adware.AdTools) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\fcn (Rogue.Residue) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\IGB (Rogue.Residue) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\Users\Anderer Name\AppData\Local\Temp\Temp1_1957-coladosenhalter[1].zip\coladosenhalter.exe (PUP.Joke.Geschenk) -> Keine Aktion durchgeführt. C:\Users\Anderer Name\AppData\Local\Temp\TEMP1_~1.ZIP\coladosenhalter.exe (PUP.Joke.Geschenk) -> Keine Aktion durchgeführt. C:\Users\Mein Name\Downloads\CheatEngine54.exe (Riskware.Tool.CK) -> Keine Aktion durchgeführt. C:\Users\Mein Name\Downloads\SoftonicDownloader_for_ea-download-manager.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Windows\Downloaded Program Files\VideoEggPublisher.exe (Malware.Tool) -> Keine Aktion durchgeführt. C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.08.05 Windows Vista x86 NTFS Internet Explorer 7.0.6000.16982 Mein Name :: Mein Name [Administrator] Schutz: Deaktiviert 08.12.2012 19:57:28 mbam-log-2012-12-08 (23-11-14).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 263865 Laufzeit: 54 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 5 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (Adware.VideoEgg) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\AdTools, Inc. (Adware.AdTools) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\fcn (Rogue.Residue) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\IGB (Rogue.Residue) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Anderer Name\AppData\Local\Temp\Temp1_1957-coladosenhalter[1].zip\coladosenhalter.exe (PUP.Joke.Geschenk) -> Keine Aktion durchgeführt. C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Keine Aktion durchgeführt. (Ende) |
|
13.12.2012, 15:37
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Funde von Malwarebytes (5 REgistry Keys, 2 Files)Code:
ATTFilter C:\Users\Anderer Name\AppData\Local\Temp\Temp1_1957-coladosenhalter[1].zip\coladosenhalter.exe (PUP.Joke.Geschenk) -> Keine Aktion durchgeführt.
C:\Users\Anderer Name\AppData\Local\Temp\TEMP1_~1.ZIP\coladosenhalter.exe (PUP.Joke.Geschenk) -> Keine Aktion durchgeführt.
C:\Users\Mein Name\Downloads\CheatEngine54.exe (Riskware.Tool.CK) -> Keine Aktion durchgeführt.
 Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> Funde von Malwarebytes (5 REgistry Keys, 2 Files) |
|
14.12.2012, 13:59
| #7 |
| | Funde von Malwarebytes (5 REgistry Keys, 2 Files) aswMBR Log: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-14 07:33:56
-----------------------------
07:33:56.005 OS Version: Windows 6.0.6000
07:33:56.006 Number of processors: 2 586 0x6B01
07:33:56.017 ComputerName: "Mein Name" UserName:
07:34:06.496 Initialize success
07:34:36.277 AVAST engine defs: 12121301
07:34:44.154 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000070
07:34:44.158 Disk 0 Vendor: ST350083 3.AA Size: 476940MB BusType: 6
07:34:44.161 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000071
07:34:44.165 Disk 1 Vendor: SAMSUNG_ 1AA0 Size: 953869MB BusType: 6
07:34:44.283 Disk 0 MBR read successfully
07:34:44.288 Disk 0 MBR scan
07:34:44.295 Disk 0 unknown MBR code
07:34:44.308 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 466936 MB offset 63
07:34:44.365 Disk 0 Partition 2 00 27 Hidden NTFS WinRE MSDOS5.0 10001 MB offset 956285190
07:34:44.380 Disk 0 scanning sectors +976768065
07:34:44.485 Disk 0 scanning C:\Windows\system32\drivers
07:35:39.605 Service scanning
07:38:16.630 Modules scanning
07:38:56.288 Disk 0 trace - called modules:
07:38:56.376 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
07:38:56.381 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x99430538]
07:38:56.387 3 ntkrnlpa.exe[958b07e2] -> nt!IofCallDriver -> [0x9818cb88]
07:38:56.393 5 acpi.sys[8063232a] -> nt!IofCallDriver -> \Device\00000070[0x98b3ec50]
07:39:08.554 AVAST engine scan C:\Windows
07:40:28.070 AVAST engine scan C:\Windows\system32
07:50:12.986 AVAST engine scan C:\Windows\system32\drivers
07:51:19.981 AVAST engine scan C:\Users\"Mein Name"
10:46:47.921 AVAST engine scan C:\ProgramData
11:10:48.570 Scan finished successfully
13:14:49.342 Disk 0 MBR has been saved successfully to "C:\Users\"Mein Name"\Desktop\MBR.dat"
13:14:49.353 The log file has been saved successfully to "C:\Users\"Mein Name"\Desktop\aswMBR.txt"
Code:
ATTFilter 13:23:49.0941 2796 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:23:50.0167 2796 ============================================================
13:23:50.0168 2796 Current date / time: 2012/12/14 13:23:50.0167
13:23:50.0168 2796 SystemInfo:
13:23:50.0168 2796
13:23:50.0168 2796 OS Version: 6.0.6000 ServicePack: 0.0
13:23:50.0168 2796 Product type: Workstation
13:23:50.0168 2796 ComputerName: "Mein Name"
13:23:50.0168 2796 UserName: "Mein Name"
13:23:50.0168 2796 Windows directory: C:\Windows
13:23:50.0168 2796 System windows directory: C:\Windows
13:23:50.0168 2796 Processor architecture: Intel x86
13:23:50.0168 2796 Number of processors: 2
13:23:50.0168 2796 Page size: 0x1000
13:23:50.0168 2796 Boot type: Normal boot
13:23:50.0168 2796 ============================================================
13:23:51.0196 2796 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:23:51.0211 2796 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:23:51.0319 2796 ============================================================
13:23:51.0319 2796 \Device\Harddisk0\DR0:
13:23:51.0325 2796 MBR partitions:
13:23:51.0325 2796 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38FFC0C7
13:23:51.0325 2796 \Device\Harddisk1\DR1:
13:23:51.0325 2796 MBR partitions:
13:23:51.0325 2796 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x5B8D8000
13:23:51.0325 2796 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x5B8D8800, BlocksNum 0x18E2D800
13:23:51.0325 2796 ============================================================
13:23:51.0499 2796 C: <-> \Device\Harddisk0\DR0\Partition1
13:23:51.0586 2796 J: <-> \Device\Harddisk1\DR1\Partition1
13:23:51.0713 2796 R: <-> \Device\Harddisk1\DR1\Partition2
13:23:51.0714 2796 ============================================================
13:23:51.0714 2796 Initialize success
13:23:51.0714 2796 ============================================================
13:24:31.0103 5240 ============================================================
13:24:31.0103 5240 Scan started
13:24:31.0103 5240 Mode: Manual; SigCheck; TDLFS;
13:24:31.0103 5240 ============================================================
13:24:31.0893 5240 ================ Scan system memory ========================
13:24:31.0893 5240 System memory - ok
13:24:31.0893 5240 ================ Scan services =============================
13:24:35.0199 5240 [ 192BDBD1540645C4A2AA69F24CCE197F ] ACPI C:\Windows\system32\drivers\acpi.sys
13:24:35.0637 5240 ACPI - ok
13:24:35.0693 5240 [ 81A61C3FE6F0F8C084C9A80B584CCE21 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
13:24:35.0750 5240 ADIHdAudAddService - ok
13:24:35.0913 5240 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:24:35.0970 5240 adp94xx - ok
13:24:35.0999 5240 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:24:36.0016 5240 adpahci - ok
13:24:36.0049 5240 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
13:24:36.0061 5240 adpu160m - ok
13:24:36.0113 5240 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:24:36.0142 5240 adpu320 - ok
13:24:36.0214 5240 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:24:36.0278 5240 AeLookupSvc - ok
13:24:36.0371 5240 [ 5D24CAF8EFD924A875698FF28384DB8B ] AFD C:\Windows\system32\drivers\afd.sys
13:24:36.0434 5240 AFD - ok
13:24:36.0514 5240 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:24:36.0565 5240 agp440 - ok
13:24:36.0600 5240 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:24:36.0613 5240 aic78xx - ok
13:24:36.0633 5240 [ E69FB0E3112C40FDC0EF7D21A52DC951 ] ALG C:\Windows\System32\alg.exe
13:24:36.0711 5240 ALG - ok
13:24:36.0733 5240 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
13:24:36.0762 5240 aliide - ok
13:24:36.0794 5240 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:24:36.0819 5240 amdagp - ok
13:24:36.0839 5240 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
13:24:36.0851 5240 amdide - ok
13:24:36.0889 5240 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
13:24:36.0980 5240 AmdK7 - ok
13:24:37.0015 5240 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:24:37.0098 5240 AmdK8 - ok
13:24:37.0149 5240 [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD C:\Windows\system32\DRIVERS\AmdLLD.sys
13:24:37.0175 5240 AmdLLD - ok
13:24:37.0235 5240 [ 486CF73F183E7ADC5575FCD47F9FB1AF ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
13:24:37.0289 5240 AnyDVD - ok
13:24:37.0802 5240 [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
13:24:37.0838 5240 AOL ACS - ok
13:24:37.0875 5240 [ CFA455816879F06F1C4E5BBF9E8AEF7D ] Appinfo C:\Windows\System32\appinfo.dll
13:24:38.0004 5240 Appinfo - ok
13:24:38.0380 5240 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:24:38.0402 5240 Apple Mobile Device - ok
13:24:38.0479 5240 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
13:24:38.0511 5240 arc - ok
13:24:38.0537 5240 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:24:38.0562 5240 arcsas - ok
13:24:38.0936 5240 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:24:38.0967 5240 aspnet_state - ok
13:24:38.0999 5240 [ E86CF7CE67D5DE898F27EF884DC357D8 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:24:39.0089 5240 AsyncMac - ok
13:24:39.0128 5240 [ B35CFCEF838382AB6490B321C87EDF17 ] atapi C:\Windows\system32\drivers\atapi.sys
13:24:39.0143 5240 atapi - ok
13:24:39.0177 5240 [ 2A5E4F4C40E1394F213DB1027507D5FE ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
13:24:39.0291 5240 Ati External Event Utility - ok
13:24:39.0423 5240 [ DFCEC4A3A3D49BB15932460F3D4F6C55 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:24:39.0699 5240 atikmdag - ok
13:24:39.0759 5240 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:24:39.0922 5240 AudioEndpointBuilder - ok
13:24:39.0947 5240 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:24:40.0001 5240 Audiosrv - ok
13:24:40.0182 5240 [ A2B790F9A751F24F17967F9A5574186D ] AVP C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe
13:24:40.0260 5240 AVP - ok
13:24:40.0319 5240 [ AC3DD1708B22761EBD7CBE14DCC3B5D7 ] Beep C:\Windows\system32\drivers\Beep.sys
13:24:40.0406 5240 Beep - ok
13:24:40.0581 5240 [ 98EBDFFB824A7C265337D68DD480E45C ] BFE C:\Windows\System32\bfe.dll
13:24:40.0661 5240 BFE - ok
13:24:40.0926 5240 [ DA551697E34D2B9943C8B1C8EAFFE89A ] BITS C:\Windows\System32\qmgr.dll
13:24:41.0044 5240 BITS - ok
13:24:41.0050 5240 blbdrive - ok
13:24:41.0132 5240 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:24:41.0163 5240 Bonjour Service - ok
13:24:41.0215 5240 [ 913CD06FBE9105CE6077E90FD4418561 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:24:41.0299 5240 bowser - ok
13:24:41.0322 5240 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
13:24:41.0378 5240 BrFiltLo - ok
13:24:41.0439 5240 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
13:24:41.0527 5240 BrFiltUp - ok
13:24:41.0592 5240 [ BEB6470532B7461D7BB426E3FACB424F ] Browser C:\Windows\System32\browser.dll
13:24:41.0702 5240 Browser - ok
13:24:41.0759 5240 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
13:24:41.0910 5240 Brserid - ok
13:24:41.0976 5240 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
13:24:42.0108 5240 BrSerWdm - ok
13:24:42.0135 5240 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
13:24:42.0210 5240 BrUsbMdm - ok
13:24:42.0260 5240 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
13:24:42.0354 5240 BrUsbSer - ok
13:24:42.0386 5240 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:24:42.0517 5240 BTHMODEM - ok
13:24:42.0538 5240 [ 6C3A437FC873C6F6A4FC620B6888CB86 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:24:42.0611 5240 cdfs - ok
13:24:42.0645 5240 [ 8D1866E61AF096AE8B582454F5E4D303 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:24:42.0703 5240 cdrom - ok
13:24:42.0730 5240 [ 0600E04315FE543802A379D5D23C8BE0 ] CertPropSvc C:\Windows\System32\certprop.dll
13:24:42.0799 5240 CertPropSvc - ok
13:24:42.0825 5240 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
13:24:42.0895 5240 circlass - ok
13:24:42.0945 5240 [ 1B84FD0937D3B99AF9BA38DDFF3DAF54 ] CLFS C:\Windows\system32\CLFS.sys
13:24:42.0981 5240 CLFS - ok
13:24:43.0036 5240 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:24:43.0050 5240 clr_optimization_v2.0.50727_32 - ok
13:24:43.0089 5240 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:24:43.0135 5240 clr_optimization_v4.0.30319_32 - ok
13:24:43.0168 5240 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:24:43.0179 5240 cmdide - ok
13:24:43.0197 5240 [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:24:43.0209 5240 Compbatt - ok
13:24:43.0216 5240 COMSysApp - ok
13:24:43.0231 5240 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:24:43.0243 5240 crcdisk - ok
13:24:43.0258 5240 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
13:24:43.0328 5240 Crusoe - ok
13:24:43.0399 5240 [ 1C26FB097170A2A91066D1E3A24366E3 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:24:43.0484 5240 CryptSvc - ok
13:24:43.0553 5240 [ 5CBF20674BE8364FEBB6A13451A42F0A ] CSCrySec C:\Windows\system32\DRIVERS\CSCrySec.sys
13:24:43.0589 5240 CSCrySec - ok
13:24:43.0677 5240 [ 6E5B42219F1FE4A3D087D9D501E343D5 ] CSObjectsSrv C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
13:24:43.0746 5240 CSObjectsSrv - ok
13:24:43.0811 5240 [ 2C3F213EDDD231099FB779A45D7680E0 ] CSVirtualDiskDrv C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
13:24:43.0823 5240 CSVirtualDiskDrv - ok
13:24:44.0048 5240 [ 7B981222A257D076885BFFB66F19B7CE ] DcomLaunch C:\Windows\system32\rpcss.dll
13:24:44.0189 5240 DcomLaunch - ok
13:24:44.0226 5240 [ A7179DE59AE269AB70345527894CCD7C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:24:44.0357 5240 DfsC - ok
13:24:44.0869 5240 [ E0D584AA76C7D845BA9F3A788260528F ] DFSR C:\Windows\system32\DFSR.exe
13:24:45.0060 5240 DFSR - ok
13:24:45.0130 5240 [ 17210D8064EC116A3FC6B5E45E577D43 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
13:24:45.0246 5240 Dhcp - ok
13:24:45.0284 5240 [ 841AF4C4D41D3E3B2F244E976B0F7963 ] disk C:\Windows\system32\drivers\disk.sys
13:24:45.0297 5240 disk - ok
13:24:45.0355 5240 [ EECBA1DD142BF8693C476BE8F32FE253 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:24:45.0408 5240 Dnscache - ok
13:24:45.0448 5240 [ 1F795D214820E496BF1124434A6DB546 ] dot3svc C:\Windows\System32\dot3svc.dll
13:24:45.0533 5240 dot3svc - ok
13:24:45.0571 5240 [ 032C90AD677BF7B7A8013D6087C7A921 ] DPS C:\Windows\system32\dps.dll
13:24:45.0642 5240 DPS - ok
13:24:45.0682 5240 [ EE472CD2C01F6F8E8AA1FA06FFEF61B6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:24:45.0753 5240 drmkaud - ok
13:24:45.0811 5240 [ 12986452237021FD48B08F8E23F6A7AB ] dvdfab C:\Windows\system32\drivers\dvdfab.sys
13:24:45.0824 5240 dvdfab - ok
13:24:46.0034 5240 [ 334988883DE69ADB27E2CF9F9715BBDB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:24:46.0222 5240 DXGKrnl - ok
13:24:46.0310 5240 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
13:24:46.0445 5240 E1G60 - ok
13:24:46.0481 5240 [ 90A0A875642E18618010645311B4E89E ] EapHost C:\Windows\System32\eapsvc.dll
13:24:46.0531 5240 EapHost - ok
13:24:46.0570 5240 [ 0EFC7531B936EE57FDB4E837664C509F ] Ecache C:\Windows\system32\drivers\ecache.sys
13:24:46.0596 5240 Ecache - ok
13:24:46.0671 5240 [ B4580122B0A7B263B6EE9ACBA69C8013 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:24:46.0723 5240 ehRecvr - ok
13:24:46.0749 5240 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
13:24:46.0764 5240 ehSched - ok
13:24:46.0776 5240 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
13:24:46.0808 5240 ehstart - ok
13:24:46.0853 5240 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
13:24:46.0863 5240 ElbyCDIO - ok
13:24:46.0890 5240 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:24:46.0908 5240 elxstor - ok
13:24:47.0125 5240 [ 3226FDA08988526E819E364E8CCE4CEE ] EMDMgmt C:\Windows\system32\emdmgmt.dll
13:24:47.0261 5240 EMDMgmt - ok
13:24:47.0369 5240 [ 7B4971C3D43525175A4EA0D143E0412E ] EventSystem C:\Windows\system32\es.dll
13:24:47.0432 5240 EventSystem - ok
13:24:47.0494 5240 Fabs - ok
13:24:47.0592 5240 [ 84A317CB0B3954D3768CDCD018DBF670 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:24:47.0676 5240 fastfat - ok
13:24:47.0703 5240 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:24:47.0772 5240 fdc - ok
13:24:47.0807 5240 [ E43BCE1A77D6FD4ED5F8E0482B9E7DF1 ] fdPHost C:\Windows\system32\fdPHost.dll
13:24:47.0876 5240 fdPHost - ok
13:24:47.0899 5240 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
13:24:47.0969 5240 FDResPub - ok
13:24:48.0012 5240 [ 65773D6115C037FFD7EF8280AE85EB9D ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:24:48.0033 5240 FileInfo - ok
13:24:48.0054 5240 [ C226DD0DE060745F3E042F58DCF78402 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:24:48.0111 5240 Filetrace - ok
13:24:48.0925 5240 [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
13:24:49.0189 5240 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
13:24:49.0189 5240 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
13:24:49.0232 5240 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:24:49.0377 5240 flpydisk - ok
13:24:49.0409 5240 [ A6A8DA7AE4D53394AB22AC3AB6D3F5D3 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:24:49.0439 5240 FltMgr - ok
13:24:49.0448 5240 FolderSize - ok
13:24:49.0517 5240 [ 7EF57375636991F794BF40B522A8E7EF ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:24:49.0566 5240 FontCache3.0.0.0 - ok
