Ordner auf Wechselmedien werden als Verknüpfung angezeigt

cosinus · 15.01.2013, 16:45

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Bursa · 15.01.2013, 17:29

krieg leider nicht geöffnet das Programm, nicht kompatibel mit meinem rechner also win 8
hab auch mit kompatibilitäts Einstellung versucht

cosinus · 16.01.2013, 11:44

Hm, ist cf doch nicht kompatibel mit win8....

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Bursa · 16.01.2013, 14:52

Hoffe ist richtig der skan war nämlich inerhalb von sek. fertig

Code:

ATTFilter

# AdwCleaner v2.105 - Datei am 16/01/2013 um 14:49:36 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 8 Pro  (64 bits)
# Benutzer : *** - ***
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\MAY\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\Program Files (x86)\SweetIM
Ordner Gefunden : C:\ProgramData\SweetIM
Ordner Gefunden : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Ordner Gefunden : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Ordner Gefunden : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\SweetIM
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : HKLM\Software\SweetIM
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16453

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [5929 octets] - [16/01/2013 14:49:36]

########## EOF - C:\AdwCleaner[R1].txt - [5989 octets] ##########

cosinus · 16.01.2013, 16:05

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Bursa · 16.01.2013, 16:39

Code:

ATTFilter

# AdwCleaner v2.105 - Datei am 16/01/2013 um 16:34:07 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 8 Pro  (64 bits)
# Benutzer : MAY - MSI
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\MAY\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16453

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [6052 octets] - [16/01/2013 14:49:36]
AdwCleaner[S1].txt - [5912 octets] - [16/01/2013 16:34:07]

########## EOF - C:\AdwCleaner[S1].txt - [5972 octets] ##########

Das erste

Code:

