| |
| |||||||
Log-Analyse und Auswertung: EVU Trojaner - Bitte um HilfeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.01.2013, 18:52
| #1 |
 |  EVU Trojaner - Bitte um Hilfe Das erste mal seit Jahren hat es mich nun auch einmal wieder erwischt. Seit dem 20.12.2012 habe ich den EVU Trojaner auf meinem Laptop mit dem bekannten Symptom -> beim Starten wird der Computer gesperrt und der EVU Bildschirm mit dem Hinweis 100 EUR zu überweisen angezeigt (Hat meine Freundin natürlich auch gleich gemacht, hat das Geld aber glücklicherweise wieder zurück bekommen...) Nun würde ich gern versuchen meinen Laptop wieder in Gang zu bekommen, wenn möglich unter Beibehaltung meiner Daten. Wiederherstellungspunkte gibt es leider keine aktuellen, da die Sicherungspartion scheinbar seit geraumer Zeit überfüllt ist. Folgendes habe ich gemacht: Scheinbar hatte ich Glück und komme ziemlich einfach ins Windows, nämlich durch Ausschalten des WLAN Routers (und anschließend natürlich gleich die Deaktivierung der WLAN Verbindung) Sobald aber wieder eine Internet Verbindung besteht kommt der EVU Bildschirm wieder. Ich hoffe es findet sich jemand, der mit helfen kann meinen Laptop wieder sauber zu kriegen, Danke schon mal im voraus. Kurze Frage vorab: Kann ich den Stick mit den Loggern wieder sorglos an einen nicht infizierten Rechner anschließen? (okay das Risiko musste ich soeben eingehen um die Logfiles auf diesen Rechner zu kopieren) Und: Wie verhält es sich mit der Festplatte auf die ich meine wichtigsten Daten kopiert habe? So jetzt zu den Logs: Schritt 1: Defrogger wurde erfolgreich ausgeführt und deaktiviert Schritt 2: OTL.txt Code:
ATTFilter OTL logfile created on: 04.01.2013 18:11:39 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maik\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 63,18% Memory free 6,00 Gb Paging File | 4,79 Gb Available in Paging File | 79,86% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 256,99 Gb Total Space | 127,08 Gb Free Space | 49,45% Space Free | Partition Type: NTFS Drive D: | 40,00 Gb Total Space | 0,01 Gb Free Space | 0,04% Space Free | Partition Type: NTFS Unable to calculate disk information. Drive F: | 3,62 Gb Total Space | 3,61 Gb Free Space | 99,94% Space Free | Partition Type: FAT32 Computer Name: MAIK-PC | User Name: Maik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.04 17:40:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe PRC - [2013.01.04 17:40:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maik\Desktop\OTL.exe PRC - [2012.11.10 14:40:07 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Maik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.10.17 00:46:34 | 001,573,576 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.09.05 16:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.285\SSScheduler.exe PRC - [2012.08.31 01:52:22 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.08.31 01:52:14 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.08.31 01:52:12 | 000,964,024 | ---- | M] (Samsung) -- C:\Programme\Samsung\Kies\Kies.exe PRC - [2012.08.28 12:13:00 | 003,516,344 | ---- | M] (PC Drivers Headquarters) -- C:\Programme\DriverBoost\DriverBoost\DriverBoost.exe PRC - [2012.07.17 14:14:08 | 000,132,056 | ---- | M] (Symantec Corporation) -- C:\Programme\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Maik\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.01.26 14:08:56 | 003,665,752 | ---- | M] () -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe PRC - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.07.07 17:18:18 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.20 16:05:30 | 000,040,960 | ---- | M] () -- C:\Programme\phonostar-Player\phonostarTimer.exe PRC - [2011.04.27 18:47:20 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.10 19:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.07 21:42:10 | 000,477,560 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\3.0.285\mcuicnt.exe PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.05 13:43:28 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.08.19 09:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010.08.19 09:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe PRC - [2010.07.12 17:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Winamp\winampa.exe PRC - [2010.06.22 14:07:46 | 002,478,080 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Programme\System Control Manager\MGSysCtrl.exe PRC - [2010.06.17 21:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2010.06.08 21:52:30 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2010.06.08 21:52:06 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2010.06.08 16:19:14 | 001,481,320 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.11.02 13:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.07.09 14:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Programme\System Control Manager\MSIService.exe PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012.11.17 18:00:03 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0e5254a1a3d59b3a037029e5af1bd32b\System.Runtime.Remoting.ni.dll MOD - [2012.11.17 17:59:52 | 015,399,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\ffbf68f58f6b363a0bb4ad3b458b33b4\Kies.Theme.ni.dll MOD - [2012.11.17 17:59:51 | 000,608,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\424d49ddc7e0499eb7ad23a3383a5c39\DevicePodcast.ni.dll MOD - [2012.11.17 17:59:50 | 000,367,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\97251ffd3639785762de2192b1367bb0\DevicePhoto.ni.dll MOD - [2012.11.17 17:59:50 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\c255a0a3604f2af66f018a7cab34383a\DeviceVideo.ni.dll MOD - [2012.11.17 17:59:49 | 000,299,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\05048245f00f48565f4007853d821aff\DeviceMusic.ni.dll MOD - [2012.11.17 17:59:48 | 000,461,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\4b6ec7942074dec89819125afc57c363\VideoManager.ni.dll MOD - [2012.11.17 17:59:47 | 002,778,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PodcastService\e8f2a64ef24cba8bcc406a0c38abf1df\PodcastService.ni.dll MOD - [2012.11.17 17:59:45 | 001,143,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\d4689f8d8ac3cc2cc730348b481348f9\Podcaster.ni.dll MOD - [2012.11.17 17:59:44 | 000,607,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\3157f5a031c1537160fab39c88f6a470\PhotoManager.ni.dll MOD - [2012.11.17 17:59:29 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3fb9963f643a6e43a5f3075e95071d39\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll MOD - [2012.11.17 17:59:28 | 005,678,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\138faa4f2701295e2c58ef89e363893b\DeviceHost.ni.dll MOD - [2012.11.17 17:59:17 | 001,843,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\9cb37a529eaf76d1a0e3bf6da1de62d5\Phonebook.ni.dll MOD - [2012.11.17 17:59:11 | 001,007,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CPKTMusicPlugin\73b37cc93eb4c6dcf997809db7c6e4a4\CPKTMusicPlugin.ni.dll MOD - [2012.11.17 17:59:09 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\a3bc819952ed2ab66979d427ecfc9c18\MusicManager.ni.dll MOD - [2012.11.17 17:59:06 | 000,320,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\EBookManager\17e0fc1a2041fade4f25a2741687ffe0\EBookManager.ni.dll MOD - [2012.11.17 17:59:05 | 000,391,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\d3949fd50863ce70276048116448fe36\BATPlugin.ni.dll MOD - [2012.11.17 17:59:04 | 000,031,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AllShareController\44c98acc33b8dea0c4d1ddf14e46a21f\AllShareController.ni.dll MOD - [2012.11.17 17:59:01 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\211991e13a1bd7147773b6a1c76cb5a9\Kies.Common.StoreManager.ni.dll MOD - [2012.11.17 17:59:00 | 000,507,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\55fbe9063179771c2a9d9fc27ff86cba\Kies.Common.MediaDB.ni.dll MOD - [2012.11.17 17:59:00 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\f8c8f34f4703169ec8ef159f4a3eff05\ASF_cSharpAPI.ni.dll MOD - [2012.11.17 17:58:59 