13:24:50.0249 5240 [ 701C9023D8B5B18C9E08C27D4D1B5617 ] FreemiumSelfUpdateService C:\Program Files\Freetec\SystemStore\Freemium.SelfUpdate.exe
13:24:50.0537 5240 FreemiumSelfUpdateService ( UnsignedFile.Multi.Generic ) - warning
13:24:50.0537 5240 FreemiumSelfUpdateService - detected UnsignedFile.Multi.Generic (1)
13:24:50.0604 5240 [ 66A078591208BAA210C7634B11EB392C ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:24:50.0642 5240 Fs_Rec - ok
13:24:50.0688 5240 [ B45F1DF1CCE34E2AF422F0ED78CD70EF ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys
13:24:50.0749 5240 FWLANUSB - ok
13:24:50.0793 5240 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:24:50.0815 5240 gagp30kx - ok
13:24:50.0874 5240 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
13:24:50.0921 5240 GEARAspiWDM - ok
13:24:51.0555 5240 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
13:24:51.0586 5240 GoogleDesktopManager-051210-111108 - ok
13:24:51.0697 5240 [ BCF6589C42D8F6A20F33EF133FFE0524 ] gpsvc C:\Windows\System32\gpsvc.dll
13:24:51.0795 5240 gpsvc - ok
13:24:51.0867 5240 [ 6003BC70F1A8307262BD3C941BDA0B7E ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
13:24:51.0977 5240 grmnusb - ok
13:24:52.0033 5240 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9aaf7304af78b C:\Program Files\Google\Update\GoogleUpdate.exe
13:24:52.0055 5240 gupdate1c9aaf7304af78b - ok
13:24:52.0121 5240 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
13:24:52.0143 5240 gupdatem - ok
13:24:52.0235 5240 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:24:52.0278 5240 gusvc - ok
13:24:52.0323 5240 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
13:24:52.0343 5240 hamachi - ok
13:24:52.0382 5240 [ B40C06B5438716366F2CA6239A741F39 ] HCW88AUD C:\Windows\system32\drivers\hcw88aud.sys
13:24:52.0430 5240 HCW88AUD - ok
13:24:52.0458 5240 [ 6C85512C2B958B2D0E82814915390050 ] HCW88BDA C:\Windows\system32\drivers\hcw88bda.sys
13:24:52.0512 5240 HCW88BDA - ok
13:24:52.0557 5240 [ D1B38599F3678F536EB61406F4F0DA6D ] HCW88TSE C:\Windows\system32\drivers\hcw88tse.sys
13:24:52.0610 5240 HCW88TSE - ok
13:24:52.0674 5240 [ 36BAA5ACE16BB31E2B0BFAF551AC9786 ] HCW88TUNE C:\Windows\system32\drivers\hcw88tun.sys
13:24:52.0721 5240 HCW88TUNE - ok
13:24:52.0786 5240 [ 2688CD88B87E0F5996ED4330E42D344A ] hcw88vid C:\Windows\system32\drivers\hcw88vid.sys
13:24:52.0853 5240 hcw88vid - ok
13:24:52.0924 5240 [ 462F10C8B88CDDEB2FDAA47FA34793BB ] HCW88XBAR C:\Windows\system32\drivers\HCW88BAR.sys
13:24:52.0996 5240 HCW88XBAR - ok
13:24:53.0125 5240 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:24:53.0295 5240 HdAudAddService - ok
13:24:53.0336 5240 [ 0DB613A7E427B5663563677796FD5258 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:24:53.0393 5240 HDAudBus - ok
13:24:53.0407 5240 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:24:53.0463 5240 HidBth - ok
13:24:53.0495 5240 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
13:24:53.0566 5240 HidIr - ok
13:24:53.0622 5240 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
13:24:53.0720 5240 hidserv - ok
13:24:53.0757 5240 [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:24:53.0828 5240 HidUsb - ok
13:24:53.0865 5240 [ 5350AEF38CA2D8885F47D4455E7EF4EE ] HiPatchService J:\HiPatchService.exe
13:24:53.0882 5240 HiPatchService ( UnsignedFile.Multi.Generic ) - warning
13:24:53.0882 5240 HiPatchService - detected UnsignedFile.Multi.Generic (1)
13:24:53.0910 5240 [ D40AA05E29BF6ED29B139F044B461E9B ] hkmsvc C:\Windows\system32\kmsvc.dll
13:24:53.0987 5240 hkmsvc - ok
13:24:54.0025 5240 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
13:24:54.0066 5240 HpCISSs - ok
13:24:54.0358 5240 [ E4E285A3766B4A57401FEEAF66CB07B5 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
13:24:54.0396 5240 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
13:24:54.0396 5240 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
13:24:54.0441 5240 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
13:24:54.0482 5240 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
13:24:54.0482 5240 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
13:24:54.0516 5240 [ 6F9CB6539A1B2508BD1C53D29334431A ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
13:24:54.0589 5240 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
13:24:54.0589 5240 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
13:24:54.0636 5240 [ EA24FE637D974A8A31BC650F478E3533 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:24:54.0703 5240 HTTP - ok
13:24:54.0755 5240 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
13:24:54.0768 5240 i2omp - ok
13:24:54.0801 5240 [ 1C9EE072BAA3ABB460B91D7EE9152660 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:24:54.0875 5240 i8042prt - ok
13:24:54.0944 5240 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
13:24:54.0997 5240 iaStorV - ok
13:24:55.0088 5240 [ 7A95A3AD931B97FEC5067E40636CE37F ] ICQ Service C:\Program Files\ICQ6Toolbar\ICQ Service.exe
13:24:55.0115 5240 ICQ Service - ok
13:24:55.0441 5240 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
13:24:55.0493 5240 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:24:55.0494 5240 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:24:55.0627 5240 [ 6D1D3CAB85BA0C63CB83296A8A1825F9 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:24:55.0708 5240 idsvc - ok
13:24:55.0782 5240 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:24:55.0821 5240 iirsp - ok
13:24:55.0966 5240 [ 35662FE4D8622F667AA5A5568F7F1B40 ] IKEEXT C:\Windows\System32\ikeext.dll
13:24:56.0137 5240 IKEEXT - ok
13:24:56.0175 5240 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
13:24:56.0198 5240 intelide - ok
13:24:56.0238 5240 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:24:56.0301 5240 intelppm - ok
13:24:56.0340 5240 [ 88CF5281ED9880D74DC9011CF8B5262D ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:24:56.0401 5240 IPBusEnum - ok
13:24:56.0421 5240 [ 880C6F86CC3F551B8FEA2C11141268C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:24:56.0481 5240 IpFilterDriver - ok
13:24:56.0613 5240 [ ECC9AD72CFC4AB41CF6A9BCC11F9FEF6 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:24:56.0712 5240 iphlpsvc - ok
13:24:56.0718 5240 IpInIp - ok
13:24:56.0780 5240 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
13:24:56.0849 5240 IPMIDRV - ok
13:24:56.0892 5240 [ 10077C35845101548037DF04FD1A420B ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
13:24:56.0969 5240 IPNAT - ok
13:24:57.0068 5240 [ EF1C51222117B37AFBFF8F4642EA8C62 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:24:57.0122 5240 iPod Service - ok
13:24:57.0159 5240 [ A82F328F4792304184642D6D397BB1E3 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:24:57.0237 5240 IRENUM - ok
13:24:57.0331 5240 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:24:57.0384 5240 isapnp - ok
13:24:57.0419 5240 [ 4DCA456D4D5723F8FA9C6760D240B0DF ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:24:57.0436 5240 iScsiPrt - ok
13:24:57.0459 5240 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
13:24:57.0478 5240 iteatapi - ok
13:24:57.0501 5240 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
13:24:57.0514 5240 iteraid - ok
13:24:57.0546 5240 [ 4AC11B2250106774F694DF2DB4FFED61 ] Iviaspi C:\Windows\system32\drivers\iviaspi.sys
13:24:57.0569 5240 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
13:24:57.0569 5240 Iviaspi - detected UnsignedFile.Multi.Generic (1)
13:24:57.0603 5240 [ C995C0E8B4503FAC38793BB0236AD246 ] JGOGO C:\Windows\system32\DRIVERS\JGOGO.sys
13:24:57.0651 5240 JGOGO - ok
13:24:57.0682 5240 [ F4A31E66A61C0783F51157519B03280B ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
13:24:57.0741 5240 JRAID - ok
13:24:57.0786 5240 [ B076B2AB806B3F696DAB21375389101C ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:24:57.0809 5240 kbdclass - ok
13:24:57.0835 5240 [ ED61DBC6603F612B7338283EDBACBC4B ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:24:57.0889 5240 kbdhid - ok
13:24:57.0930 5240 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] KeyIso C:\Windows\system32\lsass.exe
13:24:57.0994 5240 KeyIso - ok
13:24:58.0038 5240 [ CE3958F58547454884E97BDA78CD7040 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
13:24:58.0062 5240 kl1 - ok
13:24:58.0098 5240 [ 53EEDAB3F0511321AC3AE8BC968B158C ] KLBG C:\Windows\system32\DRIVERS\klbg.sys
13:24:58.0117 5240 KLBG - ok
13:24:58.0164 5240 [ 723F185C945C0A6D2E21C2BB26A46FE7 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
13:24:58.0203 5240 KLIF - ok
13:24:58.0238 5240 [ 892CC162DC88AB084C86485879526C59 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
13:24:58.0258 5240 KLIM6 - ok
13:24:58.0270 5240 [ AA63A815876A76987B5DBCE6AF7478E9 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
13:24:58.0299 5240 klmouflt - ok
13:24:58.0363 5240 [ 0A829977B078DEA11641FC2AF87CEADE ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:24:58.0389 5240 KSecDD - ok
13:24:58.0539 5240 [ 45C537FE5DDE9A0146AEFF76E615737D ] KtmRm C:\Windows\system32\msdtckrm.dll
13:24:58.0692 5240 KtmRm - ok
13:24:58.0739 5240 [ 53D1482FC1AA36AC015A85E6CF2146BD ] LanmanServer C:\Windows\system32\srvsvc.dll
13:24:58.0922 5240 LanmanServer - ok
13:24:58.0980 5240 [ 435F0F6DC87A4B5DA78F1FA309884189 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:24:59.0071 5240 LanmanWorkstation - ok
13:24:59.0158 5240 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
13:24:59.0170 5240 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
13:24:59.0170 5240 LightScribeService - detected UnsignedFile.Multi.Generic (1)
13:24:59.0261 5240 [ FD015B4F95DAA2B712F0E372A116FBAD ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:24:59.0367 5240 lltdio - ok
13:24:59.0463 5240 [ 7450DBCF754391DD6363FFFD5EF0E789 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:24:59.0590 5240 lltdsvc - ok
13:24:59.0617 5240 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:24:59.0694 5240 lmhosts - ok
13:24:59.0760 5240 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:24:59.0804 5240 LSI_FC - ok
13:24:59.0829 5240 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:24:59.0839 5240 LSI_SAS - ok
13:24:59.0853 5240 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:24:59.0864 5240 LSI_SCSI - ok
13:24:59.0885 5240 [ 42885BB44B6E065B8575A8DD6C430C52 ] luafv C:\Windows\system32\drivers\luafv.sys
13:24:59.0931 5240 luafv - ok
13:25:00.0020 5240 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:25:00.0056 5240 MBAMProtector - ok
13:25:00.0120 5240 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler J:\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:25:00.0139 5240 MBAMScheduler - ok
13:25:00.0156 5240 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService J:\Malwarebytes' Anti-Malware\mbamservice.exe
13:25:00.0184 5240 MBAMService - ok
13:25:00.0226 5240 [ E93C1AD58E88A0846EAEE10671C2A8F3 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:25:00.0253 5240 Mcx2Svc - ok
13:25:00.0317 5240 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
13:25:00.0335 5240 megasas - ok
13:25:00.0358 5240 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] MMCSS C:\Windows\system32\mmcss.dll
13:25:00.0428 5240 MMCSS - ok
13:25:00.0465 5240 [ 21755967298A46FB6ADFEC9DB6012211 ] Modem C:\Windows\system32\drivers\modem.sys
13:25:00.0517 5240 Modem - ok
13:25:00.0552 5240 [ 7E222A1BAAA42C8559DB2CE8A12AD828 ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys
13:25:00.0618 5240 MODEMCSA - ok
13:25:00.0648 5240 [ 7446E104A5FE5987CA9E4983FBAC4F97 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:25:00.0709 5240 monitor - ok
13:25:00.0775 5240 [ 5FBA13C1A1841B0885D316ED3589489D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:25:00.0807 5240 mouclass - ok
13:25:00.0837 5240 [ B569B5C5D3BDE545DF3A6AF512CCCDBA ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:25:00.0869 5240 mouhid - ok
13:25:00.0899 5240 [ 01F1E5A3E4877C931CBB31613FEC16A6 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
13:25:00.0921 5240 MountMgr - ok
13:25:00.0948 5240 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
13:25:00.0962 5240 mpio - ok
13:25:01.0035 5240 [ 6E7A7F0C1193EE5648443FE2D4B789EC ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:25:01.0113 5240 mpsdrv - ok
13:25:01.0254 5240 [ 563ED845885C6A7C09A7715D8BD0585C ] MpsSvc C:\Windows\system32\mpssvc.dll
13:25:01.0312 5240 MpsSvc - ok
13:25:01.0348 5240 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
13:25:01.0365 5240 Mraid35x - ok
13:25:01.0411 5240 [ 1D8828B98EE309D65E006F0829E280E5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:25:01.0457 5240 MRxDAV - ok
13:25:01.0488 5240 [ 8AF705CE1BB907932157FAB821170F27 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:25:01.0538 5240 mrxsmb - ok
13:25:01.0557 5240 [ 47E13AB23371BE3279EEF22BBFA2C1BE ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:25:01.0578 5240 mrxsmb10 - ok
13:25:01.0589 5240 [ 90B3FC7BD6B3D7EE7635DEBBA2187F66 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:25:01.0622 5240 mrxsmb20 - ok
13:25:01.0647 5240 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
13:25:01.0660 5240 msahci - ok
13:25:01.0675 5240 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:25:01.0689 5240 msdsm - ok
13:25:01.0717 5240 [ BC64A92D821EFEA8BAB8E8CAF1B668BC ] MSDTC C:\Windows\System32\msdtc.exe
13:25:01.0737 5240 MSDTC - ok
13:25:01.0785 5240 [ 729EAFEFD4E7417165F353A18DBE947D ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:25:01.0857 5240 Msfs - ok
13:25:01.0905 5240 [ 5F454A16A5146CD91A176D70F0CFA3EC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:25:01.0919 5240 msisadrv - ok
13:25:01.0957 5240 [ 8ACF956D9154E893E789881430C12632 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:25:02.0096 5240 MSiSCSI - ok
13:25:02.0107 5240 msiserver - ok
13:25:02.0139 5240 [ 892CEDEFA7E0FFE7BE8DA651B651D047 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:25:02.0262 5240 MSKSSRV - ok
13:25:02.0322 5240 [ AE2CB1DA69B2676B4CEE2A501AF5871C ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:25:02.0416 5240 MSPCLOCK - ok
13:25:02.0455 5240 [ F910DA84FA90C44A3ADDB7CD874463FD ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:25:02.0512 5240 MSPQM - ok
13:25:02.0615 5240 [ 84571C0AE07647BA38D493F5F0015DF7 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:25:02.0663 5240 MsRPC - ok
13:25:02.0722 5240 [ 4385C80EDE885E25492D408CAD91BD6F ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:25:02.0743 5240 mssmbios - ok
13:25:02.0923 5240 MSSQL$MSSMLBIZ - ok
13:25:02.0983 5240 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:25:03.0022 5240 MSSQLServerADHelper - ok
13:25:03.0046 5240 [ C826DD1373F38AFD9CA46EC3C436A14E ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:25:03.0145 5240 MSTEE - ok
13:25:03.0175 5240 [ FA7AA70050CF5E2D15DE00941E5665E5 ] Mup C:\Windows\system32\Drivers\mup.sys
13:25:03.0204 5240 Mup - ok
13:25:03.0251 5240 [ 76A1CBD7D8932B7AFF5B4C7DB72EEBBD ] MySecurityCenter License Service C:\Program Files\MySecurityCenter\Programs\service.exe
13:25:03.0262 5240 MySecurityCenter License Service - ok
13:25:03.0373 5240 [ 1CDBB5D002FE2BC5300AA20550D8A52E ] napagent C:\Windows\system32\qagentRT.dll
13:25:03.0475 5240 napagent - ok
13:25:03.0517 5240 [ 6DA4A0FC7C0E83DF0CB3CFD0A514C3BC ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:25:03.0563 5240 NativeWifiP - ok
13:25:03.0876 5240 [ 9576CC8E84F7CEDA9189CDDA1CFD4BC1 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
13:25:03.0974 5240 NBService ( UnsignedFile.Multi.Generic ) - warning
13:25:03.0974 5240 NBService - detected UnsignedFile.Multi.Generic (1)
13:25:04.0046 5240 [ 227C11E1E7CF6EF8AFB2A238D209760C ] NDIS C:\Windows\system32\drivers\ndis.sys
13:25:04.0113 5240 NDIS - ok
13:25:04.0170 5240 [ 81659CDCBD0F9A9E07E6878AD8C78D3F ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:25:04.0210 5240 NdisTapi - ok
13:25:04.0246 5240 [ 5DE5EE546BF40838EBE0E01CB629DF64 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:25:04.0299 5240 Ndisuio - ok
13:25:04.0333 5240 [ 397402ADCBB8946223A1950101F6CD94 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:25:04.0407 5240 NdisWan - ok
13:25:04.0464 5240 [ 1B24FA907AF283199A81B3BB37E5E526 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:25:04.0504 5240 NDProxy - ok
13:25:04.0537 5240 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:25:04.0544 5240 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:25:04.0544 5240 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:25:04.0565 5240 [ 356DBB9F98E8DC1028DD3092FCEEB877 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:25:04.0637 5240 NetBIOS - ok
13:25:04.0672 5240 [ E3A168912E7EEFC3BD3B814720D68B41 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
13:25:04.0734 5240 netbt - ok
13:25:04.0752 5240 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] Netlogon C:\Windows\system32\lsass.exe
13:25:04.0770 5240 Netlogon - ok
13:25:04.0887 5240 [ 90A4DAE28B94497F83BEA0F2A3B77092 ] Netman C:\Windows\System32\netman.dll
13:25:04.0977 5240 Netman - ok
13:25:05.0031 5240 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:25:05.0083 5240 NetMsmqActivator - ok
13:25:05.0106 5240 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:25:05.0119 5240 NetPipeActivator - ok
13:25:05.0212 5240 [ 7C5C3D9CEEE838856B828AB6F98A2857 ] netprofm C:\Windows\System32\netprofm.dll
13:25:05.0335 5240 netprofm - ok
13:25:05.0364 5240 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:25:05.0374 5240 NetTcpActivator - ok
13:25:05.0400 5240 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:25:05.0411 5240 NetTcpPortSharing - ok
13:25:05.0498 5240 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:25:05.0526 5240 nfrd960 - ok
13:25:05.0558 5240 [ C424117A562F2DE37A42266894C79AEB ] NlaSvc C:\Windows\System32\nlasvc.dll