ATTFilter

OTL logfile created on: 16.01.2013 16:45:35 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\+***\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,66 Gb Available Physical Memory | 83,40% Memory free
16,97 Gb Paging File | 15,53 Gb Available in Paging File | 91,47% Paging File free
Paging file location(s): c:\pagefile.sys 4603 4603d:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 275,10 Gb Total Space | 127,83 Gb Free Space | 46,47% Space Free | Partition Type: NTFS
Drive D: | 183,40 Gb Total Space | 3,63 Gb Free Space | 1,98% Space Free | Partition Type: NTFS
Drive G: | 596,17 Gb Total Space | 68,23 Gb Free Space | 11,45% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (klwfp) -- C:\Windows\SysNative\Drivers\klwfp.sys (Kaspersky Lab)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\Drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\Drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\Drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\Drivers\kneps.sys (Kaspersky Lab)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\Drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klelam) -- C:\Windows\SysNative\Drivers\klelam.sys (Kaspersky Lab)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (xusb22) -- C:\Windows\SysNative\Drivers\xusb22.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Vid) -- C:\Windows\SysNative\Drivers\Vid.sys (Microsoft Corporation)
DRV:64bit: - (storvsp) -- C:\Windows\SysNative\Drivers\storvsp.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\Drivers\vmbusr.sys (Microsoft Corporation)
DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\Drivers\vpcivsp.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\Drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\Drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\Drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek                                            )
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\Drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (johci) -- C:\Windows\SysNative\Drivers\johci.sys (JMicron )
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV - (NTIOLib_1_0_4) -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys (MSI)
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys (Your Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-116789097-1075489374-2002913999-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-116789097-1075489374-2002913999-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
IE - HKU\S-1-5-21-116789097-1075489374-2002913999-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-116789097-1075489374-2002913999-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 8A 75 D6 B5 D7 CD 01  [binary data]
IE - HKU\S-1-5-21-116789097-1075489374-2002913999-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-116789097-1075489374-2002913999-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-116789097-1075489374-2002913999-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKU\S-1-5-21-116789097-1075489374-2002913999-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-116789097-1075489374-2002913999-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-116789097-1075489374-2002913999-1002\..\SearchScopes,DefaultScope = 
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.12.13 22:48:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013.01.13 12:17:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013.01.13 12:17:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013.01.13 12:17:21 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2012.04.30 17:45:32 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\runner_avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-116789097-1075489374-2002913999-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB9394BB-1FB9-454B-9419-797956DD7DB6}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC5E0BB9-5131-4A1D-8EF2-CD8B3637BBE1}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.15 17:05:53 | 005,022,206 | ---- | C] (Swearware) -- C:\Users\MAY\Desktop\ComboFix.exe
[2013.01.15 16:55:12 | 005,022,206 | ---- | C] (Swearware) -- C:\Users\MAY\Desktop\ComboFix (1).exe
[2013.01.14 22:42:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Diagnostics
[2013.01.14 13:22:52 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner
[2013.01.14 12:15:07 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Fehler
[2013.01.13 20:22:59 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Bewerbung
[2013.01.13 19:10:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.01.13 19:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.13 19:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.13 19:09:56 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.13 19:09:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.13 19:09:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.01.13 13:18:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.01.13 12:30:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.12 21:14:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.01.11 23:50:45 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013.01.11 23:50:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.01.11 23:50:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013.01.11 23:49:58 | 000,612,696 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013.01.11 23:49:58 | 000,089,944 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.01.11 23:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2013.01.11 23:35:27 | 000,000,000 | ---D | C] -- C:\Users\MAY\AppData\Roaming\HP
[2013.01.11 23:35:26 | 000,000,000 | ---D | C] -- C:\Users\MAY\AppData\Local\HP
[2013.01.11 23:33:34 | 000,695,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.11 23:33:34 | 000,080,728 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.11 23:24:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2013.01.11 23:22:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HpUpdate
[2013.01.11 23:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2013.01.11 23:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013.01.11 23:17:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2013.01.11 23:16:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2013.01.11 23:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013.01.11 23:14:48 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2013.01.11 23:12:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013.01.11 23:11:52 | 000,051,712 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\HPZLLWN7.DLL
[2013.01.11 23:11:46 | 002,398,112 | ---- | C] (Hewlett Packard) -- C:\Windows\SysNative\hppldcoi.dll
[2013.01.11 23:11:45 | 000,861,184 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpowiav1.dll
[2013.01.11 23:11:45 | 000,730,624 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpotscl1.dll
[2013.01.11 23:11:45 | 000,498,176 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpovst01.dll