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\d0d50fad5e8fe8d3162afcb5d2b6bddb\Kies.Common.AllShare.ni.dll MOD - [2012.11.17 17:58:58 | 000,278,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\936e305e35268ee454999b6c93dc63ca\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll MOD - [2012.11.17 17:58:57 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\89399dbb7d69a67bc61d4860e394ccb0\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll MOD - [2012.11.17 17:58:56 | 000,565,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\358c117e190bc7c3b30772129ba9abd4\Kies.Common.DeviceServiceLib.FileService.ni.dll MOD - [2012.11.17 17:58:56 | 000,174,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\e69aa79efffd2c4c86c9adb11a36e0a7\Interop.DevFileServiceLib.ni.dll MOD - [2012.11.17 17:58:55 | 000,566,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\424388d0957c8b7fb6d5ed0a2e7af878\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll MOD - [2012.11.17 17:58:54 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\74262e0140ce93c36cb628751d9c7ce9\Kies.Common.DeviceServiceLib.Interface.ni.dll MOD - [2012.11.17 17:58:53 | 000,902,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ec3f62c5f333c2cd143cee7fe47a40bc\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll MOD - [2012.11.17 17:58:52 | 001,025,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\299d5529a819e7f3d9cd548ca478c670\Kies.Common.DeviceService.ni.dll MOD - [2012.11.17 17:58:48 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll MOD - [2012.11.17 17:58:47 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\5911766cf78c9ff4b4b89dcd0d2f3899\Interop.P3MPINTERFACECTRLLib.ni.dll MOD - [2012.11.17 17:58:47 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\b2991e7347afcb391a714b60ebf7fdff\Interop.MP3FileInfoCOMLib.ni.dll MOD - [2012.11.17 17:58:47 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\1ea9d4d50c7fdf418de5c801ed76701d\Interop.OGGFileInfoCOMLib.ni.dll MOD - [2012.11.17 17:58:47 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\4611b6c0f9fbf71ecb81eb8fd6b5f2c4\Interop.PRPLAYERCORELib.ni.dll MOD - [2012.11.17 17:58:45 | 002,188,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\d3e68df5f9cb57209bed5add5c2a55a0\Kies.Common.Multimedia.ni.dll MOD - [2012.11.17 17:58:41 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\b65e465e082adf5a8051c32119784604\Kies.Common.MainUI.ni.dll MOD - [2012.11.17 17:58:40 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\e50e1a832f1285357f0fbbfa2b9e9a19\Kies.Common.DBManager.ni.dll MOD - [2012.11.17 17:58:39 | 000,530,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\a7d6c3e5b62fecc924bbb0032e13d440\ICSharpCode.SharpZipLib.ni.dll MOD - [2012.11.17 17:58:39 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\dd6c740085ff9051f0b9d7aec72f889f\CabLib.ni.dll MOD - [2012.11.17 17:58:39 | 000,201,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\b588a9fc95ce714f3807256821cdff6f\Kies.Common.Util.ni.dll MOD - [2012.11.17 17:58:38 | 001,437,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\4b6a37da062543cb6a866f649ffa849e\Kies.Locale.ni.dll MOD - [2012.11.17 17:58:38 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\6a805942c8c6f80be2f6d60410b0fef9\Interop.DeviceSearchLib.ni.dll MOD - [2012.11.17 17:58:37 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\f8e88004811df47a7f15a4286b481017\Kies.UI.ni.dll MOD - [2012.11.17 17:58:37 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\17fe14a98797cb83d09401fdbc5ddf2a\Kies.MVVM.ni.dll MOD - [2012.11.17 17:58:35 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\088676cc322e339363b855b240aa1105\GongSolutions.Wpf.DragDrop.ni.dll MOD - [2012.11.17 17:58:33 | 001,185,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\76f0a312890f736489f4b2766ea45ad5\Kies.Interface.ni.dll MOD - [2012.11.17 17:58:21 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll MOD - [2012.11.17 17:58:07 | 000,771,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\3ebb49cd31ae72ca680a647130a33e95\System.Runtime.Remoting.ni.dll MOD - [2012.11.17 17:57:58 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll MOD - [2012.11.17 17:57:55 | 001,673,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\520f350554ab9e4da9b4048481146659\Kies.ni.exe MOD - [2012.11.17 17:54:05 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\c8ae107ef5d9e3a0765de835975b31a0\XPBurnComponent.ni.dll MOD - [2012.11.17 17:54:03 | 001,777,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\RuleEngine\9cdd39ec1e0f467706d41144f6b46be1\RuleEngine.ni.dll MOD - [2012.11.17 17:54:03 | 000,235,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\2eb10cf495db12785e10d027d6a31016\Microsoft.ApplicationBlocks.Updater.ni.dll MOD - [2012.11.17 17:54:02 | 000,357,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Win32.Tas#\f230503357da39c9ed69181df137dee9\Microsoft.Win32.TaskScheduler.ni.dll MOD - [2012.11.17 17:54:01 | 000,837,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Communication\69c7886eef7bb8ba8cb469bc40542baa\Agent.Communication.ni.dll MOD - [2012.11.17 17:54:01 | 000,202,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.WUApiLib\a60794fb7ec1f25d7c3a28def07f1dc3\Interop.WUApiLib.ni.dll MOD - [2012.11.17 17:53:57 | 002,283,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Common\b5a37a653edf4594b60691ba7a1b3c12\Common.ni.dll MOD - [2012.11.17 17:53:57 | 000,060,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ExceptionLogging\e71477a45267d46fa8357af532e4c105\ExceptionLogging.ni.dll MOD - [2012.11.17 17:53:55 | 000,769,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Common\f714da3db09911a1cae7519644c6e75c\Agent.Common.ni.dll MOD - [2012.11.17 17:53:54 | 007,612,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent\beca08ebf1bf1ac4bcb1dd104ace11ad\Agent.ni.exe MOD - [2012.11.17 17:51:46 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\cf840dca36a7b949696ce331d0532d3e\System.Web.Services.ni.dll MOD - [2012.11.17 17:51:44 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\616b25e9ad3de7ab58c67f200e21dbac\System.Web.ni.dll MOD - [2012.11.17 17:51:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012.11.17 17:51:33 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll MOD - [2012.11.17 17:51:05 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012.11.17 17:50:57 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012.11.17 17:50:34 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012.11.17 17:50:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012.11.17 17:50:27 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.17 17:50:19 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012.11.16 23:30:39 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll MOD - [2012.11.16 23:30:23 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll MOD - [2012.11.16 23:30:12 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll MOD - [2012.11.16 23:30:12 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll MOD - [2012.11.16 23:27:35 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll MOD - [2012.11.16 23:27:21 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll MOD - [2012.11.16 23:27:16 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll MOD - [2012.11.16 23:27:08 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll MOD - [2012.11.16 23:26:59 | 001,666,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll MOD - [2012.11.16 23:26:58 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll MOD - [2012.11.16 23:26:51 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll MOD - [2012.09.01 16:17:57 | 000,115,137 | ---- | M] () -- C:\Users\Maik\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll MOD - [2012.08.31 01:52:22 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012.08.28 12:13:02 | 000,703,432 | ---- | M] () -- C:\Programme\DriverBoost\DriverBoost\ThemePack.DriverBoost.dll MOD - [2012.08.28 11:58:18 | 000,309,224 | ---- | M] () -- C:\Programme\DriverBoost\DriverBoost\Agent.Communication.XmlSerializers.dll MOD - [2011.07.03 