13:25:05.0606 5240 NlaSvc - ok
13:25:05.0666 5240 [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
13:25:05.0714 5240 NMIndexingService ( UnsignedFile.Multi.Generic ) - warning
13:25:05.0714 5240 NMIndexingService - detected UnsignedFile.Multi.Generic (1)
13:25:05.0764 5240 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Program Files\CDBurnerXP\NMSAccessU.exe
13:25:05.0773 5240 NMSAccess - ok
13:25:05.0791 5240 [ 4F9832BEB9FAFD8CEB0E541F1323B26E ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:25:05.0864 5240 Npfs - ok
13:25:05.0908 5240 [ 75AC610A7481CB1F343DC971249BCB19 ] NPF_devolo C:\Windows\system32\drivers\npf_devolo.sys
13:25:05.0945 5240 NPF_devolo ( UnsignedFile.Multi.Generic ) - warning
13:25:05.0945 5240 NPF_devolo - detected UnsignedFile.Multi.Generic (1)
13:25:05.0951 5240 npggsvc - ok
13:25:05.0991 5240 [ 9131FE60ADFAB595C8DA53AD6A06AA31 ] NPPTNT2 C:\Windows\system32\npptNT2.sys
13:25:06.0006 5240 NPPTNT2 ( UnsignedFile.Multi.Generic ) - warning
13:25:06.0006 5240 NPPTNT2 - detected UnsignedFile.Multi.Generic (1)
13:25:06.0040 5240 [ 23B8201A363DE0E649FC75EE9874DEE2 ] nsi C:\Windows\system32\nsisvc.dll
13:25:06.0085 5240 nsi - ok
13:25:06.0150 5240 [ B488DFEC274DE1FC9D653870EF2587BE ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:25:06.0203 5240 nsiproxy - ok
13:25:06.0417 5240 [ 37430AA7A66D7A63407ADC2C0D05E9F6 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:25:06.0487 5240 Ntfs - ok
13:25:06.0557 5240 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
13:25:06.0630 5240 ntrigdigi - ok
13:25:06.0654 5240 [ EC5EFB3C60F1B624648344A328BCE596 ] Null C:\Windows\system32\drivers\Null.sys
13:25:06.0754 5240 Null - ok
13:25:07.0074 5240 [ D668632606D1CEBF0B6EC64C1DF7ED6F ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
13:25:07.0147 5240 NVENETFD - ok
13:25:07.0240 5240 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:25:07.0279 5240 nvraid - ok
13:25:07.0303 5240 [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:25:07.0361 5240 nvstor - ok
13:25:07.0386 5240 [ DC5F166422BEEBF195E3E4BB8AB4EE22 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
13:25:07.0398 5240 nvstor32 - ok
13:25:07.0472 5240 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:25:07.0509 5240 nv_agp - ok
13:25:07.0516 5240 NwlnkFlt - ok
13:25:07.0525 5240 NwlnkFwd - ok
13:25:07.0881 5240 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:25:07.0944 5240 odserv - ok
13:25:08.0000 5240 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
13:25:08.0124 5240 ohci1394 - ok
13:25:08.0239 5240 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:25:08.0272 5240 ose - ok
13:25:08.0516 5240 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2pimsvc C:\Windows\system32\p2psvc.dll
13:25:08.0647 5240 p2pimsvc - ok
13:25:08.0876 5240 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2psvc C:\Windows\system32\p2psvc.dll
13:25:08.0942 5240 p2psvc - ok
13:25:08.0997 5240 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:25:09.0111 5240 Parport - ok
13:25:09.0145 5240 [ 555A5B2C8022983BC7467BC925B222EE ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:25:09.0186 5240 partmgr - ok
13:25:09.0216 5240 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
13:25:09.0295 5240 Parvdm - ok
13:25:09.0392 5240 [ D8C5C215C932233A4F1D7F368F4E4E65 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:25:09.0423 5240 PcaSvc - ok
13:25:09.0454 5240 [ 1085D75657807E0E8B32F9E19A1647C3 ] pci C:\Windows\system32\drivers\pci.sys
13:25:09.0466 5240 pci - ok
13:25:09.0495 5240 [ CABA65E9C41CD2900D4C92D4F825C5F8 ] pciide C:\Windows\system32\drivers\pciide.sys
13:25:09.0521 5240 pciide - ok
13:25:09.0541 5240 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:25:09.0555 5240 pcmcia - ok
13:25:09.0576 5240 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
13:25:09.0601 5240 pcouffin - ok
13:25:09.0735 5240 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:25:09.0877 5240 PEAUTH - ok
13:25:10.0081 5240 [ CD05A38D166BEADE18030BAFC0C0A939 ] pla C:\Windows\system32\pla.dll
13:25:10.0235 5240 pla - ok
13:25:10.0336 5240 [ 747BB4C31F3B6E8D1B5ED0AD61518CB5 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:25:10.0384 5240 PlugPlay - ok
13:25:10.0437 5240 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:25:10.0474 5240 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:25:10.0474 5240 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:25:10.0499 5240 [ 205E1B699FD3F2F9B036EEA2EC30C620 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
13:25:10.0515 5240 PnkBstrA - ok
13:25:10.0702 5240 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
13:25:10.0732 5240 PNRPAutoReg - ok
13:25:10.0813 5240 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPsvc C:\Windows\system32\p2psvc.dll
13:25:10.0847 5240 PNRPsvc - ok
13:25:11.0008 5240 [ 5EBDEC613BD377CE9A85382BE5C6B83B ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:25:11.0126 5240 PolicyAgent - ok
13:25:11.0192 5240 [ 6C359AC71D7B550A0D41F9DB4563CE05 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:25:11.0315 5240 PptpMiniport - ok
13:25:11.0343 5240 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
13:25:11.0427 5240 Processor - ok
13:25:11.0461 5240 [ 213112E152E68F0E4705E36F052A2880 ] ProfSvc C:\Windows\system32\profsvc.dll
13:25:11.0536 5240 ProfSvc - ok
13:25:11.0558 5240 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:25:11.0576 5240 ProtectedStorage - ok
13:25:11.0634 5240 [ 2C8BAE55247C4E09352E870292E4D1AB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
13:25:11.0712 5240 PSched - ok
13:25:11.0773 5240 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
13:25:11.0818 5240 PxHelp20 - ok
13:25:12.0113 5240 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:25:12.0206 5240 ql2300 - ok
13:25:12.0276 5240 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:25:12.0315 5240 ql40xx - ok
13:25:12.0360 5240 [ CA61BDFD3713A7CE75F2812AFC431594 ] QWAVE C:\Windows\system32\qwave.dll
13:25:12.0395 5240 QWAVE - ok
13:25:12.0425 5240 [ D2B3E2B7426DC23E185FBC73C8936C12 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:25:12.0478 5240 QWAVEdrv - ok
13:25:12.0830 5240 [ DFCEC4A3A3D49BB15932460F3D4F6C55 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
13:25:12.0927 5240 R300 - ok
13:25:12.0977 5240 [ BD7B30F55B3649506DD8B3D38F571D2A ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:25:13.0064 5240 RasAcd - ok
13:25:13.0110 5240 [ F14F4AAB9F54D099FE99192BDB100AC9 ] RasAuto C:\Windows\System32\rasauto.dll
13:25:13.0183 5240 RasAuto - ok
13:25:13.0224 5240 [ 88587DD843E2059848995B407B67F6CF ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:25:13.0315 5240 Rasl2tp - ok
13:25:13.0413 5240 [ 11D65E29BC9D1E4114D18FE68194394C ] RasMan C:\Windows\System32\rasmans.dll
13:25:13.0510 5240 RasMan - ok
13:25:13.0542 5240 [ CCF4E9C6CBBAC81437F88CB2AE0B6C96 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:25:13.0637 5240 RasPppoe - ok
13:25:13.0673 5240 [ 54129C5D9581BBEC8BD1EBD3BA813F47 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:25:13.0752 5240 rdbss - ok
13:25:13.0779 5240 [ 794585276B5D7FCA9F3FC15543F9F0B9 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:25:13.0852 5240 RDPCDD - ok
13:25:14.0014 5240 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
13:25:14.0159 5240 rdpdr - ok
13:25:14.0181 5240 [ 980B56E2E273E19D3A9D72D5C420F008 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:25:14.0239 5240 RDPENCDD - ok
13:25:14.0272 5240 [ 8830E790A74A96605FABA74F9665BB3C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:25:14.0334 5240 RDPWD - ok
13:25:14.0367 5240 [ 6C1A43C589EE8011A1EBFD51C01B77CE ] RemoteAccess C:\Windows\System32\mprdim.dll
13:25:14.0413 5240 RemoteAccess - ok
13:25:14.0474 5240 [ 9A043808667C8C1893DA7275AF373F0E ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:25:14.0545 5240 RemoteRegistry - ok
13:25:14.0755 5240 [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
13:25:14.0768 5240 RichVideo - ok
13:25:14.0830 5240 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
13:25:14.0865 5240 RpcLocator - ok
13:25:14.0895 5240 [ 7B981222A257D076885BFFB66F19B7CE ] RpcSs C:\Windows\system32\rpcss.dll
13:25:14.0920 5240 RpcSs - ok
13:25:14.0981 5240 [ 97E939D2128FEC5D5A3E6E79B290A2F4 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:25:15.0044 5240 rspndr - ok
13:25:15.0056 5240 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] SamSs C:\Windows\system32\lsass.exe
13:25:15.0072 5240 SamSs - ok
13:25:15.0126 5240 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:25:15.0139 5240 sbp2port - ok
13:25:15.0178 5240 [ 565B4B9E5AD2F2F18A4F8AAFA6C06BBB ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:25:15.0253 5240 SCardSvr - ok
13:25:15.0291 5240 [ 886CEC884B5BE29AB9828B8AB46B11F7 ] Schedule C:\Windows\system32\schedsvc.dll
13:25:15.0374 5240 Schedule - ok
13:25:15.0408 5240 [ 0600E04315FE543802A379D5D23C8BE0 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:25:15.0466 5240 SCPolicySvc - ok
13:25:15.0558 5240 [ F7B6BF02240D0A764ADF8C8966735552 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:25:15.0626 5240 SDRSVC - ok
13:25:15.0698 5240 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:25:15.0756 5240 secdrv - ok
13:25:15.0827 5240 [ 8388C4133DDBE62AD7BC3EC9F14271ED ] seclogon C:\Windows\system32\seclogon.dll
13:25:15.0917 5240 seclogon - ok
13:25:17.0256 5240 [ 69500F5EAFDE80040F8465CD6E72037E ] SelfUpdateService C:\Program Files\Freetec\SystemStore\SelfUpdate.exe
13:25:17.0585 5240 SelfUpdateService ( UnsignedFile.Multi.Generic ) - warning
13:25:17.0585 5240 SelfUpdateService - detected UnsignedFile.Multi.Generic (1)
13:25:17.0668 5240 [ 34350AE2C1D33D21C7305F861BD8DAD8 ] SENS C:\Windows\System32\sens.dll
13:25:17.0767 5240 SENS - ok
13:25:17.0863 5240 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:25:17.0981 5240 Serenum - ok
13:25:18.0017 5240 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:25:18.0162 5240 Serial - ok
13:25:18.0234 5240 [ 450ACCD77EC5CEA720C1CDB9E26B953B ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:25:18.0286 5240 sermouse - ok
13:25:18.0354 5240 [ 78878235DA4DF0D116E86837A0A21DF8 ] SessionEnv C:\Windows\system32\sessenv.dll
13:25:18.0446 5240 SessionEnv - ok
13:25:18.0493 5240 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:25:18.0581 5240 sffdisk - ok
13:25:18.0629 5240 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:25:18.0733 5240 sffp_mmc - ok
13:25:18.0772 5240 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:25:18.0851 5240 sffp_sd - ok
13:25:18.0930 5240 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:25:19.0062 5240 sfloppy - ok
13:25:19.0162 5240 [ 9A82BF4C90B00A63150A606A1E2FD82B ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:25:19.0192 5240 SharedAccess - ok
13:25:19.0261 5240 [ B264DFA21677728613267FE63802B332 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:25:19.0297 5240 ShellHWDetection - ok
13:25:19.0321 5240 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:25:19.0347 5240 sisagp - ok
13:25:19.0387 5240 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
13:25:19.0410 5240 SiSRaid2 - ok
13:25:19.0431 5240 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:25:19.0443 5240 SiSRaid4 - ok
13:25:19.0481 5240 [ 40C0E715E1EBB2D1990C7D79CC0D79E3 ] SLEE_15_DRIVER C:\Windows\system32\drivers\Sleen15.sys
13:25:19.0504 5240 SLEE_15_DRIVER - ok
13:25:19.0580 5240 [ A1DCD30534835CB67733AD00175125A6 ] slsvc C:\Windows\system32\SLsvc.exe
13:25:19.0751 5240 slsvc - ok
13:25:19.0832 5240 [ 56DA296E7B376A727E7BDC5AC7FBEE02 ] SLUINotify C:\Windows\system32\SLUINotify.dll
13:25:19.0863 5240 SLUINotify - ok
13:25:19.0909 5240 [ AC0D90738ADB51A6FD12FF00874A2162 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:25:19.0978 5240 Smb - ok
13:25:20.0170 5240 [ 859E3ADC59D1C89A66AA6492C14D379E ] smserial C:\Windows\system32\DRIVERS\smserial.sys
13:25:20.0273 5240 smserial - ok
13:25:20.0376 5240 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:25:20.0414 5240 SNMPTRAP - ok
13:25:20.0773 5240 sony_ssm.sys - ok
13:25:20.0819 5240 [ 426F9B029AA9162CECCF65369457D046 ] spldr C:\Windows\system32\drivers\spldr.sys
13:25:20.0857 5240 spldr - ok
13:25:20.0898 5240 [ DA612EF2556776DF2630B68BF2D48935 ] Spooler C:\Windows\System32\spoolsv.exe
13:25:20.0914 5240 Spooler - ok
13:25:20.0984 5240 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\System32\Drivers\sptd.sys
13:25:21.0042 5240 sptd - ok
13:25:21.0085 5240 [ 5673E79BBB62A4C35B10D821FF1B4ACA ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:25:21.0115 5240 SQLBrowser - ok
13:25:21.0142 5240 [ 9263C8898732E2B890F7E954E7729AB7 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:25:21.0152 5240 SQLWriter - ok
13:25:21.0193 5240 [ 038579C35F7CAD4A4BBF735DBF83277D ] srv C:\Windows\system32\DRIVERS\srv.sys
13:25:21.0226 5240 srv - ok
13:25:21.0252 5240 [ 6971A757AF8CB5E2CBCBB76CC530DB6C ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:25:21.0279 5240 srv2 - ok
13:25:21.0321 5240 [ 9E1A4603B874EEBCE0298113951ABEFB ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:25:21.0336 5240 srvnet - ok
13:25:21.0386 5240 [ 8D3E4BAFF8B3997138C38EB1B600519A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:25:21.0449 5240 SSDPSRV - ok
13:25:21.0502 5240 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
13:25:21.0525 5240 ssmdrv - ok
13:25:21.0531 5240 StarOpen - ok
13:25:21.0627 5240 [ B1691AF4A072CB674D600DB16DD7308E ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
13:25:21.0654 5240 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
13:25:21.0654 5240 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
13:25:21.0676 5240 Steam Client Service - ok
13:25:21.0700 5240 [ 7A95B5DEB594616F1693486B8161411E ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
13:25:21.0747 5240 StillCam - ok
13:25:21.0835 5240 [ A941E099EF46E3CC12F898CBE1C39910 ] stisvc C:\Windows\System32\wiaservc.dll
13:25:21.0942 5240 stisvc - ok
13:25:21.0988 5240 [ 1379BDB336F8158C176A465E30759F57 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:25:22.0013 5240 swenum - ok
13:25:22.0050 5240 [ 749ADA8D6C18A08ADFEDE69CBF5DB2E0 ] swprv C:\Windows\System32\swprv.dll
13:25:22.0115 5240 swprv - ok
13:25:22.0144 5240 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
13:25:22.0176 5240 Symc8xx - ok
13:25:22.0200 5240 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
13:25:22.0213 5240 Sym_hi - ok
13:25:22.0228 5240 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
13:25:22.0240 5240 Sym_u3 - ok
13:25:22.0273 5240 [ 8F2B5FEDE18BD3C4C926CBF88E6F1264 ] SysMain C:\Windows\system32\sysmain.dll
13:25:22.0381 5240 SysMain - ok
13:25:22.0451 5240 [ 1A78D70D7A02C920A18843426682899B ] SystemStore C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
13:25:22.0460 5240 SystemStore ( UnsignedFile.Multi.Generic ) - warning
13:25:22.0461 5240 SystemStore - detected UnsignedFile.Multi.Generic (1)
13:25:23.0197 5240 [ C00E46D1C09654206E58C8B6953D7D88 ] SystemStoreService C:\Program Files\Freetec\SystemStore\SystemStore.exe
13:25:23.0467 5240 SystemStoreService ( UnsignedFile.Multi.Generic ) - warning
13:25:23.0467 5240 SystemStoreService - detected UnsignedFile.Multi.Generic (1)
13:25:23.0534 5240 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:25:23.0594 5240 TabletInputService - ok
13:25:23.0642 5240 [ EF3DD33C740FC2F82E7E4622F1C49289 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:25:23.0716 5240 TapiSrv - ok
13:25:23.0737 5240 [ 68FA52794AE9ACC61BDE16FE0956B414 ] TBS C:\Windows\System32\tbssvc.dll
13:25:23.0789 5240 TBS - ok
13:25:23.0938 5240 [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:25:24.0053 5240 Tcpip - ok
13:25:24.0188 5240 [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
13:25:24.0214 5240 Tcpip6 - ok
13:25:24.0259 5240 [ 5CE0C4A7B12D0067DAD527D72B68C726 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:25:24.0304 5240 tcpipreg - ok
13:25:24.0323 5240 [ 964248AEF49C31FA6A93201A73FFAF50 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:25:24.0393 5240 TDPIPE - ok
13:25:24.0440 5240 [ 7D2C1AE1648A60FCE4AA0F7982E419D3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:25:24.0492 5240 TDTCP - ok
13:25:24.0509 5240 [ AB4FDE8AF4A0270A46A001C08CBCE1C2 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:25:24.0570 5240 tdx - ok
13:25:24.0596 5240 [ 2C549BD9DD091FBFAA0A2A48E82EC2FB ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:25:24.0618 5240 TermDD - ok
13:25:24.0654 5240 [ FAD71C1E8E4047B154E899AE31EB8CAA ] TermService C:\Windows\System32\termsrv.dll
13:25:24.0748 5240 TermService - ok
13:25:24.0776 5240 [ B264DFA21677728613267FE63802B332 ] Themes C:\Windows\system32\shsvcs.dll
13:25:24.0795 5240 Themes - ok
13:25:24.0856 5240 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] THREADORDER C:\Windows\system32\mmcss.dll
13:25:24.0901 5240 THREADORDER - ok
13:25:24.0973 5240 [ 6BBA0582C0025D43729A1112D3B57897 ] TrkWks C:\Windows\System32\trkwks.dll
13:25:25.0055 5240 TrkWks - ok
13:25:25.0161 5240 [ 34E388A395FEDBA1D0511ED39BBF4074 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:25:25.0191 5240 TrustedInstaller - ok
13:25:25.0213 5240 [ 29F0ECA726F0D51F7E048BDB0B372F29 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:25:25.0261 5240 tssecsrv - ok
13:25:25.0326 5240 [ 65E953BC0084D44498B51F59784D2A82 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
13:25:25.0371 5240 tunmp - ok
13:25:25.0386 5240 [ 4A39BDA5E0FD30BDF4884F9D33AE6105 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:25:25.0402 5240 tunnel - ok
13:25:25.0778 5240 [ 2AAC9A65E6EED26B089171C9EA7058D1 ] TVECapSvc C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe
13:25:25.0803 5240 TVECapSvc ( UnsignedFile.Multi.Generic ) - warning