[2013.01.11 23:10:39 | 026,931,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.01.11 23:10:39 | 020,450,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.01.11 23:10:39 | 015,129,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.01.11 23:10:39 | 012,641,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.01.11 23:10:39 | 007,931,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.01.11 23:10:39 | 006,263,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.01.11 23:10:39 | 002,904,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.01.11 23:10:39 | 002,344,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.01.11 23:10:39 | 001,985,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.01.11 23:10:38 | 025,256,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.01.11 23:10:38 | 018,054,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.01.11 23:10:38 | 017,560,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.01.11 23:10:38 | 009,389,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.01.11 23:10:38 | 007,565,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.01.11 23:10:38 | 002,720,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.01.11 23:10:38 | 002,504,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.01.11 14:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013.01.11 14:29:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013.01.11 14:22:11 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentServer.dll
[2013.01.11 14:22:10 | 000,707,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppXDeploymentExtensions.dll
[2013.01.11 14:22:10 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll
[2013.01.11 14:22:10 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll
[2013.01.11 14:22:05 | 005,974,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.01.11 14:22:04 | 005,088,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.01.11 14:22:04 | 001,096,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2013.01.11 14:22:03 | 003,245,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.01.11 14:22:03 | 001,145,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll
[2013.01.11 14:22:02 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.01.11 14:22:02 | 001,122,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Taskmgr.exe
[2013.01.11 14:22:01 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.01.11 14:22:01 | 001,536,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storagewmi.dll
[2013.01.11 14:22:01 | 001,027,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Taskmgr.exe
[2013.01.11 14:22:01 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WebcamUi.dll
[2013.01.11 14:22:01 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll
[2013.01.11 14:22:01 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WebcamUi.dll
[2013.01.11 14:22:01 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserLanguagesCpl.dll
[2013.01.11 14:22:01 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll
[2013.01.11 14:22:00 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013.01.11 14:22:00 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnapps.dll
[2013.01.11 14:22:00 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
[2013.01.11 14:22:00 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll
[2013.01.11 14:21:59 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserLanguagesCpl.dll
[2013.01.11 14:21:59 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
[2013.01.11 14:21:58 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
[2013.01.11 14:21:58 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wpnapps.dll
[2013.01.11 14:21:58 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013.01.11 14:21:57 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\storagewmi.dll
[2013.01.11 14:21:57 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.01.11 14:21:57 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.01.11 14:21:57 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013.01.11 14:21:57 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll
[2013.01.11 14:21:56 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013.01.11 14:21:56 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013.01.11 14:21:56 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013.01.11 14:21:56 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vds_ps.dll
[2013.01.11 14:21:56 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vds_ps.dll
[2013.01.11 14:21:56 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsldr.exe
[2013.01.11 14:21:55 | 000,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys
[2013.01.11 14:21:55 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthhfHid.sys
[2013.01.11 14:21:55 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BtaMPM.sys
[2013.01.11 14:21:51 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppwinob.dll
[2013.01.11 14:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JMicron
[2013.01.11 14:15:19 | 000,020,392 | ---- | C] (JMicron ) -- C:\Windows\SysNative\drivers\johci.sys
[2013.01.10 22:29:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apps
[2013.01.10 14:14:52 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptsslp.dll
[2013.01.10 14:14:52 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptsslp.dll
[2013.01.10 14:14:30 | 002,367,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSService.dll
[2013.01.10 14:14:29 | 013,640,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll
[2013.01.10 14:14:22 | 003,265,256 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\evbda.sys
[2013.01.10 14:14:19 | 014,259,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013.01.10 14:14:18 | 010,791,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll
[2013.01.10 14:14:14 | 002,397,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpcMon.exe
[2013.01.10 14:14:12 | 003,847,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.01.10 14:14:11 | 003,964,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSAT.exe
[2013.01.10 14:14:09 | 011,875,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013.01.10 14:14:08 | 000,533,224 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bxvbda.sys
[2013.01.10 14:14:06 | 001,513,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vssapi.dll
[2013.01.10 14:14:05 | 001,825,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013.01.10 14:14:04 | 001,739,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RacEngn.dll
[2013.01.10 14:14:04 | 001,019,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.dll
[2013.01.10 14:14:03 | 002,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.01.10 14:14:03 | 001,304,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.Streaming.dll
[2013.01.10 14:14:02 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uDWM.dll
[2013.01.10 14:14:01 | 000,389,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MMDevAPI.dll
[2013.01.10 14:14:00 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\provcore.dll
[2013.01.10 14:13:58 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013.01.10 14:13:57 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSATAPI.dll
[2013.01.10 14:13:57 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll
[2013.01.10 14:13:54 | 000,995,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.Streaming.dll
[2013.01.10 14:13:54 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll
[2013.01.10 14:13:53 | 001,590,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.01.10 14:13:53 | 000,709,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsSpellCheckingFacility.dll
[2013.01.10 14:13:53 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll
[2013.01.10 14:13:53 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IPHLPAPI.DLL
[2013.01.10 14:13:52 | 001,743,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\combase.dll
[2013.01.10 14:13:52 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFPlay.dll