15:34:32 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2011.06.20 16:05:30 | 000,040,960 | ---- | M] () -- C:\Programme\phonostar-Player\phonostarTimer.exe MOD - [2011.06.15 13:07:10 | 002,293,248 | ---- | M] () -- C:\Programme\phonostar-Player\QtCore4.dll MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2011.03.30 10:46:40 | 000,416,256 | ---- | M] () -- C:\Programme\phonostar-Player\plugins\sqldrivers\qsqlite4.dll MOD - [2011.03.30 07:16:34 | 008,173,568 | ---- | M] () -- C:\Programme\phonostar-Player\QtGui4.dll MOD - [2011.03.30 06:59:40 | 000,191,488 | ---- | M] () -- C:\Programme\phonostar-Player\QtSql4.dll MOD - [2010.11.13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 02:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.06.22 11:52:02 | 001,708,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3811.38670__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll MOD - [2010.06.22 11:52:02 | 000,380,928 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3811.38550__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2010.06.22 11:52:02 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3811.38570__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2010.06.22 11:52:02 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Dashboard\2.0.3811.38672__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:02 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3811.38621__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2010.06.22 11:52:02 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3811.38558__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:02 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3811.38602__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2010.06.22 11:52:02 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3811.38641__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:02 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3811.38592__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2010.06.22 11:52:02 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3811.38564__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2010.06.22 11:52:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3811.38559__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2010.06.22 11:52:02 | 000,013,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Runtime\2.0.3811.38672__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Runtime.dll MOD - [2010.06.22 11:52:02 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3811.38670__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll MOD - [2010.06.22 11:52:01 | 001,298,432 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3811.38666__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:01 | 000,856,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3811.38595__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:01 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3811.38571__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:01 | 000,409,600 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3811.38615__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2010.06.22 11:52:01 | 000,356,352 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3811.38607__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:01 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3811.38570__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:01 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3811.38639__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:01 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3811.38649__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:01 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3811.38594__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2010.06.22 11:52:01 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3811.38607__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2010.06.22 11:52:01 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3811.38599__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:01 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3811.38607__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2010.06.22 11:52:01 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossFireX.Graphics.Dashboard\2.0.3811.38665__90ba9c70f846762e\CLI.Aspect.CrossFireX.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:01 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3811.38639__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2010.06.22 11:52:01 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3811.38599__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2010.06.22 11:52:01 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3811.38574__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2010.06.22 11:52:01 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Runtime\2.0.3811.38649__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Runtime.dll MOD - [2010.06.22 11:52:00 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3811.38593__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:00 | 000,376,832 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3811.38589__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:00 | 000,323,584 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3811.38601__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:00 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3811.38575__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2010.06.22 11:52:00 | 000,270,336 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2010.06.22 11:52:00 | 000,151,552 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3811.38542__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3811.38540__90ba9c70f846762e\CLI.Foundation.dll MOD - [2010.06.22 11:52:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3811.38585__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3811.38621__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3811.38592__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2010.06.22 11:52:00 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3811.38606__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3811.38568__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3811.38593__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3811.38558__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2010.06.22 11:52:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3811.38639__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3811.38593__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2010.06.22 11:52:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3811.38602__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3811.38600__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2010.06.22 11:52:00 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3811.38539__90ba9c70f846762e\LOG.Foundation.dll MOD - [2010.06.22 11:52:00 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3811.38558__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3811.38635__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2010.06.22 11:52:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3811.38616__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3811.38559__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3811.38567__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3811.38541__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2010.06.22 11:52:00 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3811.38599__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3811.38542__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2010.06.22 11:52:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3811.38548__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3811.38541__90ba9c70f846762e\APM.Foundation.dll MOD - [2010.06.22 11:52:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2010.06.22 11:52:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0702\2.0.2594.25693__90ba9c70f846762e\DEM.Graphics.I0702.dll MOD - [2010.06.22 11:52:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2010.06.22 