13:25:25.0803 5240 TVECapSvc - detected UnsignedFile.Multi.Generic (1)
13:25:25.0827 5240 [ EF98452617CF044F32AEF5370320A55F ] TVESched C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe
13:25:25.0835 5240 TVESched ( UnsignedFile.Multi.Generic ) - warning
13:25:25.0836 5240 TVESched - detected UnsignedFile.Multi.Generic (1)
13:25:25.0909 5240 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:25:25.0943 5240 uagp35 - ok
13:25:25.0988 5240 [ 6348DA98707CEDA8A0DFB05820E17732 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:25:26.0090 5240 udfs - ok
13:25:26.0151 5240 [ 24A333F4F14DCFB6FF6D5A1B9E5D79DD ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:25:26.0183 5240 UI0Detect - ok
13:25:26.0225 5240 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:25:26.0258 5240 uliagpkx - ok
13:25:26.0296 5240 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
13:25:26.0315 5240 uliahci - ok
13:25:26.0345 5240 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
13:25:26.0360 5240 UlSata - ok
13:25:26.0388 5240 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
13:25:26.0403 5240 ulsata2 - ok
13:25:26.0429 5240 [ 3FB78F1D1DD86D87BECECD9DFFA24DD9 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:25:26.0503 5240 umbus - ok
13:25:26.0602 5240 [ 8EB871A3DEB6B3D5A85EB6DDFC390B59 ] upnphost C:\Windows\System32\upnphost.dll
13:25:26.0721 5240 upnphost - ok
13:25:26.0813 5240 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
13:25:26.0868 5240 USBAAPL - ok
13:25:26.0920 5240 [ B0BA9CAFFE9B0555EC0317F30CB79CD2 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:25:26.0976 5240 usbccgp - ok
13:25:26.0998 5240 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:25:27.0062 5240 usbcir - ok
13:25:27.0096 5240 [ C9FCD05B0A80EA08C2768E5A279B14DE ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:25:27.0109 5240 usbehci - ok
13:25:27.0138 5240 [ 5E44F7D957F7560DA06BFE6B84B58A35 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:25:27.0156 5240 usbhub - ok
13:25:27.0195 5240 [ 9333E482A173938788CBDE8F81EC52FB ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:25:27.0226 5240 usbohci - ok
13:25:27.0257 5240 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
13:25:27.0302 5240 usbprint - ok
13:25:27.0333 5240 [ 7887CE56934E7F104E98C975F47353C5 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:25:27.0359 5240 USBSTOR - ok
13:25:27.0380 5240 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:25:27.0429 5240 usbuhci - ok
13:25:27.0463 5240 [ 7764D99877E27436E95E4734624C9B45 ] UserAccess7 C:\Windows\system32\UAService7.exe
13:25:27.0499 5240 UserAccess7 ( UnsignedFile.Multi.Generic ) - warning
13:25:27.0499 5240 UserAccess7 - detected UnsignedFile.Multi.Generic (1)
13:25:27.0534 5240 [ F79D0D7C9004474CB42746D9B2C30A2B ] UxSms C:\Windows\System32\uxsms.dll
13:25:27.0595 5240 UxSms - ok
13:25:27.0618 5240 [ 12525F65E8C561B66E0BCE2DE2018C0C ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
13:25:27.0630 5240 VBoxDrv - ok
13:25:27.0649 5240 [ B9D3C274E937A15FD2CEF8AA1E4C3477 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
13:25:27.0662 5240 VBoxNetAdp - ok
13:25:27.0683 5240 [ 601FE4801743B00B446EF8E21E753ED5 ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
13:25:27.0695 5240 VBoxNetFlt - ok
13:25:27.0714 5240 [ 4AC4D33350CDD927CD575934CF983E68 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
13:25:27.0724 5240 VBoxUSBMon - ok
13:25:27.0757 5240 [ C9D0BAFEE0D0A2681F048CA61BC0DA96 ] vds C:\Windows\System32\vds.exe
13:25:27.0792 5240 vds - ok
13:25:27.0842 5240 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:25:27.0912 5240 vga - ok
13:25:27.0932 5240 [ 17A8F877314E4067F8C8172CC6D9101C ] VgaSave C:\Windows\System32\drivers\vga.sys
13:25:27.0983 5240 VgaSave - ok
13:25:28.0050 5240 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:25:28.0080 5240 viaagp - ok
13:25:28.0102 5240 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
13:25:28.0161 5240 ViaC7 - ok
13:25:28.0192 5240 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
13:25:28.0204 5240 viaide - ok
13:25:28.0238 5240 [ 103E84C95832D0ED93507997CC7B54E8 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:25:28.0251 5240 volmgr - ok
13:25:28.0266 5240 [ 294DA8D3F965F6A8DB934A83C7B461FF ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:25:28.0288 5240 volmgrx - ok
13:25:28.0319 5240 [ 80DC0C9BCB579ED9815001A4D37CBFD5 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:25:28.0338 5240 volsnap - ok
13:25:28.0369 5240 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:25:28.0404 5240 vsmraid - ok
13:25:28.0708 5240 [ E0E29D9EF2524ABD11749C7C2FD7F607 ] VSS C:\Windows\system32\vssvc.exe
13:25:28.0813 5240 VSS - ok
13:25:28.0872 5240 [ 62B0D0F6F5580D9D0DFA5E0B466FF2ED ] W32Time C:\Windows\system32\w32time.dll
13:25:29.0021 5240 W32Time - ok
13:25:29.0132 5240 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:25:29.0203 5240 WacomPen - ok
13:25:29.0227 5240 [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
13:25:29.0279 5240 Wanarp - ok
13:25:29.0285 5240 [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:25:29.0300 5240 Wanarpv6 - ok
13:25:29.0364 5240 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\Windows\system32\DRIVERS\wanatw4.sys
13:25:29.0407 5240 wanatw - ok
13:25:29.0465 5240 [ C1B19162E0509CEAB4CDF664E139D956 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:25:29.0514 5240 wcncsvc - ok
13:25:29.0559 5240 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:25:29.0626 5240 WcsPlugInService - ok
13:25:29.0704 5240 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
13:25:29.0732 5240 Wd - ok
13:25:29.0766 5240 [ 7B5F66E4A2219C7D9DAF9E738480E534 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:25:29.0823 5240 Wdf01000 - ok
13:25:29.0857 5240 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:25:29.0886 5240 WdiServiceHost - ok
13:25:29.0891 5240 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:25:29.0909 5240 WdiSystemHost - ok
13:25:30.0016 5240 [ 01E41C264EEDCB827820A1909162579F ] WebClient C:\Windows\System32\webclnt.dll
13:25:30.0047 5240 WebClient - ok
13:25:30.0085 5240 [ 9CF67FF7F8D34CBF115D0C278B9F74AA ] Wecsvc C:\Windows\system32\wecsvc.dll
13:25:30.0151 5240 Wecsvc - ok
13:25:30.0171 5240 [ B68CAB45DB1DAB59D92ACADFAD6364A8 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:25:30.0242 5240 wercplsupport - ok
13:25:30.0265 5240 [ 36BA0707680EF4236FD752BEE982CC25 ] WerSvc C:\Windows\System32\WerSvc.dll
13:25:30.0329 5240 WerSvc - ok
13:25:30.0466 5240 [ 0D5AD0E71FF5DDAC5DD2F443B499ABD0 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:25:30.0487 5240 WinDefend - ok
13:25:30.0501 5240 WinHttpAutoProxySvc - ok
13:25:30.0564 5240 [ 38A7B89DE4E3417C122317949667FDD8 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:25:30.0641 5240 Winmgmt - ok
13:25:30.0767 5240 [ 3F6823040030C3E4DA1CF11CD40B7534 ] WinRM C:\Windows\system32\WsmSvc.dll
13:25:30.0943 5240 WinRM - ok
13:25:31.0022 5240 [ 7640ACEA41348BFEF34B76E245501261 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:25:31.0131 5240 Wlansvc - ok
13:25:31.0164 5240 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:25:31.0231 5240 WmiAcpi - ok
13:25:31.0276 5240 [ A279323BEE5FFFAFDA222910BCE92132 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:25:31.0316 5240 wmiApSrv - ok
13:25:31.0417 5240 [ ACB2E63D50157E3EA7140F29D9E76A48 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:25:31.0541 5240 WMPNetworkSvc - ok
13:25:31.0617 5240 [ 3D3B3B80C12ABE506F56930C46422C28 ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:25:31.0671 5240 WPCSvc - ok
13:25:31.0698 5240 [ C24844A1D0D9528B19D5BC266B8CD572 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:25:31.0729 5240 WPDBusEnum - ok
13:25:31.0795 5240 [ 2D27171B16A577EF14C1273668753485 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
13:25:31.0865 5240 WpdUsb - ok
13:25:32.0231 5240 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:25:32.0288 5240 WPFFontCache_v0400 - ok
13:25:32.0385 5240 [ 84620AECDCFD2A7A14E6263927D8C0ED ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:25:32.0491 5240 ws2ifsl - ok
13:25:32.0521 5240 [ F97CBB919AF6D0A6643D1A59C15014D1 ] wscsvc C:\Windows\System32\wscsvc.dll
13:25:32.0544 5240 wscsvc - ok
13:25:32.0550 5240 WSearch - ok
13:25:33.0070 5240 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
13:25:33.0264 5240 wuauserv - ok
13:25:33.0325 5240 [ A2AAFCC8A204736296D937C7C545B53F ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:25:33.0418 5240 WUDFRd - ok
13:25:33.0444 5240 [ DB5BF5AAB72B1B99B5331231D09EBB26 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:25:33.0505 5240 wudfsvc - ok
13:25:33.0540 5240 XDva370 - ok
13:25:33.0556 5240 ================ Scan global ===============================
13:25:33.0660 5240 [ 8CD98A8EC9CADAF4E051CDCAC15C96C4 ] C:\Windows\system32\basesrv.dll
13:25:33.0727 5240 [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
13:25:33.0868 5240 [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
13:25:34.0034 5240 [ 329CF3C97CE4C19375C8ABCABAE258B0 ] C:\Windows\system32\services.exe
13:25:34.0039 5240 [Global] - ok
13:25:34.0039 5240 ================ Scan MBR ==================================
13:25:34.0079 5240 [ 38C8A4456C821E53324ADF51D68E3905 ] \Device\Harddisk0\DR0
13:25:34.0850 5240 \Device\Harddisk0\DR0 - ok
13:25:34.0855 5240 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
13:25:34.0917 5240 \Device\Harddisk1\DR1 - ok
13:25:34.0918 5240 ================ Scan VBR ==================================
13:25:34.0945 5240 [ 87795A4C81C844FA7B9FF8F9C687074F ] \Device\Harddisk0\DR0\Partition1
13:25:34.0959 5240 \Device\Harddisk0\DR0\Partition1 - ok
13:25:34.0963 5240 [ 2E2A6C7FCEAFC12244A3E288E4C9B4BA ] \Device\Harddisk1\DR1\Partition1
13:25:34.0982 5240 \Device\Harddisk1\DR1\Partition1 - ok
13:25:34.0986 5240 [ 2D83CFF692429C22881D42C51E321434 ] \Device\Harddisk1\DR1\Partition2
13:25:34.0988 5240 \Device\Harddisk1\DR1\Partition2 - ok
13:25:34.0990 5240 ============================================================
13:25:34.0990 5240 Scan finished
13:25:34.0990 5240 ============================================================
13:25:35.0007 5892 Detected object count: 22
13:25:35.0007 5892 Actual detected object count: 22
13:49:56.0999 5892 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0018 5892 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:49:57.0019 5892 FreemiumSelfUpdateService ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0019 5892 FreemiumSelfUpdateService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:49:57.0024 5892 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0024 5892 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:49:57.0029 5892 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0029 5892 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:49:57.0035 5892 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0035 5892 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:49:57.0041 5892 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0041 5892 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:49:57.0048 5892 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0048 5892 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:49:57.0052 5892 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0052 5892 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:49:57.0057 5892 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0058 5892 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:49:57.0063 5892 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0063 5892 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:49:57.0066 5892 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0066 5892 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:49:57.0069 5892 NMIndexingService ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0069 5892 NMIndexingService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:49:57.0072 5892 NPF_devolo ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0073 5892 NPF_devolo ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:49:57.0076 5892 NPPTNT2 ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0076 5892 NPPTNT2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:49:57.0079 5892 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0079 5892 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:49:57.0082 5892 SelfUpdateService ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0082 5892 SelfUpdateService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:49:57.0087 5892 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0087 5892 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:49:57.0089 5892 SystemStore ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0089 5892 SystemStore ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:49:57.0092 5892 SystemStoreService ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0092 5892 SystemStoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:49:57.0095 5892 TVECapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0096 5892 TVECapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:49:57.0099 5892 TVESched ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0099 5892 TVESched ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:49:57.0102 5892 UserAccess7 ( UnsignedFile.Multi.Generic ) - skipped by user
13:49:57.0102 5892 UserAccess7 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:52:05.0481 3080 Deinitialize success
PS.: Ist es in diesem Forum möglich Doppelposts zu erstellen oder soll ich warten bis alle log programme durch sind und dann alle logs auf einmal posten? |
|
14.12.2012, 15:04
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Funde von Malwarebytes (5 REgistry Keys, 2 Files) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.12.2012, 20:22
| #9 |
| | Funde von Malwarebytes (5 REgistry Keys, 2 Files) Hier is das Log von ComboFix Combofix Logfile: Code:
ATTFilter ComboFix 12-12-14.01 - "Mein Name" 14.12.2012 19:36:13.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.49.1031.18.3070.1888 [GMT 1:00]
ausgeführt von:: c:\users\"Mein Name"\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\users\"Mein Name"\AppData\Local\wgkoaos.dat
c:\users\"Mein Name"\AppData\Local\wgkoaos_nav.dat
c:\users\"Mein Name"\AppData\Local\wgkoaos_navps.dat
c:\users\"Mein Name"\Documents\~WRL0003.tmp
c:\users\"Mein Name"\Documents\~WRL0852.tmp
c:\users\"Mein Name"\Documents\~WRL1314.tmp
c:\users\"Mein Name"\Documents\~WRL2525.tmp
c:\users\"Mein Name"\Documents\~WRL3015.tmp
c:\users\"Name3"\AppData\Local\woiek.dat
c:\users\"Name3"\AppData\Local\woiek_nav.dat
c:\users\"Name3"\AppData\Local\woiek_navps.dat
c:\users\"Name3"\Documents\~WRL1344.tmp
c:\users\"Name3"\setup_Meine_Penny_Fotowelt.exe
c:\windows\IsUn0407.exe
c:\windows\system32\SET5EFA.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\unin0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-14 bis 2012-12-14 ))))))))))))))))))))))))))))))
.
.
2012-12-14 18:58 . 2012-12-14 18:58 -------- d-----w- c:\users\"Name3"\AppData\Local\temp
2012-12-14 18:58 . 2012-12-14 18:58 -------- d-----w- c:\users\"Name2"\AppData\Local\temp
2012-12-14 18:58 . 2012-12-14 18:59 -------- d-----w- c:\users\"Mein Name"\AppData\Local\temp
2012-12-14 06:42 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E2DD665-F1F8-41E4-8EEB-FC404FFB9A4B}\mpengine.dll
2012-12-13 13:11 . 2012-12-13 13:11 -------- d-----w- c:\users\"Mein Name"\AppData\Local\4A Games
2012-12-13 11:17 . 2012-12-13 11:17 -------- d-----w- c:\program files\ESET
2012-12-13 07:09 . 2012-12-13 07:09 -------- d-----w- c:\users\"Mein Name"\AppData\Roaming\.minecraft
2012-12-12 17:09 . 2012-12-12 17:09 100864 ----a-w- C:\pwldikog.sys
2012-12-08 19:57 . 2012-12-08 19:57 -------- d-----w- c:\programdata\ATI
2012-12-08 19:09 . 2012-12-08 19:09 -------- d-----w- c:\program files\Defraggler
2012-12-07 20:40 . 2012-12-07 20:40 42440 ----a-w- c:\windows\system32\xfcodec.dll
2012-11-30 22:30 . 2012-11-30 22:30 -------- d-----w- c:\users\"Mein Name"\AppData\Roaming\Malwarebytes
2012-11-30 22:27 . 2012-11-30 22:27 -------- d-----w- c:\programdata\Malwarebytes
2012-11-30 22:27 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-30 22:06 . 2012-11-30 22:06 -------- d-----w- c:\windows\CheckSur
2012-11-30 17:44 . 2012-08-21 12:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-30 17:43 . 2012-11-30 17:44 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-11-19 08:45 . 2012-11-19 09:41 -------- d-----w- c:\program files\MOUSE Editor
2012-11-17 19:34 . 2012-11-17 19:34 -------- d-----w- c:\programdata\DivX
2012-11-17 19:33 . 2012-11-17 19:33 -------- d-----w- c:\users\"Mein Name"\AppData\Roaming\OpenCandy
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-23 15:26 . 2009-11-17 09:34 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-11-23 15:26 . 2011-02-05 14:17 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-11-23 15:26 . 2010-06-01 15:59 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-11-17 21:51 . 2011-02-05 14:17 281768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-09-28 09:32 . 2012-09-28 09:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-09-28 09:32 . 2012-09-28 09:32 44544 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-10-14 20:42 . 2010-10-14 20:42 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-02-22 2353176]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
2010-02-22 11:05 2353176 ----a-w- c:\program files\XfireXO\tbXfir.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5e5ab302-7f65-44cd-8211-c1d4caaccea3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-02-22 2353176]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}"= "c:\program files\XfireXO\tbXfir.dll" [2010-02-22 2353176]
.