[2013.01.10 14:13:51 | 000,866,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinTypes.dll
[2013.01.10 14:13:51 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2013.01.10 14:13:51 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWAHost.exe
[2013.01.10 14:13:50 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapi.dll
[2013.01.10 14:13:49 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfsrcsnk.dll
[2013.01.10 14:13:49 | 000,545,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2013.01.10 14:13:49 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfsvr.dll
[2013.01.10 14:13:49 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidcredprov.dll
[2013.01.10 14:13:49 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rascfg.dll
[2013.01.10 14:13:49 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rascfg.dll
[2013.01.10 14:13:48 | 001,400,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\propsys.dll
[2013.01.10 14:13:48 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS
[2013.01.10 14:13:48 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013.01.10 14:13:48 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnprv.dll
[2013.01.10 14:13:48 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdsrv.dll
[2013.01.10 14:13:47 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VAN.dll
[2013.01.10 14:13:47 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll
[2013.01.10 14:13:47 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinSATAPI.dll
[2013.01.10 14:13:47 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSClient.dll
[2013.01.10 14:13:46 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appwiz.cpl
[2013.01.10 14:13:46 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2013.01.10 14:13:46 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapibase.dll
[2013.01.10 14:13:46 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bisrv.dll
[2013.01.10 14:13:45 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll
[2013.01.10 14:13:45 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psmsrv.dll
[2013.01.10 14:13:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll
[2013.01.10 14:13:43 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSSync.dll
[2013.01.10 14:13:43 | 000,028,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
[2013.01.10 14:13:42 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appwiz.cpl
[2013.01.10 14:13:42 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWAHost.exe
[2013.01.10 14:13:42 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFPlay.dll
[2013.01.10 14:13:42 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSClient.dll
[2013.01.10 14:13:42 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSSync.dll
[2013.01.10 14:13:42 | 000,120,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpioclx.sys
[2013.01.10 14:13:42 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PackageStateRoaming.dll
[2013.01.10 14:13:41 | 001,369,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RacEngn.dll
[2013.01.10 14:13:41 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\provcore.dll
[2013.01.10 14:13:41 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll
[2013.01.10 14:13:41 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll
[2013.01.10 14:13:41 | 000,256,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvproc.dll
[2013.01.10 14:13:41 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ProximityService.dll
[2013.01.10 14:13:41 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll
[2013.01.10 14:13:41 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TpmTasks.dll
[2013.01.10 14:13:41 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PackageStateRoaming.dll
[2013.01.10 14:13:41 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2013.01.10 14:13:40 | 002,007,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\batmeter.dll
[2013.01.10 14:13:40 | 001,247,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\combase.dll
[2013.01.10 14:13:40 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinapi.dll
[2013.01.10 14:13:40 | 000,480,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VAN.dll
[2013.01.10 14:13:40 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfsrcsnk.dll
[2013.01.10 14:13:40 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\microsoft-windows-kernel-power-events.dll
[2013.01.10 14:13:40 | 000,062,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpfve.sys
[2013.01.10 14:13:40 | 000,027,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\avrt.dll
[2013.01.10 14:13:39 | 002,016,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\batmeter.dll
[2013.01.10 14:13:39 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.01.10 14:13:39 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys
[2013.01.10 14:13:39 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncHost.exe
[2013.01.10 14:13:39 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfdisk.dll
[2013.01.10 14:13:37 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinTypes.dll
[2013.01.10 14:13:37 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.01.10 14:13:37 | 000,212,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UCX01000.SYS
[2013.01.10 14:13:37 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfdisk.dll
[2013.01.10 14:13:37 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\svchost.exe
[2013.01.10 14:13:36 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2013.01.10 14:13:36 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfsvr.dll
[2013.01.10 14:13:36 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2013.01.10 14:13:36 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlidcredprov.dll
[2013.01.10 14:13:36 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhevents.dll
[2013.01.10 14:13:35 | 000,699,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinapi.dll
[2013.01.10 14:13:35 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpksetup.exe
[2013.01.10 14:13:35 | 000,437,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfh264enc.dll
[2013.01.10 14:13:35 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfh264enc.dll
[2013.01.10 14:13:35 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvproc.dll
[2013.01.10 14:13:35 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.01.10 14:13:35 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevPropMgr.dll
[2013.01.10 14:13:35 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwm.exe
[2013.01.10 14:13:35 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncHost.exe
[2013.01.10 14:13:35 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfnet.dll
[2013.01.10 14:13:34 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhcfg.dll
[2013.01.10 14:13:34 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvinst.exe
[2013.01.10 14:13:34 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2013.01.10 14:13:32 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.01.10 14:13:32 | 001,701,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.01.10 14:13:32 | 000,588,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2013.01.10 14:13:32 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.01.10 14:13:32 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfos.dll
[2013.01.10 14:13:32 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DAFWSD.dll
[2013.01.10 14:13:32 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsrchapi.dll