11:52:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3811.38564__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2010.06.22 11:52:00 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3811.38558__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2010.06.22 11:52:00 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3811.38540__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2010.06.22 11:52:00 | 000,012,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3811.38615__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,009,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3811.38640__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll MOD - [2010.06.22 11:52:00 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3811.38544__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2010.06.22 11:52:00 | 000,007,680 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3811.38541__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2010.06.22 11:52:00 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2010.06.22 11:52:00 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3811.38541__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2010.06.22 11:52:00 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3811.38548__90ba9c70f846762e\DEM.Graphics.dll MOD - [2010.06.22 11:52:00 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3811.38639__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2010.06.22 11:52:00 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3811.38545__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2010.06.22 11:52:00 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3811.38543__90ba9c70f846762e\MOM.Foundation.dll MOD - [2010.06.22 11:52:00 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3811.38543__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2010.06.22 11:52:00 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3811.38646__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2010.06.22 11:52:00 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3811.38549__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2010.06.22 11:52:00 | 000,005,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3811.38545__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2010.06.22 11:51:59 | 001,220,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3811.38554__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2010.06.22 11:51:59 | 000,741,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3811.38664__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2010.06.22 11:51:59 | 000,577,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3811.38629__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2010.06.22 11:51:59 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3811.38564__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2010.06.22 11:51:59 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3811.38635__90ba9c70f846762e\MOM.Implementation.dll MOD - [2010.06.22 11:51:59 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3811.38633__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2010.06.22 11:51:59 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3811.38547__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2010.06.22 11:51:59 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3811.38546__90ba9c70f846762e\APM.Server.dll MOD - [2010.06.22 11:51:59 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3811.38548__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2010.06.22 11:51:59 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3811.38544__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2010.06.22 11:51:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3811.38546__90ba9c70f846762e\AEM.Server.dll MOD - [2010.06.22 11:51:59 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3811.38646__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2010.06.22 11:51:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3811.38544__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2010.06.22 11:51:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3811.38553__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2010.06.22 11:51:59 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3811.38542__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2010.06.22 11:51:59 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2010.06.22 11:51:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3811.38543__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2010.06.22 11:51:59 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3811.38634__90ba9c70f846762e\CCC.Implementation.dll MOD - [2010.06.22 11:51:59 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3811.38563__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2010.06.22 11:51:59 | 000,010,240 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3811.38553__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2010.06.22 11:51:59 | 000,008,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3811.38569__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2010.06.22 11:51:59 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3811.38547__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2010.06.22 11:51:59 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3811.38545__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2010.06.22 11:51:59 | 000,006,144 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3811.38545__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2009.11.02 13:23:36 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 13:20:10 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll ========== Services (SafeList) ========== SRV - [2012.12.13 19:09:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.06 20:16:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.05 16:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService) SRV - [2012.07.17 14:14:08 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.26 14:08:56 | 003,665,752 | ---- | M] () [Auto | Running] -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx) SRV - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc) SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.07.07 17:18:18 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.26 13:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.04.27 18:47:20 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.10 19:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.01.11 09:48:24 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.08.19 09:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010.06.08 21:52:06 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.09 14:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Programme\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011.07.07 17:18:19 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.07 17:18:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.06.02 06:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.06.02 06:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.06.02 06:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.08.31 18:09:00 | 000,208,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2010.08.07 17:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.07.27 15:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.07.27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010.06.09 00:53:34 | 005,551,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2010.06.08 21:19:18 | 000,176,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2010.05.26 16:59:52 | 000,136,304 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2010.05.06 04:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010.04.01 09:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2010.03.09 21:03:50 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2009.12.21 14:56:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009.12.02 14:01:06 | 000,168,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{06B10694-38BD-4D05-80F1-9A5B4412F98B}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{468D310B-E6D5-4B11-A734-A1D22EEE4BE5}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=BEBFF2D5-FE36-4172-A96D-D9C96E1BE139&apn_sauid=B7CD90B6-3B7C-41B7-AC10-A62972CFBFF0 IE - HKCU\..