[HKEY_CLASSES_ROOT\clsid\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\"Mein Name"\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\"Mein Name"\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\"Mein Name"\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2010-10-01 20:05 129624 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE\shellex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"OscarEditor"="c:\program files\MOUSE Editor\MouseEditor.exe" [2012-02-22 3325952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoLed"="ModLEDKey.exe" [2006-11-09 53248]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"StartCCC"="j:\ati\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"setc"="c:\program files\MySecurityCenter\Programs\setc.exe" [2008-06-03 389992]
.
c:\users\"Mein Name"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\users\"Mein Name"\Documents\Xfire\Xfire.exe [2012-12-7 3558856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WinCinema Manager.lnk
backup=c:\windows\pss\ WinCinema Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HD Writer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HD Writer.lnk
backup=c:\windows\pss\HD Writer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Targa VFD Display.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Targa VFD Display.lnk
backup=c:\windows\pss\Targa VFD Display.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VR-NetWorld Auftragsprüfung.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk
backup=c:\windows\pss\VR-NetWorld Auftragsprüfung.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-16 09:45 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-11-16 09:36 205256 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
2011-11-11 17:25 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-05 23:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 13:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVMWlanClient]
2006-06-23 09:24 343552 ----a-w- c:\program files\avmwlanstick\FRITZWLanMini.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2006-11-02 12:35 125440 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-10-14 20:42 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-04-29 11:41 136176 ----atw- c:\users\"Mein Name"\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Updater]
2011-09-17 14:37 161336 ----a-w- c:\program files\Google\Google Updater\GoogleUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-11-14 13:47 50736 ----a-w- c:\program files\Common Files\aol\1170091329\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
2011-11-11 17:18 59240 ----a-w- c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-11-28 23:49 151952 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAFEHOME HotKeys]
2007-03-21 16:59 25088 ----a-w- c:\program files\Steganos Safe Home\SteganosHotKeyService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setc]
2008-06-03 10:35 389992 ----a-w- c:\program files\MySecurityCenter\Programs\setc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 12:46 1458176 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-04-06 08:14 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]
2007-01-30 22:45 155648 ------w- c:\program files\CyberLink\TV Enhance\TVEService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voobly]
2012-09-08 19:28 135168 ----a-w- j:\voobly\voobly.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-01-13 22:44 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2965953352-1890760225-2496969144-1005]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 52386062
*NewlyCreated* - 65787697
*Deregistered* - 52386062
*Deregistered* - 65787697
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-05 08:32]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0e3e4e232715.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 14:04]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-22 14:04]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2965953352-1890760225-2496969144-1005Core.job
- c:\users\"Mein Name"\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 11:41]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2965953352-1890760225-2496969144-1005UA.job
- c:\users\"Mein Name"\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-16 11:41]
.
2009-03-16 c:\windows\Tasks\Norton Security Scan for "Mein Name".job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 03:18]
.
2012-12-14 c:\windows\Tasks\User_Feed_Synchronization-{4A3E76D0-E68C-4A21-B28E-86BC8A6BF4F3}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
2012-12-14 c:\windows\Tasks\User_Feed_Synchronization-{51D01088-7933-438B-8322-599140E753AE}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
2012-12-14 c:\windows\Tasks\User_Feed_Synchronization-{6E7C662E-039E-4B71-9DDE-3A534EAA7812}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\"Mein Name"\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\users\"Mein Name"\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\"Mein Name"\AppData\Roaming\Mozilla\Firefox\Profiles\wloyt4hw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=hxxp://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=hxxp://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>fbdislike@doweb.fr: fbdislike@doweb.fr - %profile%\extensions\fbdislike@doweb.fr
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-AuditVista - (no file)
MSConfigStartUp-DVDFab Passkey - c:\program files\DVDFab Passkey\DVDFabPasskey.exe
MSConfigStartUp-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MSConfigStartUp-wgkoaos - c:\users\"Mein Name"\appdata\local\wgkoaos.exe
AddRemove-12345_is1 - c:\program files\WeGame\unins000.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
AddRemove-Avro Converter_is1 - c:\program files\Avro Converter\unins000.exe
AddRemove-BlockBall Evolution_is1 - c:\program files\BlockBall Evolution\unins000.exe
AddRemove-Call of Duty Black Ops_is1 - j:\call of duty black ops\unins000.exe
AddRemove-Cheat Engine 5.4_is1 - c:\users\"Mein Name"\Downloads\Cheat Engine\unins000.exe
AddRemove-Chilirec_0 - c:\program files\Chilirec\Uninstall.exe
AddRemove-Cross Fire_is1 - c:\users\"Mein Name"\Saved Games\CrossFire\unins000.exe
AddRemove-DataStar-Engine - c:\windows\unin0407.exe
AddRemove-DVDFab Passkey 8_is1 - c:\program files\DVDFab Passkey\unins000.exe
AddRemove-Evil Player - c:\program files\Evil Player\Uninstall.exe
AddRemove-EvilLyrics - c:\users\"Mein Name"\Downloads\evillyrics19\EvilLyrics\uninst.exe
AddRemove-Free FLV Converter_is1 - c:\program files\Free FLV Converter\unins000.exe
AddRemove-Free M4a to MP3 Converter_is1 - c:\program files\Free M4a to MP3 Converter\unins000.exe
AddRemove-Free Mp3 Wma Converter_is1 - c:\program files\Free Audio Pack\unins000.exe
AddRemove-Free WMA to MP3 Converter_is1 - c:\program files\Free WMA to MP3 Converter\unins000.exe
AddRemove-Game Maker 7.0 - c:\program files\Game_Maker7\Uninstal.exe
AddRemove-HyperCam 2 - c:\program files\HyCam2\UnHyCam2.exe
AddRemove-IcoFX_is1 - c:\users\"Mein Name"\Downloads\IcoFX 1.6\unins000.exe
AddRemove-IpodConverter_is1 - c:\users\"Mein Name"\Downloads\IpodConverter\unins000.exe
AddRemove-Jack Keane - c:\program files\10TACLE STUDIOS\Jack Keane\uninstall.exe
AddRemove-LIDL Fotoservice_is1 - c:\program files\LIDL Fotoservice\unins000.exe
AddRemove-Meine Penny Fotowelt - c:\program files\REWE\Meine Penny Fotowelt\uninstall.exe
AddRemove-Need For Speed II SE - c:\windows\unin0407.exe
AddRemove-Soldat_is1 - c:\users\"Mein Name"\Downloads\lol\lol\lolog\unins000.exe
AddRemove-TmNationsForever_is1 - c:\program files\TmNationsForever\unins000.exe
AddRemove-Vista Icon Pack ST_is1 - c:\users\"Mein Name"\Downloads\Vista Icon Pack ST\unins000.exe
AddRemove-Wolfenstein - Enemy Territory - c:\users\"Mein Name"\Downloads\Enemy Territory\uninst.exe
AddRemove-Wormux - c:\program files\Wormux\uninstall.exe
AddRemove-{119E2FCB-5CDD-4C24-BCB2-56A824E2BF0A}_is1 - j:\manic digger\Manic Digger\unins000.exe
AddRemove-{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1 - c:\users\"Mein Name"\Downloads\Counter-Strike 2D\unins000.exe
AddRemove-BitTorrent DNA - c:\users\"Mein Name"\Program Files\DNA\btdna.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-12-14 19:59
Windows 6.0.6000 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6000 Disk: ST350083 rev.3.AA -> Harddisk0\DR0 -> \Device\00000071
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\SystemStoreService]
"ImagePath"="\"c:\program files\Freetec\SystemStore\SystemStore.exe\" -displayname \"System Store Service\" -servicename:SystemStoreService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2965953352-1890760225-2496969144-1005\Software\SecuROM\License information*]
"datasecu"=hex:9f,64,01,40,02,52,73,06,54,f7,97,de,c2,da,42,77,a7,20,3b,55,2b,
79,66,de,01,d6,c6,8a,c6,da,72,9a,6f,9f,18,da,78,bf,9a,af,b5,67,10,63,4a,05,\
"rkeysecu"=hex:61,ec,bb,a9,ba,27,71,96,0b,2a,c7,b5,89,62,47,fc
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2012-12-14 20:13:02
ComboFix-quarantined-files.txt 2012-12-14 19:12
.
Vor Suchlauf: 4.934.201.344 Bytes frei
Nach Suchlauf: 8.848.769.024 Bytes frei
.
- - End Of File - - C6D9CC27A581D32F9874B3FBD6CFC06C
|
|
16.12.2012, 14:41
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Funde von Malwarebytes (5 REgistry Keys, 2 Files) adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.12.2012, 15:14
| #11 |
| | Funde von Malwarebytes (5 REgistry Keys, 2 Files)Code:
ATTFilter # AdwCleaner v2.100 - Datei am 16/12/2012 um 15:10:22 erstellt
# Aktualisiert am 09/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium (32 bits)
# Benutzer : "Mein Name" - "Mein Name"
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\"Mein Name"\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
Gefunden : ICQ Service
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files\Mozilla Firefox\.autoreg
Datei Gefunden : C:\Users\"Mein Name"\AppData\Roaming\Mozilla\Firefox\Profiles\wloyt4hw.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\"Mein Name"\AppData\Roaming\Mozilla\Firefox\Profiles\wloyt4hw.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\"Mein Name"\AppData\Roaming\Mozilla\Firefox\Profiles\wloyt4hw.default\searchplugins\icqplugin-2.xml
Datei Gefunden : C:\Users\"Mein Name"\AppData\Roaming\Mozilla\Firefox\Profiles\wloyt4hw.default\searchplugins\icqplugin-3.xml
Datei Gefunden : C:\Users\"Name 2"\AppData\Roaming\Mozilla\Firefox\Profiles\ph21nk38.default\searchplugins\icqplugin.xml
Datei Gefunden : C:\Users\"Name 2"\AppData\Roaming\Mozilla\Firefox\Profiles\ph21nk38.default\searchplugins\icqplugin-1.xml
Datei Gefunden : C:\Users\"Name 2"\AppData\Roaming\Mozilla\Firefox\Profiles\ph21nk38.default\searchplugins\icqplugin-2.xml
Datei Gefunden : C:\Users\"Name 2"\AppData\Roaming\Mozilla\Firefox\Profiles\ph21nk38.default\searchplugins\icqplugin-3.xml
Ordner Gefunden : C:\Program Files\Common Files\Plasmoo
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\ICQ6Toolbar
Ordner Gefunden : C:\Program Files\Viewpoint
Ordner Gefunden : C:\Program Files\XfireXO
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\ProgramData\Viewpoint
Ordner Gefunden : C:\Users\"Mein Name"\AppData\Local\OpenCandy
Ordner Gefunden : C:\Users\"Mein Name"\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\"Mein Name"\AppData\LocalLow\XfireXO
Ordner Gefunden : C:\Users\"Mein Name"\AppData\Roaming\Mozilla\Firefox\Profiles\wloyt4hw.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Ordner Gefunden : C:\Users\"Mein Name"\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\"Name 2"\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\"Name 2"\AppData\LocalLow\XfireXO
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\XfireXO
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Schlüssel Gefunden : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Schlüssel Gefunden : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\XfireXO Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{34A1D323-EB8D-4E60-B254-4C0ADFA4C11F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E564C2EB-7CD6-430A-9400-E0A72C481697}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\MetaStream
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E564C2EB-7CD6-430A-9400-E0A72C481697}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XfireXO Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gefunden : HKLM\Software\Viewpoint
Schlüssel Gefunden : HKLM\Software\XfireXO
Schlüssel Gefunden : HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
***** [Internet Browser] *****
-\\ Internet Explorer v7.0.6000.16982
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
-\\ Mozilla Firefox v3.6.3 (de)
Profilname : default
Datei : C:\Users\"Name 2"\AppData\Roaming\Mozilla\Firefox\Profiles\ph21nk38.default\prefs.js
Gefunden : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=");
Profilname : default
Datei : C:\Users\"Name 3"\AppData\Roaming\Mozilla\Firefox\Profiles\5sd2qwib.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\"Mein Name"\AppData\Roaming\Mozilla\Firefox\Profiles\wloyt4hw.default\prefs.js
Gefunden : user_pref("browser.startup.homepage", "hxxp://start.icq.com/");
Gefunden : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=");
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gefunden [l.13] : homepage = "hxxp://start.icq.com/",
Gefunden [l.1791] : homepage = "hxxp://start.icq.com/",
-\\ Chromium v {
show_on_all_tabs: true
}
Datei : C:\Users\"Mein Name"\AppData\Local\Chromium\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v10.10.1893.0
Datei : C:\Users\"Name 2"\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\"Mein Name"\AppData\Roaming\Opera\Opera\operaprefs.ini
Gefunden : application/x-winampx-1.0.0.1=6,,C:\Program Files\Mozilla Firefox\plugins\npwachk.dll,Winamp Applica[...]
Gefunden : application/x-mtx=6,,C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll,Meta[...]
Gefunden : application/x-winampx-1.0.0.1=,0
Gefunden : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera
*************************
AdwCleaner[R1].txt - [9414 octets] - [16/12/2012 15:10:22]
########## EOF - C:\AdwCleaner[R1].txt - [9474 octets] ##########
|
|
17.12.2012, 17:37
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Funde von Malwarebytes (5 REgistry Keys, 2 Files) adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.12.2012, 19:02
| #13 |
| | Funde von Malwarebytes (5 REgistry Keys, 2 Files) Ok ADW: Code:
ATTFilter # AdwCleaner v2.101 - Datei am 17/12/2012 um 18:08:08 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium (32 bits)
# Benutzer : "Mein Name" - "Mein Name"-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\"Mein Name"\Desktop\adwcleaner (1).exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : ICQ Service
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\Common Files\Plasmoo
Ordner Gelöscht : C:\Program Files\Viewpoint
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\Users\"Mein Name"\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\"Mein Name"\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\"Name1"\AppData\LocalLow\Conduit
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Schlüssel Gelöscht : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
Schlüssel Gelöscht : HKLM\Software\MetaStream
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gelöscht : HKLM\Software\Viewpoint
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
***** [Internet Browser] *****
-\\ Internet Explorer v7.0.6000.16982
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/ --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.13] : homepage = "hxxp://start.icq.com/",
Gelöscht [l.1791] : homepage = "hxxp://start.icq.com/",
-\\ Chromium v {
show_on_all_tabs: true
}
Datei : C:\Users\"Mein Name"\AppData\Local\Chromium\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v10.10.1893.0
Datei : C:\Users\"Name1"\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\"Mein Name"\AppData\Roaming\Opera\Opera\operaprefs.ini
Gelöscht : application/x-winampx-1.0.0.1=6,,C:\Program Files\Mozilla Firefox\plugins\npwachk.dll,Winamp Applica[...]
Gelöscht : application/x-mtx=6,,C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll,Meta[...]