[2013.01.10 14:13:32 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfnet.dll
[2013.01.10 14:13:31 | 000,417,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2013.01.10 14:13:31 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhcat.dll
[2013.01.10 14:13:31 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013.01.10 14:13:31 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CscMig.dll
[2013.01.10 14:13:31 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsvc.dll
[2013.01.10 14:13:31 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpremove.exe
[2013.01.10 14:13:31 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.01.10 14:13:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhmanagew.exe
[2013.01.10 14:13:30 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhshl.dll
[2013.01.10 14:13:30 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasdiag.dll
[2013.01.10 14:13:30 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vsstrace.dll
[2013.01.10 14:13:30 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsrchph.dll
[2013.01.10 14:13:30 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhlisten.dll
[2013.01.10 14:13:30 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasdiag.dll
[2013.01.10 14:13:30 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhcleanup.dll
[2013.01.10 14:13:30 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ndptsp.tsp
[2013.01.10 14:13:30 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasmxs.dll
[2013.01.10 14:13:30 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhtask.dll
[2013.01.10 14:13:30 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdbinst.exe
[2013.01.10 14:13:30 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.01.10 14:13:30 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdbinst.exe
[2013.01.10 14:13:29 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhautoplay.dll
[2013.01.10 14:13:29 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ndptsp.tsp
[2013.01.10 14:13:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfctrs.dll
[2013.01.10 14:13:29 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfctrs.dll
[2013.01.10 14:13:29 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfproc.dll
[2013.01.10 14:13:29 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfproc.dll
[2013.01.10 14:13:29 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfos.dll
[2013.01.10 14:13:29 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasmxs.dll
[2013.01.10 14:13:29 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasser.dll
[2013.01.10 14:13:29 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasser.dll
[2013.01.10 14:13:26 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kmddsp.tsp
[2013.01.10 14:13:26 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kmddsp.tsp
[2013.01.10 14:13:26 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LangCleanupSysprepAction.dll
[2013.01.10 14:13:26 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013.01.10 14:13:26 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsvcctl.dll
[2013.01.10 14:13:26 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eventcls.dll
[2013.01.10 14:13:26 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eventcls.dll
[2013.01.10 14:13:26 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MUILanguageCleanup.dll
[2013.01.10 14:13:25 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.01.10 14:13:25 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2013.01.10 14:13:25 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2013.01.10 14:13:25 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpksetupproxyserv.dll
[2013.01.10 14:13:25 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shimeng.dll
[2013.01.10 14:13:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2013.01.10 14:13:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2013.01.10 14:13:25 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2013.01.10 14:13:25 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2013.01.10 14:13:24 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013.01.10 14:13:24 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013.01.10 14:11:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2013.01.10 14:11:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2013.01.10 14:11:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013.01.10 14:11:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2013.01.10 13:59:18 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.dll
[2013.01.10 13:59:18 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.dll
[2013.01.10 13:59:18 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.exe
[2013.01.10 13:59:18 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ndadmin.exe
[2013.01.10 13:59:18 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.exe
[2013.01.10 13:59:18 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ndadmin.exe
[2013.01.10 13:59:18 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.01.10 10:58:49 | 000,000,000 | ---D | C] -- C:\Users\MAY\AppData\Roaming\dvdcss
[2013.01.03 21:29:14 | 000,000,000 | ---D | C] -- C:\Users\MAY\AppData\Local\Apple Computer
[2013.01.03 21:29:13 | 000,000,000 | ---D | C] -- C:\Users\MAY\AppData\Roaming\Apple Computer
[2013.01.03 21:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.03 21:28:58 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013.01.03 21:28:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013.01.03 21:27:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.03 21:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.03 21:27:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.01.03 21:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.01.03 21:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.01.03 21:27:02 | 000,000,000 | ---D | C] -- C:\Users\MAY\AppData\Local\Apple
[2013.01.03 21:27:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.01.03 21:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.01.03 21:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.01.03 21:26:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.01.03 21:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.01.03 21:26:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.12.26 19:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
[2012.12.26 19:43:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI
[2012.12.26 19:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2012.12.26 19:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2012.12.26 19:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GreenTree Applications
[2012.12.26 19:15:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.12.26 19:01:03 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.26 19:01:03 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.26 19:01:03 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012.12.26 19:01:03 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012.12.26 19:01:03 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.26 19:01:03 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.26 19:01:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2012.12.26 19:01:03 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2012.12.26 12:29:54 | 000,000,000 | ---D | C] -- C:\Users\MAY\Desktop\yolculuk
[2012.12.20 22:43:22 | 000,000,000 | ---D | C] -- C:\Users\MAY\Application Data