\SearchScopes\{77E1BADB-E50D-442C-9BC4-FB06E81EE7ED}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms} IE - HKCU\..\SearchScopes\{78C422A2-3BE7-4A94-98F5-F749E5A6AC2B}: "URL" = hxxp://www.dict.cc/?s={searchTerms} IE - HKCU\..\SearchScopes\{D81D3048-98AC-4046-8A8E-7430692A9614}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\..\SearchScopes\{F736B167-4030-45AC-B074-033055D992CF}: "URL" = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed§Hdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/tb/mff_startpage_home" FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4 FF - prefs.js..extensions.enabledAddons: %7Bd04b0b40-3dab-4f0b-97a6-04ec3eddbfb0%7D:2.0.6 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.5 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=BEBFF2D5-FE36-4172-A96D-D9C96E1BE139&apn_ptnrs=U3&apn_sauid=B7CD90B6-3B7C-41B7-AC10-A62972CFBFF0&apn_dtid=OSJ000YYDE&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 20:16:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.06 20:16:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.04.17 19:49:08 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 20:16:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.06 20:16:55 | 000,000,000 | ---D | M] [2011.05.30 17:57:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maik\AppData\Roaming\mozilla\Extensions [2011.05.30 17:57:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maik\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.06 20:22:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maik\AppData\Roaming\mozilla\Firefox\Profiles\nrnhh2x1.default\extensions [2012.12.06 20:23:04 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Maik\AppData\Roaming\mozilla\Firefox\Profiles\nrnhh2x1.default\extensions\toolbar@ask.com [2012.11.16 23:02:55 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\extensions\toolbar@web.de.xpi [2011.05.16 18:02:38 | 000,017,696 | ---- | M] () (No name found) -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2012.11.16 23:02:57 | 000,000,911 | ---- | M] () -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\searchplugins\11-suche.xml [2012.12.06 20:23:04 | 000,002,308 | ---- | M] () -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\searchplugins\askcom.xml [2011.05.05 17:24:02 | 000,002,289 | ---- | M] () -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\searchplugins\ecosia.xml [2012.11.16 23:02:57 | 000,002,273 | ---- | M] () -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\searchplugins\englische-ergebnisse.xml [2012.11.16 23:02:57 | 000,010,563 | ---- | M] () -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\searchplugins\gmx-suche.xml [2012.11.16 23:02:57 | 000,002,432 | ---- | M] () -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\searchplugins\lastminute.xml [2012.11.16 23:02:57 | 000,005,545 | ---- | M] () -- C:\Users\Maik\AppData\Roaming\mozilla\firefox\profiles\nrnhh2x1.default\searchplugins\webde-suche.xml [2012.12.06 20:16:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.06 20:16:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.12.06 20:16:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.06 20:16:53 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.06 20:16:59 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.06.23 17:10:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.01 14:54:10 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.23 17:10:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 17:10:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.23 17:10:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 17:10:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [DriverBoost] C:\Program Files\DriverBoost\DriverBoost\DriverBoost.exe (PC Drivers Headquarters) O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [phonostarTimer] C:\Programme\phonostar-Player\phonostarTimer.exe () O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Maik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - Startup: C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Maik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Maik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{117206FD-4549-4CC5-AE35-EC2EDEE8F0E3}: NameServer = 212.23.97.2 212.23.97.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E88D494-88B0-4797-939A-DA56D45D1123}: NameServer = 212.23.97.2 212.23.97.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{790ABDB0-69AF-4748-AE9F-5257E27B7A5C}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8201C594-566C-4F85-8DEC-DCFD24DDAB5A}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{1ac2ada3-730a-11e0-9ee5-406186afb080}\Shell - "" = AutoRun O33 - MountPoints2\{1ac2ada3-730a-11e0-9ee5-406186afb080}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8fd3ee66-2f76-11e0-9a82-406186afb080}\Shell - "" = AutoRun O33 - MountPoints2\{8fd3ee66-2f76-11e0-9a82-406186afb080}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8fd3ee74-2f76-11e0-9a82-406186afb080}\Shell - "" = AutoRun O33 - MountPoints2\{8fd3ee74-2f76-11e0-9a82-406186afb080}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.04 18:10:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Maik\Desktop\OTL.exe [2012.12.30 20:36:47 | 000,000,000 | ---D | C] -- C:\Users\Maik\Desktop\Sicherung [2012.12.06 20:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com [2012.12.06 20:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.12.06 20:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.04 17:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.04 17:49:45 | 000,000,000 | ---- | M] () -- C:\Users\Maik\defogger_reenable [2013.01.04 17:48:18 | 000,654,844 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.04 17:48:18 | 000,616,686 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.04 17:48:18 | 000,130,426 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.04 17:48:18 | 000,106,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.04 17:41:00 | 000,357,376 | ---- | M] () -- C:\Users\Maik\Desktop\hetvdqfk.exe [2013.01.04 17:40:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maik\Desktop\OTL.exe [2013.01.04 17:39:54 | 000,050,477 | ---- | M] () -- C:\Users\Maik\Desktop\Defogger.exe [2013.01.04 17:24:58 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.04 17:24:58 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.04 17:24:10 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.04 17:16:46 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.04 17:16:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.04 17:16:34 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys [2012.12.20 20:01:42 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.12.16 16:00:27 | 000,334,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.04 18:10:51 | 000,357,376 | ---- | C] () -- C:\Users\Maik\Desktop\hetvdqfk.exe [2013.01.04 18:10:51 | 000,050,477 | ---- | C] () -- C:\Users\Maik\Desktop\Defogger.exe [2013.01.04 17:49:45 | 000,000,000 | ---- | C] () -- C:\Users\Maik\defogger_reenable [2012.12.20 11:30:45 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.09.02 12:22:39 | 000,001,652 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin [2012.07.30 13:16:20 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.07.30 13:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2012.07.30 13:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2012.07.30 13:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2012.07.30 13:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2012.04.13 19:12:08 | 002,681,344 | ---- | C] () -- C:\Windows\System32\dvmsg.dll [2012.01.05 18:28:51 | 000,017,408 | ---- | C] () -- C:\Users\Maik\AppData\Local\WebpageIcons.db [2011.12.19 21:46:23 | 000,000,860 | ---- | C] () -- C:\Users\Maik\.recently-used.xbel [2011.02.28 13:58:51 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.02.12 