Gelöscht : application/x-winampx-1.0.0.1=,0
Gelöscht : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera
*************************
AdwCleaner[R1].txt - [9445 octets] - [16/12/2012 15:10:22]
AdwCleaner[R2].txt - [9603 octets] - [16/12/2012 15:10:54]
AdwCleaner[S1].txt - [5364 octets] - [17/12/2012 18:08:08]
########## EOF - C:\AdwCleaner[S1].txt - [5424 octets] ##########
OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.12.2012 18:28:38 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\"Mein Name"\Desktop\Logs Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16982) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 55,01% Memory free 10,65 Gb Paging File | 9,29 Gb Available in Paging File | 87,20% Paging File free Paging file location(s): c:\pagefile.sys 9000 9000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 5,40 Gb Free Space | 1,18% Space Free | Partition Type: NTFS Drive D: | 4,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive J: | 732,42 Gb Total Space | 178,35 Gb Free Space | 24,35% Space Free | Partition Type: NTFS Drive R: | 199,09 Gb Total Space | 30,09 Gb Free Space | 15,12% Space Free | Partition Type: NTFS Computer Name: "Mein Name"-PC | User Name: "Mein Name" | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\"Mein Name"\Desktop\Logs\OTL.exe (OldTimer Tools) PRC - J:\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\Freetec\SystemStore\Freemium.SelfUpdate.exe () PRC - C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.) PRC - J:\HiPatchService.exe (Hi-Rez Studios) PRC - C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe () PRC - C:\Program Files\MOUSE Editor\MouseEditor.exe () PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch) PRC - C:\Windows\System32\UAService7.exe (Sony DADC Austria AG.) PRC - J:\ATI\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) PRC - J:\ATI\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.) PRC - C:\Program Files\MySecurityCenter\Programs\Service.exe () PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe () PRC - C:\Windows\ModLEDKey.exe (Chicony) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3693.42556__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3693.42460__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3693.42508__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3693.42522__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3693.42442__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3693.42461__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3693.42537__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3693.42517__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3693.42450__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3693.42499__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3693.42456__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3693.42451__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3693.42552__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.3693.42473__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3693.42488__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3693.42512__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3693.42504__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.3693.42472__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3693.42503__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3693.42536__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3693.42518__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3693.42452__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3693.42500__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3693.42462__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3693.42482__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3693.42486__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3693.42466__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3693.42487__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3693.42496__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3693.42497__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3693.42564__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3693.42545__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.3309.28633__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3693.42525__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3693.42455__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3693.42531__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3693.42440__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3693.42530__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3693.42441__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3693.42437__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3693.42446__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3693.42440__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3693.42439__90ba9c70f846762e\APM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3693.42438__90ba9c70f846762e\AEM.Server.dll () MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3693.42531__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Program Files\MOUSE Editor\MouseEditor.exe () MOD - C:\Program Files\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03858406f9a9514402888707e8b93abe\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\cccf9e783368088a6d357cc45f446478\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1941d7639299344ae28fb6b23da65247\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6312464f64727a2a50d5ce3fd73ad1bb\System.Drawing.ni.dll () MOD - C:\Program Files\MOUSE Editor\dll\DLL_Wheel4D.dll () MOD - C:\Program Files\MOUSE Editor\dll\DLL_AnalyzeGesturesInRight.dll () MOD - C:\Program Files\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll () MOD - C:\Program Files\MOUSE Editor\dll\DLL_MouseDeviceManager.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll () MOD - C:\Program Files\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll () MOD - C:\Program Files\MOUSE Editor\dll\DLL_AnalyzeGesturesInOne.dll () MOD - C:\Program Files\MOUSE Editor\dll\DLL_ZoomControl.dll () MOD - C:\Program Files\MOUSE Editor\dll\DLL_ScrollbarControl.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - J:\ATI\ATI.ACE\Branding\Branding.dll () MOD - J:\Filezilla\FileZilla FTP Client\fzshellext.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () ========== Services (SafeList) ========== SRV - (FolderSize) -- C:\Program Files\FolderSize\FolderSizeSvc.exe File not found SRV - (SystemStoreService) -- C:\Program Files\Freetec\SystemStore\SystemStore.exe () SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SelfUpdateService) -- C:\Program Files\Freetec\SystemStore\SelfUpdate.exe () SRV - (MBAMService) -- J:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- J:\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (FreemiumSelfUpdateService) -- C:\Program Files\Freetec\SystemStore\Freemium.SelfUpdate.exe () SRV - (HiPatchService) -- J:\HiPatchService.exe (Hi-Rez Studios) SRV - (SystemStore) -- C:\Program Files\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe () SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (CSObjectsSrv) -- C:\Program Files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (UserAccess7) -- C:\Windows\System32\UAService7.exe (Sony DADC Austria AG.) SRV - (MySecurityCenter License Service) -- C:\Program Files\MySecurityCenter\Programs\Service.exe () SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (TVECapSvc) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe () SRV - (TVESched) -- C:\Program Files\CyberLink\TV Enhance\Kernel\TV\TVESched.exe () SRV - (AOL ACS) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC) ========== Driver Services (SafeList) ========== DRV - (XDva370) -- C:\Windows\system32\XDva370.sys File not found DRV - (StarOpen) -- File not found DRV - (sony_ssm.sys) -- C:\Users\NIKOLA~1\AppData\Local\Temp\sony_ssm.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\NIKOLA~1\AppData\Local\Temp\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (dvdfab) -- C:\Windows\System32\drivers\dvdfab.sys (Fengtao Software Inc.) DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.) DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Sun Microsystems, Inc.) DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Sun Microsystems, Inc.) DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Sun Microsystems, Inc.) DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (CSCrySec) -- C:\Windows\System32\drivers\CSCrySec.sys (Infowatch) DRV - (CSVirtualDiskDrv) -- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys (Infowatch) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (KLBG) -- C:\Windows\System32\drivers\klbg.sys (Kaspersky Lab) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (AmdLLD) -- C:\Windows\System32\drivers\AmdLLD.sys (AMD, Inc.) DRV - (SLEE_15_DRIVER) -- C:\Windows\System32\drivers\sleen15.sys (Softwareentwicklung Remus - ArchiCrypt ) DRV - (NPF_devolo) -- C:\Windows\System32\drivers\npf_devolo.sys (CACE Technologies) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (HCW88TSE) -- C:\Windows\System32\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc) DRV - (HCW88BDA) -- C:\Windows\System32\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc) DRV - (HCW88AUD) -- C:\Windows\System32\drivers\hcw88aud.sys (Hauppauge Computer Works, Inc) DRV - (wanatw) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.) DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH) DRV - (JGOGO) -- C:\Windows\System32\drivers\JGOGO.sys (JMicron ) DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLA_de IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\"Mein Name"\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\"Mein Name"\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\"Mein Name"\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.05 17:42:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky PURE\THBExt [2012.04.30 18:15:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\"Mein Name"\Program Files\DNA [2009.08.28 14:43:16 | 000,000,000 | ---D | M] [2012.12.16 18:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2009.06.16 17:50:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.05.21 15:01:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.30 17:48:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.15 19:19:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.23 22:38:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.20 13:37:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.22 19:25:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.03.12 16:26:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.04.30 18:18:47 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Free Studio (Enabled) = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\np_dvs_plugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll CHR - plugin: DNA Plug-in (Enabled) = C:\Users\"Mein Name"\Program Files\DNA\plugins\npbtdna.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\"Mein Name"\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\ O1 HOSTS File: ([2012.12.14 19:59:13 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O3 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe () O4 - HKLM..\Run: [MoLed] C:\Windows\ModLEDKey.exe (Chicony) O4 - HKLM..\Run: [setc] C:\Program Files\MySecurityCenter\Programs\setc.exe (MySecurityCenter) O4 - HKLM..\Run: [StartCCC] J:\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005..\Run: [OscarEditor] C:\Program Files\MOUSE Editor\MouseEditor.exe () O4 - Startup: C:\Users\"Mein Name"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Users\"Mein Name"\Documents\Xfire\Xfire.exe (Xfire Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\"Mein Name"\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\"Mein Name"\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O15 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab (Battlefield Heroes Updater) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} hxxp://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://asp04.photoprintit.de/microsite/5372/defaults/activex/IPSUploader.cab (IPSUploader Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58A9C5FC-1915-4D77-B2E2-566E50F1BDA9}: DhcpNameServer = 192.168.178.1 O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\kloehk.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky PURE\mzvkbd3.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\...com [@ = ComFile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.12.15 13:29:19 | 000,000,000 | ---D | C] -- C:\e74359119baa189018d3c0110d143279 [2012.12.14 20:13:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.12.14 20:13:04 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Local\temp [2012.12.14 19:31:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.12.14 19:31:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.12.14 19:31:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2012.12.14 19:31:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.12.14 19:31:00 | 000,000,000 | ---D | C] -- C:\ComboFix [2012.12.14 19:30:54 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.12.14 19:28:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.12.14 19:23:05 | 005,010,912 | R--- | C] (Swearware) -- C:\Users\"Mein Name"\Desktop\ComboFix.exe [2012.12.14 14:02:07 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\Desktop\Logs [2012.12.14 07:28:02 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\"Mein Name"\Desktop\aswMBR.exe [2012.12.13 14:14:13 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\Documents\4A Games [2012.12.13 14:11:05 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Local\4A Games [2012.12.13 12:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.12.13 08:09:25 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Roaming\.minecraft [2012.12.12 18:09:19 | 000,100,864 | ---- | C] (GMER) -- C:\pwldikog.sys [2012.12.08 20:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.12.08 20:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2012.12.08 20:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2012.11.30 23:30:29 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Roaming\Malwarebytes [2012.11.30 23:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.30 23:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.30 23:27:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.30 23:06:22 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2012.11.30 18:43:02 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.11.27 21:24:59 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends [2012.11.23 22:16:26 | 000,000,000 | ---D | C] -- C:\Users\"Mein Name"\Desktop\info 2012 [2012.11.19 09:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Software [2012.11.19 09:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\MOUSE Editor [2012.11.17 20:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2011.01.28 22:54:25 | 000,367,081 | ---- | C] (UTDM & NoBS ) -- C:\Users\"Mein Name"\Punkbuster.Got.Busted.v1.5-NoBS-UTDM.exe [2010.08.26 20:54:36 | 096,962,344 | ---- | C] (Apple Inc.) -- C:\Users\"Mein Name"\iTunesSetup try.exe [2010.08.26 19:02:09 | 000,889,416 | ---- | C] (Microsoft Corporation) -- C:\Users\"Mein Name"\dotNetFx40_Full_setup.exe [2010.08.26 18:57:38 | 002,869,264 | ---- | C] (Microsoft Corporation) -- C:\Users\"Mein Name"\dotNetFx35setup.exe [2009.12.06 21:42:04 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\"Mein Name"\AppData\Roaming\pcouffin.sys [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.17 18:32:02 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2965953352-1890760225-2496969144-1005UA.job [2012.12.17 18:30:09 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4A3E76D0-E68C-4A21-B28E-86BC8A6BF4F3}.job [2012.12.17 18:30:00 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{51D01088-7933-438B-8322-599140E753AE}.job [2012.12.17 18:30:00 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6E7C662E-039E-4B71-9DDE-3A534EAA7812}.job [2012.12.17 18:18:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cb0e3e4e232715.job [2012.12.17 18:18:51 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.17 18:18:51 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.17 18:18:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.17 18:12:43 | 3219,644,416 | -HS- | M] () -- C:\hiberfil.sys [2012.12.17 18:07:32 | 000,547,175 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\adwcleaner (1).exe [2012.12.17 17:50:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.17 13:35:10 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl [2012.12.16 18:52:38 | 000,764,096 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.16 18:52:38 | 000,712,342 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.16 18:52:38 | 000,166,684 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.16 18:52:38 | 000,142,794 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.15 13:32:30 | 000,327,680 | ---- | M] () -- C:\Windows\SPInstall.etl [2012.12.14 19:59:13 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.12.14 19:27:04 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2965953352-1890760225-2496969144-1005Core.job [2012.12.14 15:14:12 | 005,010,912 | R--- | M] (Swearware) -- C:\Users\"Mein Name"\Desktop\ComboFix.exe [2012.12.14 10:30:00 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.12.13 23:40:20 | 000,000,512 | ---- | M] () -- C:\Users\"Mein Name"\Documents\MBR.dat [2012.12.13 22:31:53 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\"Mein Name"\Desktop\aswMBR.exe [2012.12.13 12:13:11 | 000,002,087 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\Google Chrome.lnk [2012.12.12 18:09:19 | 000,100,864 | ---- | M] (GMER) -- C:\pwldikog.sys [2012.12.12 18:04:28 | 000,302,592 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\3ti9jgqo.exe [2012.12.12 17:54:29 | 000,000,234 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\Metro 2033.url [2012.12.12 14:47:36 | 000,848,794 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\SCAN0102.JPG [2012.12.11 18:23:55 | 000,053,131 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\Logfiles.zip [2012.12.09 14:02:12 | 000,211,968 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.09 01:26:18 | 000,007,808 | ---- | M] () -- C:\Users\"Mein Name"\AppData\Local\d3d9caps.dat [2012.12.09 01:03:09 | 000,000,020 | ---- | M] () -- C:\Users\"Mein Name"\defogger_reenable [2012.12.08 20:09:07 | 000,001,662 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2012.12.08 19:19:09 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.07 21:40:40 | 000,042,440 | ---- | M] () -- C:\Windows\System32\xfcodec.dll [2012.12.02 14:53:19 | 000,219,266 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\vvanchor3.JPG [2012.12.02 14:09:06 | 000,191,691 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\vvanchor2.JPG [2012.12.02 14:08:52 | 000,190,784 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\vvanchor.JPG [2012.12.02 10:17:50 | 000,102,169 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\rfo2.JPG [2012.12.02 10:17:28 | 000,194,171 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\rfo.JPG [2012.11.30 23:36:34 | 000,000,576 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.30 18:45:33 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.30 15:32:09 | 000,187,830 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\lol bug.JPG [2012.11.27 21:25:00 | 000,000,506 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\XAMPP Control Panel.lnk [2012.11.23 16:26:15 | 000,281,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2012.11.19 09:51:47 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Mouse Editor.lnk [2012.11.18 12:10:18 | 000,000,724 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\lol.launcher.admin.exe - Verknüpfung.lnk [2012.11.17 22:51:05 | 000,281,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2012.11.17 20:34:29 | 000,000,992 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\DVDVideoSoft Free Studio.lnk [2012.11.17 20:34:28 | 000,000,696 | ---- | M] () -- C:\Users\"Mein Name"\Desktop\Free YouTube Download.