[2012.12.18 18:55:07 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.12.18 18:55:02 | 000,000,000 | ---D | C] -- C:\Users\MAY\AppData\Roaming\DAEMON Tools Lite
[2012.12.18 18:54:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.12.18 18:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.12.18 17:24:46 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.12.18 17:24:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.12.18 17:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.12.18 17:24:21 | 000,000,000 | ---D | C] -- C:\Users\MAY\AppData\Local\Google
[2012.12.18 17:17:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2012.12.18 17:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2012.12.18 17:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\Zune
[2012.12.18 17:13:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2012.12.18 17:11:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2012.12.18 17:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012.12.18 17:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012.12.18 17:09:42 | 000,778,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationNative_v0300.dll
[2012.12.18 17:09:42 | 000,102,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2012.12.18 17:09:42 | 000,035,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2012.12.18 17:09:38 | 001,166,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationNative_v0300.dll
[2012.12.18 17:09:38 | 000,124,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2012.12.18 17:09:38 | 000,035,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2012.12.18 17:07:56 | 003,554,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012.12.18 17:07:54 | 002,116,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012.12.18 17:07:51 | 002,380,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012.12.18 17:07:51 | 002,206,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll
[2012.12.18 17:07:50 | 002,764,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012.12.18 17:07:50 | 002,115,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012.12.18 17:07:49 | 001,610,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012.12.18 17:07:48 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Immersive.dll
[2012.12.18 17:07:47 | 001,841,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll
[2012.12.18 17:07:47 | 001,265,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.12.18 17:07:46 | 001,226,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Immersive.dll
[2012.12.18 17:07:46 | 000,793,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2012.12.18 17:07:46 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SHCore.dll
[2012.12.18 17:07:46 | 000,579,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2012.12.18 17:07:45 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
[2012.12.18 17:07:44 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012.12.18 17:07:43 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012.12.18 17:07:43 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012.12.18 17:07:43 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012.12.18 17:07:42 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012.12.18 17:07:41 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012.12.18 17:07:40 | 000,612,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2012.12.18 17:07:40 | 000,561,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmp4srcsnk.dll
[2012.12.18 17:07:40 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SHCore.dll
[2012.12.18 17:07:39 | 000,517,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2012.12.18 17:07:39 | 000,441,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.12.18 17:07:39 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
[2012.12.18 17:07:38 | 001,045,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usercpl.dll
[2012.12.18 17:07:38 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2012.12.18 17:07:38 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmp4srcsnk.dll
[2012.12.18 17:07:38 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2012.12.18 17:07:37 | 000,336,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys
[2012.12.18 17:07:37 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Storage.Compression.dll
[2012.12.18 17:07:37 | 000,058,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dam.sys
[2012.12.18 17:07:35 | 000,962,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\usercpl.dll
[2012.12.18 17:07:35 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.12.18 17:07:34 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SpaceControl.dll
[2012.12.18 17:07:34 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.12.18 17:07:33 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012.12.18 17:07:33 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012.12.18 17:07:33 | 000,056,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdstor.sys
[2012.12.18 17:07:33 | 000,033,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\battc.sys
[2012.12.18 17:07:32 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\input.dll
[2012.12.18 17:07:32 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\input.dll
[2012.12.18 17:07:32 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Storage.Compression.dll
[2012.12.18 17:07:32 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.12.18 17:07:30 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012.12.18 17:07:30 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012.12.18 17:07:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012.12.18 17:07:30 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\microsoft-windows-pdc.dll
[2012.12.18 17:07:29 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PCPKsp.dll
[2012.12.18 17:07:28 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2012.12.18 17:07:27 | 000,757,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FirewallAPI.dll
[2012.12.18 17:07:27 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AppxSip.dll
[2012.12.18 17:07:26 | 001,836,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.12.18 17:07:26 | 000,370,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
[2012.12.18 17:07:26 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012.12.18 17:07:26 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AppxSip.dll
[2012.12.18 17:07:26 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icfupgd.dll
[2012.12.18 17:07:25 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PCPKsp.dll
[2012.12.18 17:07:25 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BdeUISrv.exe
[2012.12.18 17:07:24 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssitlb.dll
[2012.12.18 17:07:24 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssprxy.dll
[2012.12.18 17:07:24 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssitlb.dll
[2012.12.18 17:07:24 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012.12.18 17:07:24 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wfapigp.dll
[2012.12.18 17:07:24 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wfapigp.dll
[2012.12.18 17:07:23 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2012.12.18 17:07:23 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msshooks.dll
[2012.12.18 17:07:23 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msshooks.dll
[2012.12.18 17:07:23 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kbdhebl3.dll
[2012.12.18 17:07:23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kbdhebl3.dll