23:32:21 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.02.12 23:32:21 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.08.16 15:22:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.26 20:58:02 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Amazon [2010.12.19 20:26:38 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Ashampoo [2013.01.04 17:17:12 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Dropbox [2012.02.01 21:18:41 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\elsterformular [2011.12.19 21:46:23 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\gtk-2.0 [2012.12.05 22:09:49 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\ICQ [2012.08.30 21:40:36 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Mp3tag [2011.07.03 15:35:26 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\OpenOffice.org [2010.08.26 20:00:36 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Opera [2012.08.29 18:09:45 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\PCCUStubInstaller [2011.05.24 16:09:26 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\phonostar GmbH [2010.10.13 15:43:53 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\PlayFirst [2012.09.01 16:07:29 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Samsung [2013.01.04 17:15:01 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\SoftGrid Client [2012.12.11 21:39:31 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Spotify [2012.09.02 12:32:29 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Systweak [2011.05.30 17:57:53 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Thunderbird [2012.04.13 19:12:26 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Tobit [2010.08.16 16:21:06 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\TP [2010.10.13 15:43:52 | 000,000,000 | ---D | M] -- C:\Users\Maik\AppData\Roaming\Zylom ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:91486201 < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.01.2013 17:51:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 68,60% Memory free
6,00 Gb Paging File | 4,87 Gb Available in Paging File | 81,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 256,99 Gb Total Space | 127,08 Gb Free Space | 49,45% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 0,01 Gb Free Space | 0,04% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive F: | 3,62 Gb Total Space | 3,61 Gb Free Space | 99,95% Space Free | Partition Type: FAT32
Computer Name: MAIK-PC | User Name: Maik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0900D24E-6695-4738-B815-7552D045F9ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{09883CE9-26FE-4A45-989B-37A0BD81E4D1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1C8C2D0D-7D9D-4C17-9100-C09547172459}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28187768-6E5D-4CF5-93FC-076F029C6EC9}" = rport=137 | protocol=17 | dir=out | app=system |
"{29E2B73A-1EB0-4443-9187-81E823B61F17}" = lport=138 | protocol=17 | dir=in | app=system |
"{2BE1D883-6EA8-4F69-B27F-C4DF8DA53F17}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3AC07D75-4EE6-4667-87BF-21169AFC217B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{481D8800-D9EB-4A76-87D9-6792E4CA4D16}" = lport=137 | protocol=17 | dir=in | app=system |
"{4E47CB00-8DA5-4B8C-9517-4D0BD2B5288D}" = rport=139 | protocol=6 | dir=out | app=system |
"{4FD58E28-D3A2-4808-A36D-D8FD03B60F1D}" = lport=445 | protocol=6 | dir=in | app=system |
"{50D2B6BF-EC45-473C-B5C0-DC03C3627A70}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A0012CD-DF43-4A6E-AA51-5326D4960721}" = rport=10243 | protocol=6 | dir=out | app=system |
"{685A581F-B0DF-45A6-8223-6BEFA1F120F0}" = lport=139 | protocol=6 | dir=in | app=system |
"{6B7B4C0A-1EF2-44F7-A96A-477604EC4F32}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{707C00C0-4326-4A94-9E15-83629AB6DC0B}" = rport=138 | protocol=17 | dir=out | app=system |
"{7BD7F9A7-A9B7-47AD-BBFE-B2B82FD0B224}" = rport=445 | protocol=6 | dir=out | app=system |
"{8C862FE4-05EF-4FBD-ABE3-173716173733}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{92E673F4-0836-4A19-A865-B68FE6711C1C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDD16072-28D0-478E-92FD-CABE83F7B25D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C2818382-7CF9-4197-AB43-CF1252D95EAB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EB143DF5-4933-439B-B9E6-3850D8672933}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ED9A3D3C-DD5F-4F92-A043-C0E95C1D9F56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FE0B37C1-64CF-427C-BA77-ED32BB8C831D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017282CC-B9C6-4F83-B7D0-E39002E586B1}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{019B0A18-B262-4331-AEDA-1B18A178C2FC}" = protocol=17 | dir=in | app=c:\games\sid meier's civilization iv colonization\colonization.exe |
"{01BE9E87-562D-4F17-9FBD-C6A50BC539A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0BB72CC1-76F2-434A-B734-799E94588E73}" = protocol=6 | dir=in | app=c:\users\maik\appdata\roaming\dropbox\bin\dropbox.exe |
"{0C5F5E67-C648-432F-B029-E4699CA57A1F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1092020F-1D01-4404-BE69-85E0370ECC19}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{15623B23-3FC9-4AD5-A80B-2BBC01DEFAE3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{15A2EFC3-4B58-4DBD-94F3-414D80464B77}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{1DAB9A10-C92E-42A4-B713-672254D31D24}" = protocol=6 | dir=in | app=c:\games\sid meier's civilization iv colonization\colonization.exe |
"{2D7EB513-DFB3-46BB-AB9D-26C9AB2AD7BB}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{3097D33A-2001-4669-B97E-937181724DBB}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{30D9D567-B6A7-4113-8F40-C6E899041CE4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{38212F2F-C530-464F-A2FA-211E04CBC478}" = protocol=17 | dir=in | app=c:\users\maik\appdata\roaming\dropbox\bin\dropbox.exe |
"{3C208A52-FB9A-4FBF-894D-D2CDCE60FCC3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{47CDE574-A8C1-48F3-BD7E-8F72D016999C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{4C3DE543-B759-4234-AA31-1ECF4D1BC5CA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4E368D31-5221-4C18-9403-709D85ECB00D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{52070E22-C55A-4568-B01F-338DCC7703DD}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{5CDC7647-63B3-4844-B465-8A4A069BCD5A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5D5CC1EC-642C-49F6-AAAF-6A2808343BA4}" = protocol=6 | dir=in | app=c:\users\maik\appdata\roaming\spotify\spotify.exe |
"{605E4C49-2E01-4099-A5D3-688715614121}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{62595E90-C346-4096-8108-E9230CCBD3B9}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{66F62239-73B6-4CA1-963A-C1EE2A1BB18C}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |
"{6D4A4784-DA64-4751-91BF-35D220619ADE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{6D9EAF08-FF08-465E-8652-3312917B32B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70FCC29E-0449-4327-A023-B9178CB33E48}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{73AFFDA9-F71A-469E-8E2D-1ED236910727}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7617349D-1BB2-4EDA-A4ED-D3F085B63337}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{76939125-8A24-4527-B83E-1FC430D56AD5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{79799078-695C-467F-A2FF-F03609CF9D64}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8040E519-CB35-44EF-8F13-9A6F3FB96ED6}" = protocol=6 | dir=out | app=system |
"{8049B4DD-E71F-4D32-98B7-0768A4BACA38}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{8BE75A45-116F-4299-8443-F15182E26BA7}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{901E0D6A-14ED-4E50-833C-8427070193E7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{960A77FD-514F-4A45-B934-2F55BAB2658C}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{9A4CE18C-72AD-4317-AD25-BF1682C652EC}" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"{A00C48BC-4047-4E03-8C13-15E0683FA55A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B82A8525-CA2F-4E9C-B759-A7537EF0F6B5}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |