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.17 18:07:47 | 000,547,175 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\adwcleaner (1).exe [2012.12.14 19:31:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.12.14 19:31:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.12.14 19:31:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.12.14 19:31:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.12.14 19:31:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.12.13 23:40:20 | 000,000,512 | ---- | C] () -- C:\Users\"Mein Name"\Documents\MBR.dat [2012.12.12 18:11:44 | 000,302,592 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\3ti9jgqo.exe [2012.12.12 17:54:28 | 000,000,234 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\Metro 2033.url [2012.12.12 17:40:32 | 000,848,794 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\SCAN0102.JPG [2012.12.11 18:23:54 | 000,053,131 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\Logfiles.zip [2012.12.09 13:59:31 | 000,327,680 | ---- | C] () -- C:\Windows\SPInstall.etl [2012.12.09 01:02:47 | 000,000,020 | ---- | C] () -- C:\Users\"Mein Name"\defogger_reenable [2012.12.08 20:09:07 | 000,001,662 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk [2012.12.08 19:19:09 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.12.07 21:40:40 | 000,042,440 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2012.12.06 12:21:41 | 3219,644,416 | -HS- | C] () -- C:\hiberfil.sys [2012.12.02 14:53:16 | 000,219,266 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\vvanchor3.JPG [2012.12.02 14:09:03 | 000,191,691 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\vvanchor2.JPG [2012.12.02 14:08:44 | 000,190,784 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\vvanchor.JPG [2012.12.02 10:17:47 | 000,102,169 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\rfo2.JPG [2012.12.02 10:17:25 | 000,194,171 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\rfo.JPG [2012.11.30 23:27:53 | 000,000,576 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.30 18:45:33 | 000,001,624 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.11.30 15:31:59 | 000,187,830 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\lol bug.JPG [2012.11.27 21:25:00 | 000,000,506 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\XAMPP Control Panel.lnk [2012.11.19 09:51:47 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Mouse Editor.lnk [2012.11.18 12:10:22 | 000,000,724 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\lol.launcher.admin.exe - Verknüpfung.lnk [2012.11.17 20:34:28 | 000,000,696 | ---- | C] () -- C:\Users\"Mein Name"\Desktop\Free YouTube Download.lnk [2012.06.05 00:27:31 | 000,000,053 | ---- | C] () -- C:\Users\"Mein Name"\jagex_cl_runescape_LIVE.dat [2012.06.05 00:27:31 | 000,000,001 | ---- | C] () -- C:\Users\"Mein Name"\random.dat [2012.04.30 18:18:23 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2012.04.30 18:18:23 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2012.01.15 19:25:34 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.01.11 18:01:33 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe [2012.01.02 23:34:23 | 000,000,600 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\winscp.rnd [2011.12.26 17:53:00 | 000,000,000 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\{194E177D-9D30-4CF7-B8D9-C1E24D923C40} [2011.07.05 19:28:11 | 000,097,312 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin [2011.06.19 09:07:37 | 000,000,102 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\fusioncache.dat [2011.05.31 13:28:58 | 000,000,004 | RHS- | C] () -- C:\ProgramData\sysqcl1129139270.dat [2011.04.27 10:36:05 | 117,342,208 | ---- | C] () -- C:\Users\"Mein Name"\kavkis.msi [2011.02.08 20:06:45 | 000,006,274 | ---- | C] () -- C:\Users\"Mein Name"\.recently-used.xbel [2011.01.23 17:52:05 | 000,061,208 | ---- | C] () -- C:\Windows\System32\MPEG4E-uninstall.exe [2010.10.23 19:49:20 | 000,000,458 | ---- | C] () -- C:\Users\"Mein Name"\NWT.lnk [2010.04.04 17:04:03 | 000,021,504 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\WebpageIcons.db [2009.12.26 15:11:24 | 000,138,904 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\PnkBstrK.sys [2009.12.06 21:47:45 | 000,001,041 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\vso_ts_preview.xml [2009.12.06 21:42:04 | 000,087,608 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\inst.exe [2009.12.06 21:42:04 | 000,007,887 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\pcouffin.cat [2009.12.06 21:42:04 | 000,001,144 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\pcouffin.inf [2009.01.21 16:13:35 | 000,000,099 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\wgkoaos.bat [2008.07.13 14:03:28 | 000,000,099 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\ismxydep.bat [2007.08.30 21:08:32 | 000,211,968 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.04.30 15:55:13 | 000,000,552 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\d3d8caps.dat [2007.04.21 09:51:26 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.04.16 11:38:11 | 000,007,808 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Local\d3d9caps.dat [2007.04.14 19:37:42 | 000,005,526 | ---- | C] () -- C:\Users\"Mein Name"\AppData\Roaming\wklnhst.dat [2007.04.14 18:46:40 | 000,001,346 | RHS- | C] () -- C:\Users\"Mein Name"\ntuser.pol ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.09.17 19:01:38 | 011,315,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.08.27 01:18:12 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > |
|
17.12.2012, 19:03
| #14 |
| | Funde von Malwarebytes (5 REgistry Keys, 2 Files) Extras OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.12.2012 18:28:38 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\"Mein Name"\Desktop\Logs
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 55,01% Memory free
10,65 Gb Paging File | 9,29 Gb Available in Paging File | 87,20% Paging File free
Paging file location(s): c:\pagefile.sys 9000 9000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 5,40 Gb Free Space | 1,18% Space Free | Partition Type: NTFS
Drive D: | 4,30 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive J: | 732,42 Gb Total Space | 178,35 Gb Free Space | 24,35% Space Free | Partition Type: NTFS
Drive R: | 199,09 Gb Total Space | 30,09 Gb Free Space | 15,12% Space Free | Partition Type: NTFS
Computer Name: "Mein Name"-PC | User Name: "Mein Name" | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Meine Penny Fotowelt.exe] -- "C:\Program Files\REWE\Meine Penny Fotowelt\Meine Penny Fotowelt.exe" "%1"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2965953352-1890760225-2496969144-1005]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{043E40BA-290B-4C21-A664-6B45572849C6}" = lport=137 | protocol=17 | dir=in | app=system |
"{050D349C-75E2-45BC-AF9E-B7A00B8CC9DE}" = lport=10300 | protocol=6 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{09EFEA52-E3E9-4A74-9FEC-4A59648B4EDD}" = lport=12346 | protocol=6 | dir=in | app=c:\program files\devolo\easyshare\easyshare.exe |
"{1B6D9331-19BB-452E-848A-DFBBF225AF76}" = lport=8725 | protocol=6 | dir=in | name=i-clickr.exe operation port (8725) |
"{1D933372-5D65-41A0-AE00-40C52E83BBB8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{2A4F895E-5EED-4466-9324-4F403E4DC7B9}" = rport=137 | protocol=17 | dir=out | app=system |
"{3037CF33-BE15-441A-8AA6-4BE77FC056C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3300A8DA-4C76-4273-84FC-177BAE197550}" = lport=12345 | protocol=17 | dir=in | app=c:\program files\devolo\easyshare\easyshare.exe |
"{42EA98FE-6860-4086-8FC2-6360D9A06F71}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5AF9F806-5AA5-46D3-8246-6385D3068214}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5C8468F9-20BA-4157-A14F-D9E3B5C9B3DA}" = lport=1725 | protocol=6 | dir=in | name=i-clickr.exe operation port (1725) |
"{5EBF7A75-CACF-4AFE-94A0-7015F7E45ACD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{61F8D555-721C-41D0-B986-D21A35E2EA18}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{62339E9B-4735-4684-9489-C68C94EA332F}" = rport=138 | protocol=17 | dir=out | app=system |
"{6292115B-3765-45A5-8C60-0282ECB8AD71}" = lport=8725 | protocol=6 | dir=in | name=i-clickr.exe operation port (8725) |
"{647B2CA7-3E95-4716-B966-95E0C4E6A4CC}" = lport=1725 | protocol=6 | dir=in | name=i-clickr.exe operation port (1725) |
"{67D761CB-9447-489E-AD20-9E4AAE39AD5C}" = rport=139 | protocol=6 | dir=out | app=system |
"{82DBAA61-D562-4D3C-8E03-D32EEF2F3A1B}" = lport=139 | protocol=6 | dir=in | app=system |
"{912D93F7-56B6-4884-A34E-078B41AF6649}" = rport=445 | protocol=6 | dir=out | app=system |
"{9ACA33DE-4EAE-4048-8F0E-106A2221997C}" = lport=1725 | protocol=6 | dir=in | name=i-clickr.exe operation port (1725) |
"{B9C197B6-5DA4-4BFD-BECE-E980A60BF06E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BBBB30C4-B077-4B61-A1B7-E09532BBE345}" = lport=10301 | protocol=17 | dir=in | app=c:\program files\devolo\informer\devinf.exe |
"{CAD414E1-614D-44AC-ACF3-799CBD5AD68E}" = lport=8725 | protocol=6 | dir=in | name=i-clickr.exe operation port (8725) |
"{E3C30A12-1323-4393-8308-2594A014F1EE}" = lport=445 | protocol=6 | dir=in | app=system |
"{F7914D80-6DCC-4097-92C2-C9647A5245BA}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008A2492-0065-4D41-907D-A3AEE1C46C73}" = protocol=6 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{01579CA4-FE10-4FFA-8F35-95539AD22DF3}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\appdata\roaming\u3\0877020a28931f0e\cd231c46-3c7e-4c00-9ed9-59b8444fb374\exec\veohwebplayer.exe |
"{04E156A1-BFEA-4FE7-A170-929ACE45C9A3}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{0D596B76-14F2-4C56-9E2F-8ABDC3A365B5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{0FACF4D4-972D-4D65-B8C9-FA873308E081}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{13751A64-C0C9-4E57-ABF1-0F39A79AE807}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1B184E09-E7D3-4CC0-869B-F79D463B7170}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield 2142-demo\bf2142.exe |
"{1D064B2F-91EA-4C17-887F-42F6D5FC74A4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1D4FB092-64CB-47F9-BD9B-33D34F13596C}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\appdata\roaming\dropbox\bin\dropbox.exe |
"{1F47FE55-F6A5-432A-A225-03ACE4FC0E88}" = protocol=17 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe |
"{2896CB9F-C7B9-4A7B-B725-1C058C0207E5}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{29F1940C-25B3-44F7-A0F0-6BC051996F37}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{31986909-E370-4E0F-A7C8-414A7582D6EF}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\metro 2033\metro2033.exe |
"{333D55BB-9E71-4141-9507-D4CFBEB3CF0D}" = protocol=6 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe |
"{336D1A4B-58AD-4D39-8C23-BAA75E786913}" = protocol=17 | dir=in | app=j:\mass effect 3\battlefield 1942\bf1942.exe |
"{33FC5D3F-52E0-4414-A0F9-BBED90E3652B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{389F2BD8-D4D6-404A-80C8-965EC39A8678}" = protocol=6 | dir=in | app=j:\mass effect 3\battlefield 1942\bf1942.exe |
"{3AFED1C3-3D0E-4DF5-B0DA-E4395F10677F}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{3FB9D87A-DADD-442B-B191-87928BA809EE}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\downloads\snowboundonline\run.exe |
"{475AF2A6-C880-49CB-82A7-1C5E543BA0E3}" = protocol=17 | dir=in | app=j:\bf2142\bf2142.exe |
"{4772B36F-1447-447D-9452-86840A543652}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{4811B5DA-0EB2-4740-B961-AB10D35B4027}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\cod4\call of duty 4\iw3mp.exe |
"{4CE01849-D520-433D-B883-933E22620FBF}" = dir=in | app=c:\program files\cyberlink\tv enhance\tveservice.exe |
"{4E21C7DC-2287-4545-8A33-EB614CDB127F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{4E93362E-0D55-4A8D-B065-A54333BED1EE}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{56BFB906-DB16-4D49-AE34-93193AD1240C}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\alien swarm\swarm.exe |
"{5F091766-5C2E-4D36-BF4C-31CA2AB69C6E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{612AD058-ADFD-4840-A8D1-B8DCD65300EF}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\cod4\call of duty 4\iw3mp.exe |
"{61E96254-C0E5-4FB6-B2CF-B153244AAB42}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{634C018E-9750-48AE-A1FB-434814D53992}" = protocol=6 | dir=in | app=j:\bf2142\bf2142.exe |
"{63C0C541-A9C7-4183-BE67-28E02FFC1FDA}" = protocol=17 | dir=in | app=c:\program files\ubisoft\demo\tom clancy's h.a.w.x\hawx_dx10.exe |
"{63D55AC9-3C99-4BE2-A031-668E24A1105E}" = protocol=17 | dir=in | app=j:\mass effect 3\mass effect 3\binaries\win32\masseffect3.exe |
"{64969770-7192-474A-AD89-E3EA61D14CEA}" = protocol=6 | dir=in | app=c:\program files\unreal tournament 3 demo\binaries\ut3demo.exe |
"{673341BD-1D80-4D31-80B1-7DB3F03343DC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6A68C287-FEF5-4C31-BE0D-A8A4DC6BDE5C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{6D8AEC5D-0C6B-4643-ACA3-7CAF913E4C5B}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\bullet run\launchpad.exe |
"{6EF54516-8CC6-480E-9E0B-9975CAB98041}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\alien swarm\srcds.exe |
"{6F4178A6-1790-437B-8E66-CE6E87050F2B}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\alien swarm\srcds.exe |
"{7383D51E-0CF2-40B5-BB8F-BD337483B885}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{741AC322-C212-447B-9054-37270CC09916}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7D0BE409-9AC1-4D46-BCF0-2348E7006BD4}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{86D94FB9-83B7-4257-840C-6E97A4CB6BF1}" = protocol=6 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe |
"{8B64B647-7D5B-4360-BA76-A1CFA2FFC1B2}" = protocol=17 | dir=in | app=j:\battlefield bad company 2 installation\installation\bfbc2updater.exe |
"{9554D44E-52B0-4699-8978-7125091BF9BD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9648B1D8-055A-4A7C-BD40-969D0F32E87B}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\downloads\snowboundonline\run.exe |
"{9A2BA966-8815-43D1-8F6F-6B282479EFB4}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{9B8FF9E9-A6FF-4002-9022-9347CD9DA994}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\appdata\roaming\dropbox\bin\dropbox.exe |
"{A6AAD251-65DC-4A9F-B432-C9B8708421A9}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steam.exe |
"{AA0119C2-8546-40A8-8BD2-889CB7E937ED}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{AD99BBAE-1CB3-41B1-9940-43B5A0EB8FC3}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{B2C836D1-4270-40A1-9E75-F57422E414D3}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{B59224AC-256C-4A39-8850-E1E4DCBB4652}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B60A1A0B-CE95-4543-84EE-21E8B66903AE}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield 2142-demo\bf2142.exe |
"{B938BEBA-7526-4486-90B0-D09B65641106}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\alien swarm\swarm.exe |
"{BA7A24F0-2C3F-445A-907F-566EA5AE170B}" = protocol=17 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe |
"{BCA223DD-3731-4E34-91B1-47B8B4470EFB}" = protocol=17 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{BD8A7EDE-C644-40EC-A26F-D6B2678A93A7}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{BE2FB613-DC7D-466D-926E-2D8A48A92275}" = protocol=17 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe |
"{BEB5A006-B708-4A0F-95E6-96E121338565}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{BEC86453-AD6E-49ED-A2A4-C7B771244744}" = protocol=17 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe |
"{C4E18CAE-58BB-43CD-AC0F-36DFAC6D5531}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{C89B0DB3-ADD6-4966-B71E-1EA6B36351F0}" = protocol=6 | dir=in | app=c:\program files\mass effect\binaries\masseffect.exe |
"{C97B6629-96B4-4AFA-AA8E-8491E229D032}" = protocol=6 | dir=in | app=j:\battlefield bad company 2 installation\installation\bfbc2updater.exe |
"{CA6BD48D-CEDE-4D6E-90F6-6A29AFFA01AC}" = protocol=6 | dir=in | app=c:\program files\ubisoft\demo\tom clancy's h.a.w.x\hawx.exe |
"{CB983A37-8226-4FC1-A370-64468FE2D5A1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{D18D99CC-E680-41F8-B621-0536099A1F33}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steam.exe |
"{D23FBF07-E105-41FF-8C8D-7B636F9C46E4}" = protocol=6 | dir=in | app=c:\program files\senstic\i-clickr\i-clickr.exe |
"{D57833E9-7C6E-48CB-BC81-694D573F3741}" = protocol=17 | dir=in | app=c:\program files\mass effect\masseffectlauncher.exe |
"{D99382CB-8319-4589-B2C5-2173ACF3CC1A}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{DA741759-8F1D-48FF-966B-D85F95BACD01}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{E0597B26-C6D9-45FE-8EB3-9BC34583CDEC}" = protocol=6 | dir=in | app=c:\program files\mass effect 2\binaries\masseffect2.exe |
"{E41C3E88-62F0-4300-8912-0AC17F3C9912}" = protocol=17 | dir=in | app=c:\users\"Mein Name"\appdata\roaming\u3\0877020a28931f0e\cd231c46-3c7e-4c00-9ed9-59b8444fb374\exec\veohwebplayer.exe |
"{E610BA98-922A-4101-895D-5E7F8F4DB51A}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{E869332F-242D-47B8-9484-34D31447FC99}" = dir=in | app=c:\program files\cyberlink\tv enhance\tvenhance.exe |
"{EDC8972E-994B-4DE7-A875-F15CEA735F8A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\demo\tom clancy's h.a.w.x\hawx.exe |
"{EE5A97FD-BF8E-4606-A216-9D55A8198567}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{F16004F0-A467-4F9A-BF6F-9E10A9137446}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F3338F92-AFA6-4135-AF4F-827C3F291EAD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F34BAB6D-0B40-45F7-911B-32E4553C1DAA}" = protocol=17 | dir=in | app=c:\program files\mass effect 2\masseffect2launcher.exe |
"{F3700F4B-FCBC-4340-A41C-FB4FF58E2AB5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{F8A677DA-BAD8-4BFF-8B18-791485AA77A6}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\bullet run\launchpad.exe |
"{FAACBDC6-23C9-4E1F-9E9A-9A15EA58F400}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FD321891-A361-4527-ABCD-FDD50C9F8603}" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\steam\steamapps\common\metro 2033\metro2033.exe |
"{FD732187-1938-43AD-A857-169979224063}" = protocol=6 | dir=in | app=c:\program files\ubisoft\demo\tom clancy's h.a.w.x\hawx_dx10.exe |
"{FE2C0635-2C57-45CD-89F5-9545B0CD7E32}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{FF3509B2-B5C1-4B06-9E6B-31E8990F2FBD}" = protocol=6 | dir=in | app=j:\mass effect 3\mass effect 3\binaries\win32\masseffect3.exe |
"TCP Query User{03D33879-E3AA-4425-BECC-704636108403}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{06EDE779-C0A7-423D-A439-AC91BF725ED4}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{0F96FE42-65E2-499B-B71F-CFF9ED281BA4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{1348F152-A572-4878-983F-4256B827AE16}C:\users\"Mein Name"\documents\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\documents\splinter cell pandora tomorrow\pandora.exe |
"TCP Query User{1AB91DBF-EA0E-4B2D-95F0-BA81FC5FB37A}C:\programdata\kaspersky lab setup files\kis 2009\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kis 2009\setup.exe |
"TCP Query User{2ABA0EB1-C48B-47A3-8A33-E96E0A6D7731}C:\program files\sega\medieval ii total war\kingdoms.exe" = protocol=6 | dir=in | app=c:\program files\sega\medieval ii total war\kingdoms.exe |
"TCP Query User{304F9A74-5FE8-4E6F-B368-5F6182377E19}C:\users\"Mein Name"\downloads\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\downloads\splinter cell pandora tomorrow\pandora.exe |
"TCP Query User{33CD4190-123C-44FD-8F4C-F97C44973892}C:\users\"Mein Name"\documents\splinter cell pandora tomorrow\online\system\shadowstrike_static_retail.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\documents\splinter cell pandora tomorrow\online\system\shadowstrike_static_retail.exe |
"TCP Query User{396C7825-604B-4569-A87F-EFBA69A4B70B}C:\users\"Mein Name"\downloads\lt2.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\downloads\lt2.exe |
"TCP Query User{44972D24-599F-4A4E-BC81-041CE26FBA63}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{49757D71-DD69-4DEF-B5D2-FB672CD845BF}C:\users\"Mein Name"\desktop\icq6\icq.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\desktop\icq6\icq.exe |
"TCP Query User{4CFC4B1A-2974-4CB0-A923-92F827924253}C:\users\"Mein Name"\documents\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\documents\xfire\xfire.exe |
"TCP Query User{51C3D57E-86F7-4243-AF5B-E18FF9F1B140}C:\program files\electronic arts\need for speed 2142\bf2142.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed 2142\bf2142.exe |
"TCP Query User{5220CD32-8958-4517-989A-8B111F5E7147}C:\users\"Mein Name"\desktop\wolf\etded.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\desktop\wolf\etded.exe |
"TCP Query User{57C508FA-5A2F-41C0-B9FB-961461BDA7DD}C:\users\"Mein Name"\downloads\counter-strike 2d\counterstrike2d.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\downloads\counter-strike 2d\counterstrike2d.exe |
"TCP Query User{5F92C5E0-49BB-4F8A-B1CA-0234E8C28BDE}J:\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=j:\battlefield 2\bf2.exe |
"TCP Query User{646CFE34-F136-4D98-81B3-059A6C2471B9}C:\users\"Mein Name"\downloads\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\downloads\warcraft iii\war3.exe |
"TCP Query User{68962E6F-C6C1-49B9-8A22-866295A326AB}C:\users\"Mein Name"\saved games\medieval_tw.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\saved games\medieval_tw.exe |
"TCP Query User{689F6D71-E1F1-42D2-A5BA-166D633B2C4A}C:\users\"Mein Name"\downloads\enemy territory\etded.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\downloads\enemy territory\etded.exe |
"TCP Query User{6C0900B0-CF0A-4114-A0FD-38A3B1932FDB}J:\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=j:\microsoft games\age of mythology\aom.exe |
"TCP Query User{7932B87C-1958-4E22-956E-A5417C315923}C:\users\"Mein Name"\desktop\wolf\et.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\desktop\wolf\et.exe |
"TCP Query User{87B0E21E-0D7C-4944-8677-CF1482DCAB50}C:\program files\metin2_germany\zoom.nebel.exe" = protocol=6 | dir=in | app=c:\program files\metin2_germany\zoom.nebel.exe |
"TCP Query User{93079E9F-415B-48B5-9C4C-1285D146ED99}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe |
"TCP Query User{97CDC3DE-D4EB-4A67-9D23-5A765EC0E94E}C:\program files\ratajik software\stationripper\stationripperconsole.exe" = protocol=6 | dir=in | app=c:\program files\ratajik software\stationripper\stationripperconsole.exe |
"TCP Query User{AFC2FCDD-3F35-4FCD-B9D7-D1AAAB6D5770}C:\program files\metin2_germany\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"TCP Query User{BA7220BB-D13E-4E6D-87D9-EBDCCE9B6FCB}J:\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=j:\call of duty 2\cod2mp_s.exe |
"TCP Query User{C3DE0B48-C340-4EFE-B5D0-B648C72BE420}C:\program files\sega\medieval ii total war\medieval2.exe" = protocol=6 | dir=in | app=c:\program files\sega\medieval ii total war\medieval2.exe |
"TCP Query User{C69183A1-BBD4-46CF-A4D6-2E1C306B21EC}C:\users\"Mein Name"\desktop\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\desktop\icq6.5\icq.exe |
"TCP Query User{C883CE68-10E8-42F4-954E-DB94FC5646AE}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{CF33721D-264B-42C4-A710-CB872B269610}C:\users\"Mein Name"\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\program files\dna\btdna.exe |
"TCP Query User{D21D26C6-F907-4DCF-A9E8-25CB6BAA5332}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D2CB94A2-EBEE-418F-A7D9-FCB0DD0BBBC6}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{D4DEBAF2-DA52-4E03-8CA8-7AD39B156076}C:\users\"Mein Name"\downloads\enemy territory\et.exe" = protocol=6 | dir=in | app=c:\users\"Mein Name"\downloads\enemy territory\et.exe |
"TCP Query User{D8CBD838-3C84-4BBC-AB58-303BA2D3DF5A}C:\program files\vr-networld\onlupd04.exe" = protocol=6 | dir=in | app=c:\program files\vr-networld\onlupd04.exe |
"TCP Query User{D8E033B5-B008-4C0C-8E58-23E889B07AB5}C:\program files\ea sports\fifa 08\fifa08.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 08\fifa08.exe |