"{BA740B85-B3E9-47AC-B39B-A0A63EE28C9B}" = protocol=17 | dir=in | app=c:\users\maik\appdata\roaming\spotify\spotify.exe |
"{BFF2B489-25DC-44E8-B478-E454DCADF293}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C10ADB8D-E88C-4073-A2B3-8557D04C7E50}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{C1BC7DF3-7F08-4052-BE11-8D150A150951}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C3DB9B85-65A2-4FF4-8FB2-FF176DE8856D}" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"{C64B0979-FD56-49A4-9EE2-9E1546A2DD5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CDBADB6C-C476-4251-9794-3E8256DDEED1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CDC24F17-F230-426D-A6DE-31792454A343}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{D977F5DB-D223-4F10-ADF0-7716663EFB06}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E46949A2-2660-4D55-9A37-38F87D89D62A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EAE8F5D4-09BE-4824-A915-EA87ED32B866}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1645387-F581-451A-8CB1-02A1EC8AC102}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F29B57A1-FAC2-4591-BF5E-827C2F3745A8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F7B0EF98-12F8-4559-8E9D-D0B98E220E16}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{01DA4821-4498-47B9-B1F5-B7D687C1E51E}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{3A67921A-E25F-48B9-9DB9-EA17ABF79FB5}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{84318DCA-18AD-4B28-9427-0D4D34232DAB}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{9816E7EE-09B0-400F-B8F0-87B3AE0439AA}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{D383FA5C-21AF-43B3-97D1-E7F316640F83}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"TCP Query User{E11E0C58-B97F-4E53-8650-461993D30468}C:\users\maik\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\maik\appdata\roaming\spotify\spotify.exe |
"TCP Query User{F4C97BC5-72CF-41AB-A308-515049A736BB}C:\games\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\games\firefly studios\stronghold crusader\stronghold crusader.exe |
"UDP Query User{28F00575-13CF-408A-9616-BD606A00771E}C:\games\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\games\firefly studios\stronghold crusader\stronghold crusader.exe |
"UDP Query User{2B306031-E0D4-43AF-BC51-4FCBC1C6607D}C:\users\maik\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\maik\appdata\roaming\spotify\spotify.exe |
"UDP Query User{3335C837-0668-4B6D-A1C2-8441D09048D3}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{641CE1FD-1645-4125-A948-3BC1D484D2DA}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{B880465B-2D00-4021-B71B-C0F21F2D3622}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{C126564B-BEC7-45D6-B4F6-9F129B522CF1}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe |
"UDP Query User{F175A39E-3F6E-4037-8FC3-11E6B7A75FA4}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{044E78D2-8F54-4F6F-AD2B-A122F8111EDB}" = DriverBoost
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{1534483D-EB1B-ACF8-2472-7C68F87516D9}" = CCC Help French
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1DE5C23D-29D2-43B7-05E3-1ACF799779C2}" = Catalyst Control Center Graphics Full New
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23236274-1FB3-7DB1-061B-32D349AF5DB8}" = CCC Help Chinese Traditional
"{25AA04C1-8D88-6124-71CE-EA67DBCD68EE}" = Catalyst Control Center Graphics Previews Common
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2C6B21B1-48D7-BDD8-B4C8-B289C9B61EA2}" = CCC Help Japanese
"{3004D82D-7D27-B373-71FC-E9CE7F1295A1}" = CCC Help Spanish
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{37171C81-9EFC-D36B-2295-3F898A4D9E12}" = CCC Help Polish
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62182F69-C225-5955-3EA0-02A927692F09}" = CCC Help Turkish
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{679A8F3C-4B1A-A459-7EE6-9F877D4B337A}" = CCC Help Greek
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6FEDB652-96FB-28EF-1583-A3773667136B}" = CCC Help English
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78370AE2-D852-90F9-2444-88DFED91EF4D}" = Catalyst Control Center Localization All
"{7C41022B-88D3-54E3-78BE-0182F390E640}" = Catalyst Control Center Graphics Previews Vista
"{82123B01-A183-A7DE-A61C-BF4BF65680C1}" = CCC Help Korean
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C202CD3-9427-D3E9-4295-61EB3249A90E}" = Catalyst Control Center Graphics Full Existing
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8FA7E81D-6D99-4788-8BE4-D898B346AB2E}" = IndustrieGigant 2
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{90932C65-D68E-4257-AEE8-EBBFC36AC601}" = KENWOOD Music Editor Light
"{91B78AB4-3F74-17E2-85BA-C814F87B0FF1}" = CCC Help Finnish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9958E1F2-AF56-B67E-4585-BA2066AA9601}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AD813AC-7D0E-F9FE-55E9-572AB783CA76}" = Catalyst Control Center Graphics Light
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D18475C-CA21-447A-6688-007243BBF1C8}" = ccc-core-static
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A19EF447-CF86-C430-366A-469E5C0E3CCD}" = Catalyst Control Center Core Implementation
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6F580B5-7123-3DEE-A0BB-BBF9ED230BC1}" = CCC Help Portuguese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB0139DA-1C8D-7DBD-F765-80211E11B8CB}" = CCC Help Chinese Standard
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{AFF77101-460F-55A0-19FD-CABCFC11C8B0}" = CCC Help Thai
"{B025146A-1687-9076-6E43-8A36DA2E15FD}" = CCC Help Czech
"{B362DC31-BC97-49E3-1E83-5603F01C5769}" = CCC Help Dutch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C08F9290-C0A6-A310-2901-9E25373B6DCD}" = CCC Help Norwegian
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6111BC3-3EB5-5D43-C1C8-A825F12737D5}" = Catalyst Control Center InstallProxy
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D76D5FC8-4655-0E6D-6D74-C944E08290CA}" = ATI Catalyst Install Manager
"{D7F70031-2AE0-D959-40A6-F7C91CBD540F}" = CCC Help German
"{DA0B78ED-4274-C842-D9B9-3C2F85FDBDDC}" = CCC Help Danish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EA76784A-8127-25C6-908A-E5175566FF0A}" = CCC Help Russian
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F53C1A29-3980-CFB8-EA37-10357922D0B1}" = CCC Help Swedish
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"{F6BC885F-F971-31DD-2F2B-086A9C2F1A93}" = CCC Help Italian
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA886756-403E-5C8A-6039-1323D196B929}" = ccc-utility
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Snap_is1" = Ashampoo Snap
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BFGC" = Big Fish Games: Game Manager
"BFG-Diner Dash" = Diner Dash
"Diner Dash" = Diner Dash
"ElsterFormular für Privatanwender 12.2.1.6570p" = ElsterFormular für Privatanwender
"FastImageResizer" = FastImageResizer (remove only)
"FreePDF_XP" = FreePDF (Remove only)
"GameSpy Arcade" = GameSpy Arcade
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49b
"No23 Recorder" = No23 Recorder
"Norton PC Checkup_is1" = Norton PC Checkup
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.11.1661" = Opera 12.11
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.2
"Picasa 3" = Picasa 3
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SCHLECKER Fotobuch und mehr ..._is1" = SCHLECKER Fotobuch und mehr ... 4.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tobit Radio.fx Server" = Radio.fx
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Diner Dash 2 Deluxe" = Diner Dash 2 Deluxe
"Dropbox" = Dropbox
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.11.2012 13:56:20 | Computer Name = Maik-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed: Der Servername oder die Serveradresse konnte nicht verarbeitet
werden.
Error - 20.11.2012 14:17:40 | Computer Name = Maik-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 26.11.2012 14:13:48 | Computer Name = Maik-PC | Source = Windows Backup | ID = 4104
Description =
Error - 27.11.2012 14:17:59 | Computer Name = Maik-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 02.12.2012 14:04:51 | Computer Name = Maik-PC | Source = Windows Backup | ID = 4104
Description =
Error - 03.12.2012 03:46:14 | Computer Name = Maik-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: msvcrt.dll,
Version: 7.0.7601.17744, Zeitstempel: 0x4eeaf722 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00009c56 ID des fehlerhaften Prozesses: 0x3e4 Startzeit der fehlerhaften Anwendung:
0x01cdd12a1cc3d5a8 Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\msvcrt.dll Berichtskennung: 82b33b83-3d1d-11e2-a46a-406186afb080
Error - 04.12.2012 06:14:56 | Computer Name = Maik-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 07.12.2012 09:52:55 | Computer Name = Maik-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 07.12.2012 15:29:04 | Computer Name = Maik-PC | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 09.12.2012 08:58:18 | Computer Name = Maik-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 09.12.2012 06:14:48 | Computer Name = Maik-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 09.12.2012 16:36:20 | Computer Name = Maik-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = Ein neuer BITS-Auftrag konnte nicht erstellt werden. Die aktuelle
Auftragsanzahl für den Maik-PC\Maik-Benutzer ("60") ist gleich oder größer als das
durch die Gruppenrichtlinie angegebene Auftragslimit ("60"). Sie können das Problem
beheben, indem Sie die BITS-Aufträge beenden oder abbrechen, für die kein Fortschritt
festgestellt wurde, indem Sie sich den Fehler ansehen, und den BITS-Dienst anschließend
neu starten. Falls der Fehler weiterhin angezeigt wird, bitten Sie den Administrator,
die durch die Gruppenrichtlinie angegebenen Auftragslimits pro Benutzer und pro
Computer zu erhöhen.
Error - 10.12.2012 03:19:45 | Computer Name = Maik-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 10.12.2012 05:13:33 | Computer Name = Maik-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 10.12.2012 12:55:21 | Computer Name = Maik-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 10.12.2012 13:49:16 | Computer Name = Maik-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 16.12.2012 13:15:18 | Computer Name = Maik-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 20.12.2012 08:53:17 | Computer Name = Maik-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?12.?2012 um 12:26:43 unerwartet heruntergefahren.
Error - 20.12.2012 09:32:42 | Computer Name = Maik-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?12.?2012 um 14:02:08 unerwartet heruntergefahren.
Error - 20.12.2012 14:59:52 | Computer Name = Maik-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
(0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
< End of report >
gmer.txt Code:
ATTFilter GMER 2.0.18327 - hxxp://www.gmer.net
Rootkit scan 2013-01-04 18:49:15
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\00000058 Hitachi_ rev.FC4O 298,09GB
Running: hetvdqfk.exe; Driver: C:\Users\Maik\AppData\Local\Temp\pwldypoc.sys
---- System - GMER 2.0 ----
SSDT 90D308AE ZwCreateSection
SSDT 90D308B3 ZwSetContextThread
SSDT 90D3084F ZwTerminateProcess
---- Kernel code sections - GMER 2.0 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E47A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E814D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82E8862C 4 Bytes [AE, 08, D3, 90] {SCASB ; OR BL, DL; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82E889CC 4 Bytes [B3, 08, D3, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 82E88AA4 4 Bytes [4F, 08, D3, 90] {DEC EDI; OR BL, DL; NOP }
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90E1F000, 0x2FC0BA, 0xE8000020]
---- User code sections - GMER 2.0 ----
.text C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe[2216] kernel32.dll!SetUnhandledExceptionFilter 7666F4FB 5 Bytes JMP 00642C40 C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
.text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2728] ntdll.dll!DbgUiRemoteBreakin 778FF17D 1 Byte [C3]
---- EOF - GMER 2.0 ----
|
| Themen zu EVU Trojaner - Bitte um Hilfe |
| antivir, avira, bho, bildschirm, bingbar, computer, error, erste mal, failed, festplatte, firefox, flash player, frage, geld, gruppe, home, install.exe, microsoft office starter 2010, mozilla, ntdll.dll, plug-in, realtek, registry, richtlinie, scan, security, server, spotify web helper, starten, svchost.exe, symantec, trojaner, windows, wlan verbindung, wrapper |
Baum-Darstellung