"TCP Query User{F6E12003-13A5-434D-A5FA-B263130B3C3C}C:\program files\chilirec\chilirec.exe" = protocol=6 | dir=in | app=c:\program files\chilirec\chilirec.exe |
"UDP Query User{0C0D690E-F99F-4DA4-890D-6D9C8CEDDEFA}C:\program files\chilirec\chilirec.exe" = protocol=17 | dir=in | app=c:\program files\chilirec\chilirec.exe |
"UDP Query User{107EEF0C-CFBE-461A-A832-0EE7081E28BA}C:\program files\ea games\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\program files\ea games\need for speed most wanted\speed.exe |
"UDP Query User{19F2C2CE-717D-4A90-A4B5-7A767B98BE65}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{1AB22088-2A1A-4F36-B9C4-CBAB40991D97}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{1CBF49BA-8D4C-41A7-A455-A60C4C060B93}C:\program files\sega\medieval ii total war\medieval2.exe" = protocol=17 | dir=in | app=c:\program files\sega\medieval ii total war\medieval2.exe |
"UDP Query User{27E87F2B-7500-488C-B285-45E1384EFDA5}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{2809C715-5B06-46B1-91C9-0C2058BF31AD}J:\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=j:\call of duty 2\cod2mp_s.exe |
"UDP Query User{2FB7BAE5-9D0D-43EE-AD3E-930827C6F036}C:\program files\sega\medieval ii total war\kingdoms.exe" = protocol=17 | dir=in | app=c:\program files\sega\medieval ii total war\kingdoms.exe |
"UDP Query User{33F3464D-97E7-424A-99FA-A41F0D7BA165}C:\users\"Mein Name"\downloads\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\downloads\splinter cell pandora tomorrow\pandora.exe |
"UDP Query User{3A78D58A-A596-41E8-A45C-EBF247AFC79A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{3C197361-5E89-40A4-ACE0-9DAB5606835C}C:\users\"Mein Name"\downloads\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\downloads\warcraft iii\war3.exe |
"UDP Query User{458F72FD-3FAB-4624-9A3C-08C654CA74FD}C:\program files\ratajik software\stationripper\stationripperconsole.exe" = protocol=17 | dir=in | app=c:\program files\ratajik software\stationripper\stationripperconsole.exe |
"UDP Query User{479518A2-2254-4236-9602-1E210D996940}C:\users\"Mein Name"\documents\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\documents\splinter cell pandora tomorrow\pandora.exe |
"UDP Query User{4A319CA3-9CA3-420E-8A26-FCC8A6E7D8E7}C:\users\"Mein Name"\documents\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\documents\xfire\xfire.exe |
"UDP Query User{57123135-B37B-4279-BE31-638E79544ED4}C:\program files\vr-networld\onlupd04.exe" = protocol=17 | dir=in | app=c:\program files\vr-networld\onlupd04.exe |
"UDP Query User{77B992A8-8701-4CD0-84B2-77A3F4E42FE1}C:\program files\metin2_germany\zoom.nebel.exe" = protocol=17 | dir=in | app=c:\program files\metin2_germany\zoom.nebel.exe |
"UDP Query User{7FACA5C7-C559-47A2-9F02-68A367299ACE}C:\users\"Mein Name"\saved games\medieval_tw.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\saved games\medieval_tw.exe |
"UDP Query User{88985996-6974-4D4C-A54B-4CE9CDAD28CA}C:\users\"Mein Name"\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\program files\dna\btdna.exe |
"UDP Query User{929DE895-4CEB-4E2C-B5DE-06D378875361}C:\users\"Mein Name"\downloads\enemy territory\et.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\downloads\enemy territory\et.exe |
"UDP Query User{9B75E4FE-0490-48F1-A8C4-D382993E2BD5}C:\users\"Mein Name"\downloads\counter-strike 2d\counterstrike2d.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\downloads\counter-strike 2d\counterstrike2d.exe |
"UDP Query User{9D416AF1-ABA9-4DFD-9A20-26D57731924C}C:\users\"Mein Name"\desktop\wolf\et.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\desktop\wolf\et.exe |
"UDP Query User{9DD0867B-0EB0-43C7-8371-36C47FF0A0F8}C:\users\"Mein Name"\downloads\enemy territory\etded.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\downloads\enemy territory\etded.exe |
"UDP Query User{A0617B1A-0D69-47BC-A698-81478813B6E1}C:\program files\metin2_germany\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\metin2.bin |
"UDP Query User{A08232B3-619C-497C-B77F-49F6803C5758}C:\program files\ea sports\fifa 08\fifa08.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 08\fifa08.exe |
"UDP Query User{A53AEEC9-637F-4CFC-9D49-E6F398D69D1C}C:\users\"Mein Name"\desktop\icq6\icq.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\desktop\icq6\icq.exe |
"UDP Query User{AB580111-DC9E-420F-84D3-C136C54C585A}J:\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=j:\battlefield 2\bf2.exe |
"UDP Query User{AF16AA90-D274-49FA-8FC1-505B2CBAD3BA}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{BA96268C-BA5C-4181-A903-DC90931290E9}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{C28E026C-AD95-419E-806A-946CA64FD002}C:\programdata\kaspersky lab setup files\kis 2009\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kis 2009\setup.exe |
"UDP Query User{D4EBB88D-A56D-45D8-9724-508F175F70DC}C:\users\"Mein Name"\downloads\lt2.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\downloads\lt2.exe |
"UDP Query User{D5B045A6-DF06-4911-B625-975909D269AF}C:\users\"Mein Name"\documents\splinter cell pandora tomorrow\online\system\shadowstrike_static_retail.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\documents\splinter cell pandora tomorrow\online\system\shadowstrike_static_retail.exe |
"UDP Query User{D7F79F11-1A42-4B48-A096-E3199A85CBC5}C:\program files\electronic arts\need for speed 2142\bf2142.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed 2142\bf2142.exe |
"UDP Query User{E09C0CD6-EEF7-4C72-AFC1-7F88EFB8D012}C:\users\"Mein Name"\desktop\wolf\etded.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\desktop\wolf\etded.exe |
"UDP Query User{E0C84730-9955-466D-9B30-83D62422BDA3}J:\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=j:\microsoft games\age of mythology\aom.exe |
"UDP Query User{E5175B33-EE39-4972-9587-5DBC6DBDCDBC}C:\users\"Mein Name"\desktop\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\users\"Mein Name"\desktop\icq6.5\icq.exe |
"UDP Query User{EDB774BA-079A-4E50-A547-3FE6CA4520CE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{02909B43-867E-4774-BB8B-9840D89D72EF}" = Medieval - Total War (TM)
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06100048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta 2006 Enzyklopädie Standard
"{0740E89E-9162-4BE2-9C4E-D9CFE33CB67A}" = i-Clickr
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07E4F3CE-A34E-4667-8DE9-147249FAE468}" = Mein Geld Professional
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0FCEE1FB-C48F-421C-B4C1-B952F1B67617}" = Actio multimedial
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{14FA6DD9-92ED-493D-A937-81A78870E08A}_is1" = Free Video Joiner 1.1
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{2A03B9F8-BE6D-43C6-A16A-B9998A194AF0}" = Garmin Training Center
"{2B54B4B6-5834-494D-81E6-79AC3955EEE5}_is1" = SnowBound Online
"{2BE6CDFB-9037-4FE5-93D4-6CFB4BE84958}" = TubeBox
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{37598694-FDF5-47BA-9433-AC8416BAD384}" = Serif PhotoPlus 10
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Games
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{4356EDD5-144A-44F2-B352-A9232D280A0C}" = MAGIX Music Maker 17
"{44C05309-60F4-410B-BC32-31733CFF1A46}" = Microsoft Foto 2006 Standard Edition Editor
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4FB66B14-DB8D-770D-D66F-5243AB27B604}" = Catalyst Control Center Graphics Previews Vista
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB252}" = Microsoft Foto 2006 Standard Edition Bibliothek
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{5678B15A-504C-4A79-8554-05488A206E41}" = HD Writer AE 3.0
"{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"{581CE7EA-A30D-0000-A215-088635773309}" = Atheros AR5007 Wireless LAN - USB
"{58a26b11-1507-4461-bb28-9c2be3a0dff1}" = TubeBox
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{5D5509EA-B85A-411E-AB75-59069A411876}" = COMPUTERBILD SPIELE Game-Center
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{622C377C-CF0D-492A-BC20-0480381A79E3}" = MySecurityCenter License Service
"{635EDAAB-BF20-414D-A87A-3D43BFA3EDB9}" = Targa VFD Display
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{6786926E-661B-F38F-4A02-27864C2CC290}" = Trainingstagebuch Uploader
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6A1F0A1A-474C-4151-8534-5F61832D88CD}" = Comic Life
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72376EB6-0189-45B3-A4F6-823F549697C3}" = MOUSE Editor
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}" = Sansa Media Converter
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F5A4EAD-FAB1-48BE-9EDF-A975FF7D1031}" = Nero 7 Essentials
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{8113B2B8-EC59-4BE8-963A-FBC5EC40B1CF}_is1" = Pod to PC version 3.206
"{815050E5-F545-11D4-9569-004095812ACC}" = Serious Sam: Der erste Kontakt
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}" = Microsoft AutoRoute 2006
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{90F1DDBF-0C56-44B0-A920-72CC90C51565}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{948B09C2-16EF-41DC-8E24-5C90B9D8360F}" = Sun VirtualBox
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{9F74B6DE-B89C-4532-AFED-5AB0CCAAC1DF}_is1" = TCX Converter 2.0.24
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{B0D70EC6-E1CF-4EC3-BE09-FA75470D3902}" = Norton Security Scan
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 9.0.600.0
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C730B021-96D7-4F63-B52E-27F9A8155BE1}" = MAGIX Screenshare
"{C7411D97-EF5E-46B2-8B49-E408A344DF82}" = MAGIX Speed burnR (MSI)
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE28E6F5-4A03-4DED-B954-D0779B47FFBF}" = Works Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Pod to PC 3.085
"{D719F7E4-9280-410B-97D6-79F18306D29C}" = Similarity 1.1.0
"{DA08DB77-8603-96AC-ED7D-399D7304D079}" = Catalyst Control Center Localization German
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DCE907E3-4D72-4CD3-A08A-BEFC8C7A5869}" = Branding
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{E7391464-6939-413C-B427-32F33FE13484}" = GameSpy Comrade
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{EDC66A92-4603-4D72-B28C-570075B55DF0}" = USB Wireless Keyboard Driver
"{EE246B64-54FC-42A6-8384-B61546B0C7F8}" = Steganos Safe Home 2007
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FA630728-674D-F321-A9CE-C6DF1ED4EB50}" = CCC Help German
"{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
"{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FD347316-609E-4149-983C-84B40338D38A}" = Battlefield 2142-Demo
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}" = Pure
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 4.57
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Age of Mythology 1.0" = Age of Mythology
"Aladdin_is1" = Aladdin
"Alldj DVD Ripper Platium_is1" = Alldj DVD Ripper Platium 4.0
"AnyDVD" = AnyDVD
"AOL Deinstallation" = AOL Deinstallation
"Audacity_is1" = Audacity 1.2.6
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.166
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Custom AOM Multiplayer+AI Maps by KillZaw" = Custom AOM Multiplayer+AI Maps by KillZaw
"Defraggler" = Defraggler
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DiskAid_is1" = DiskAid 5.08
"DivX Codec" = DivX Codec
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"DTGDesktop" = Documents To Go Desktop for iPhone
"DVDFab 8 Qt_is1" = DVDFab 8.1.3.8 (09/12/2011) Qt
"easyshare" = devolo EasyShare
"ESET Online Scanner" = ESET Online Scanner v3
"Fallout New Vegas_is1" = Fallout New Vegas
"FileRestorePlus™_is1" = FileRestorePlus™ 3.0.1.811
"Fraps" = Fraps (remove only)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.7.23.324
"Free Studio_is1" = Free Studio version 5.3.3
"Free Video Converter" = Free Video Converter
"Free Video Converter_is1" = Free Video Converter V 2.3
"Free Video Dub_is1" = Free Video Dub version 1.5
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8
"Free YouTube Download_is1" = Free YouTube Download version 3.1.40.1031
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.40.602
"Free YouTube Uploader_is1" = Free YouTube Uploader version 2.3
"GameSpy Arcade" = GameSpy Arcade
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Guild Wars" = GUILD WARS
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"iLyrics_is1" = iLyrics 1.1.1.2 BETA
"ImTOO MP4 Video Converter" = ImTOO MP4 Video Converter
"InstallShield_{02909B43-867E-4774-BB8B-9840D89D72EF}" = Medieval - Total War (TM)
"InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II
"InstallShield_{72376EB6-0189-45B3-A4F6-823F549697C3}" = Mouse Editor
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"iPhone_Backup_Switch_1.0" = iPhone Backup Switch
"IrfanView" = IrfanView (remove only)
"ismxydep" = Favorit
"iTSfv_is1" = iTSfv 5.60.25 BETA
"LetsTrade" = LetsTrade Komponenten
"MAGIX_{4356EDD5-144A-44F2-B352-A9232D280A0C}" = MAGIX Music Maker 17
"MAGIX_{C730B021-96D7-4F63-B52E-27F9A8155BE1}" = MAGIX Screenshare
"MAGIX_{C7411D97-EF5E-46B2-8B49-E408A344DF82}" = MAGIX Speed burnR (MSI)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MediaInfo" = MediaInfo 0.7.39
"Medieval Total War" = Medieval - Total War (TM)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MPEG4E" = MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only)
"Notepad++" = Notepad++
"NSSSetup.{B0D70EC6-E1CF-4EC3-BE09-FA75470D3902}" = Norton Security Scan (Symantec Corporation)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Origin" = Origin
"Palringo" = Palringo
"Picasa 3" = Picasa 3
"PictureItPrem_v12" = Microsoft Foto 2006 Standard Edition
"Security Task Manager" = Security Task Manager 1.8d
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SopCast" = SopCast 3.2.4
"ST4UNST #1" = Peck's Power Join
"Steam" = Steam
"Steam App 211880" = Bullet Run
"Steam App 22350" = Brink
"Steam App 400" = Portal
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Streamripper" = Streamripper (Remove only)
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"TDMaker_is1" = iTSfv 5.60.25.1 BETA
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"Tomb Raider: Legend" = Tomb Raider: Legend 1.2
"Tomb Raider: Underworld" = Tomb Raider: Underworld 1.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Uploader.6A755FBD4A9495E76557F9D696C5965FE7FBEA15.1" = Trainingstagebuch Uploader
"VLC media player" = VLC media player 1.0.0
"Voobly_is1" = Voobly Game Data
"VSO DivxToDVD_is1" = DivxToDVD 0.5.2
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.4.6
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.1.9
"Works2006Setup" = Setup-Start von Microsoft Works Suite 2006
"xampp" = XAMPP 1.8.1
"xchat" = XChat 2 (remove only)
"Xfire" = Xfire (remove only)
"XMedia Recode" = XMedia Recode 2.2.1.6
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2965953352-1890760225-2496969144-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.2.7.1
"Google Chrome" = Google Chrome
"InstallShield_{3266FEA9-98E9-448B-B235-DAC63D4CE781}" = Unreal Tournament 3 Demo
"StationRipper" = StationRipper 2.93B
"Vietcong 2" = Vietcong 2
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.12.2012 13:07:27 | Computer Name = "Mein Name"-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PMB.exe, Version 2.6.0.2, Zeitstempel 0x4f2712ba,
fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode
0xc0000020, Fehleroffset 0x00008fc7, Prozess-ID 0x1540, Anwendungsstartzeit 01cddbafd1ea10b0.
Error - 16.12.2012 16:41:33 | Computer Name = "Mein Name"-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PMB.exe, Version 2.6.0.2, Zeitstempel 0x4f2712ba,
fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode
0xc0000020, Fehleroffset 0x00008fc7, Prozess-ID 0xd68, Anwendungsstartzeit 01cddbcdba238100.
Error - 17.12.2012 08:25:55 | Computer Name = "Mein Name"-PC | Source = MSSQL$MSSMLBIZ | ID = 9003
Description = Die Protokollscannummer (103:184:1), die an den Protokollscan in der
'msdb'-Datenbank übergeben wurde, ist ungültig. Dieser Fehler kann darauf hinweisen,
dass Daten beschädigt sind oder dass die Protokolldatei (LDF) nicht mit der Datendatei
(MDF) übereinstimmt. Falls dieser Fehler während der Replikation aufgetreten ist,
müssen Sie die Publikation neu erstellen. Andernfalls stellen Sie die Datenbank
von einer Sicherung wieder her, falls das Problem zu einem Fehler beim Starten
führt.
Error - 17.12.2012 08:25:55 | Computer Name = "Mein Name"-PC | Source = MSSQL$MSSMLBIZ | ID = 3414
Description = Fehler bei der Wiederherstellung. Die 'msdb'-Datenbank (Datenbank-ID
4) kann daher nicht neu gestartet werden. Diagnostizieren und beheben Sie die Wiederherstellungsfehler,
oder führen Sie eine Wiederherstellung von einer als fehlerfrei bekannten Sicherung
aus. Falls die Fehler nicht behoben werden oder unerwartete Fehler auftreten, wenden
Sie sich an den technischen Support.
Error - 17.12.2012 08:26:01 | Computer Name = "Mein Name"-PC | Source = MSSQL$MSSMLBIZ | ID = 8355
Description = Service Broker ist in MSDB deaktiviert, oder MSDB konnte nicht gestartet
werden. Ereignisbenachrichtigungen auf Serverebene können nicht übermittelt werden.
Ereignisbenachrichtigungen mit FAN_IN in anderen Datenbanken können ebenfalls davon
betroffen sein.
Error - 17.12.2012 08:33:06 | Computer Name = "Mein Name"-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PMB.exe, Version 2.6.0.2, Zeitstempel 0x4f2712ba,
fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode
0xc0000020, Fehleroffset 0x00008fc7, Prozess-ID 0x14c4, Anwendungsstartzeit 01cddc52a5ddc806.
Error - 17.12.2012 09:29:22 | Computer Name = "Mein Name"-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PMB.exe, Version 2.6.0.2, Zeitstempel 0x4f2712ba,
fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode
0xc0000020, Fehleroffset 0x00008fc7, Prozess-ID 0x8d4, Anwendungsstartzeit 01cddc5a83ce2bd6.
Error - 17.12.2012 13:19:18 | Computer Name = "Mein Name"-PC | Source = MSSQL$MSSMLBIZ | ID = 9003
Description = Die Protokollscannummer (103:184:1), die an den Protokollscan in der
'msdb'-Datenbank übergeben wurde, ist ungültig. Dieser Fehler kann darauf hinweisen,
dass Daten beschädigt sind oder dass die Protokolldatei (LDF) nicht mit der Datendatei
(MDF) übereinstimmt. Falls dieser Fehler während der Replikation aufgetreten ist,
müssen Sie die Publikation neu erstellen. Andernfalls stellen Sie die Datenbank
von einer Sicherung wieder her, falls das Problem zu einem Fehler beim Starten
führt.
Error - 17.12.2012 13:19:18 | Computer Name = "Mein Name"-PC | Source = MSSQL$MSSMLBIZ | ID = 3414
Description = Fehler bei der Wiederherstellung. Die 'msdb'-Datenbank (Datenbank-ID
4) kann daher nicht neu gestartet werden. Diagnostizieren und beheben Sie die Wiederherstellungsfehler,
oder führen Sie eine Wiederherstellung von einer als fehlerfrei bekannten Sicherung
aus. Falls die Fehler nicht behoben werden oder unerwartete Fehler auftreten, wenden
Sie sich an den technischen Support.
Error - 17.12.2012 13:19:22 | Computer Name = "Mein Name"-PC | Source = MSSQL$MSSMLBIZ | ID = 8355
Description = Service Broker ist in MSDB deaktiviert, oder MSDB konnte nicht gestartet
werden. Ereignisbenachrichtigungen auf Serverebene können nicht übermittelt werden.
Ereignisbenachrichtigungen mit FAN_IN in anderen Datenbanken können ebenfalls davon
betroffen sein.
[ Media Center Events ]
Error - 28.07.2007 11:05:00 | Computer Name = "Mein Name"-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
Error - 16.04.2008 08:10:42 | Computer Name = "Mein Name"-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
[ OSession Events ]
Error - 05.01.2010 05:34:44 | Computer Name = "Mein Name"-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 17.12.2012 13:10:11 | Computer Name = "Mein Name"-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
11, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 17.12.2012 13:10:11 | Computer Name = "Mein Name"-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
12, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 17.12.2012 13:10:11 | Computer Name = "Mein Name"-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
13, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 17.12.2012 13:12:41 | Computer Name = "Mein Name"-PC | Source = volsnap | ID = 393241
Description = Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher
nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern
oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird,
auswählen.
Error - 17.12.2012 13:21:30 | Computer Name = "Mein Name"-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 17.12.2012 13:21:30 | Computer Name = "Mein Name"-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.12.2012 13:21:49 | Computer Name = "Mein Name"-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 17.12.2012 13:21:49 | Computer Name = "Mein Name"-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.12.2012 13:23:10 | Computer Name = "Mein Name"-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 17.12.2012 13:23:10 | Computer Name = "Mein Name"-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >
|
|
17.12.2012, 19:51
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Funde von Malwarebytes (5 REgistry Keys, 2 Files)Fixen mit OTL
Code:
ATTFilter :OTL
DRV - (XDva370) -- C:\Windows\system32\XDva370.sys File not found
DRV - (StarOpen) -- File not found
O3 - HKU\S-1-5-21-2965953352-1890760225-2496969144-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FA5F15C4
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
:Files
C:\Users\"Mein Name"\Documents\MBR.dat
C:\Users\"Mein Name"\Punkbuster.*
C:\e74359119baa189018d3c0110d143279
C:\ProgramData\sysqcl1129139270.dat
C:\Users\"Mein Name"\AppData\Roaming\inst.exe
C:\Users\"Mein Name"\random.dat
C:\Users\"Mein Name"\AppData\Local\wgkoaos.bat
C:\Users\"Mein Name"\AppData\Local\ismxydep.bat
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Funde von Malwarebytes (5 REgistry Keys, 2 Files) |
| aktion, appdata, dateien, erstell, erstellt, files, gen, hijack, hijack this, infizierte, löschen, malwarebytes, microsoft, ordner, registry, rogue.residue, software, spoiler, system32, temp, this, version, virus, wichtige, windows |
Textbox. 
Linear-Darstellung