[2012.12.18 17:07:04 | 001,172,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfnetsrc.dll
[2012.12.18 17:07:04 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfnetsrc.dll
[2012.12.18 17:07:04 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfnetcore.dll
[2012.12.18 17:07:04 | 000,673,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfmpeg2srcsnk.dll
[2012.12.18 17:07:03 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfnetcore.dll
[2012.12.18 17:07:03 | 000,513,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfmpeg2srcsnk.dll
[2012.12.18 17:06:59 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll
[2012.12.18 17:06:59 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll
[2012.12.18 17:05:18 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.12.18 17:05:12 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srmstormod.dll
[2012.12.18 17:05:10 | 001,347,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srmclient.dll
[2012.12.18 17:05:10 | 000,987,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srmclient.dll
[2012.12.18 17:05:10 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srmscan.dll
[2012.12.18 17:05:10 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srmstormod.dll
[2012.12.18 17:05:10 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dskquota.dll
[2012.12.18 17:05:10 | 000,027,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012.12.18 17:05:09 | 000,652,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srmscan.dll
[2012.12.18 17:05:09 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srm.dll
[2012.12.18 17:05:09 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srm.dll
[2012.12.18 17:05:09 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srmshell.dll
[2012.12.18 17:05:09 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adrclient.dll
[2012.12.18 17:05:09 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srmshell.dll
[2012.12.18 17:05:09 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adrclient.dll
[2012.12.18 17:05:09 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srmtrace.dll
[2012.12.18 17:05:09 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dskquota.dll
[2012.12.18 17:05:09 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srmtrace.dll
[2012.12.18 17:05:09 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rfxvmt.dll
[2012.12.18 17:05:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srm_ps.dll
[2012.12.18 17:05:09 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srm_ps.dll
[2012.12.18 17:05:08 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012.12.18 17:04:57 | 000,396,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hal.dll
[2012.12.18 16:59:44 | 006,971,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.12.18 16:59:44 | 000,488,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012.12.18 16:59:43 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Display.dll
[2012.12.18 16:59:43 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Display.dll
[2012.12.18 16:59:43 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2012.12.18 16:59:43 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll
[2012.12.18 16:59:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidi2c.sys
[2012.12.18 16:59:43 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll
[2012.12.18 16:59:43 | 000,021,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012.12.18 16:59:43 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDKURD.DLL
[2012.12.18 16:59:43 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDKURD.DLL
[2012.12.18 16:59:41 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll
[2012.12.18 16:59:41 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2012.12.18 16:59:41 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.dll
[2012.12.18 16:59:41 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2012.12.18 16:59:41 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
[2012.12.18 16:59:41 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2012.12.18 16:59:03 | 011,459,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\glcndFilter.dll
[2012.12.18 16:59:00 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll
[2012.12.18 16:58:59 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll
[2012.12.18 16:58:57 | 008,552,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\glcndFilter.dll
[2012.12.18 16:58:55 | 001,526,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll
[2012.12.18 16:58:54 | 001,566,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2012.12.18 16:58:54 | 001,451,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll
[2012.12.18 16:58:54 | 000,976,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.18 16:58:53 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.12.18 16:58:52 | 000,447,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2012.12.18 16:58:51 | 000,767,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.12.18 16:58:51 | 000,490,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2012.12.18 16:58:51 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2012.12.18 16:58:51 | 000,253,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2012.12.18 16:58:50 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\HelpPane.exe
[2012.12.18 16:58:49 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.12.18 16:58:49 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll
[2012.12.18 16:58:49 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2012.12.18 16:58:48 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2012.12.18 16:58:48 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll
[2012.12.18 16:58:47 | 000,549,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll
[2012.12.18 16:58:46 | 000,445,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS
[2012.12.18 16:58:44 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll
[2012.12.18 16:58:44 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys
[2012.12.18 16:58:40 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevicePairing.dll
[2012.12.18 16:58:39 | 000,522,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2012.12.18 16:58:39 | 000,463,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2012.12.18 16:58:39 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanapi.dll
[2012.12.18 16:58:39 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dafWCN.dll
[2012.12.18 16:58:38 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanmsm.dll
[2012.12.18 16:58:37 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevicePairing.dll
[2012.12.18 16:58:37 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlansec.dll
[2012.12.18 16:58:37 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2012.12.18 16:58:37 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2012.12.18 16:58:37 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bthprops.cpl
[2012.12.18 16:58:37 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll
[2012.12.18 16:58:37 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bthprops.cpl
[2012.12.18 16:58:37 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFCaptureEngine.dll
[2012.12.18 16:58:37 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2012.12.18 16:58:37 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe
[2012.12.18 16:58:37 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.12.18 16:58:37 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuaext.dll
[2012.12.18 16:58:36 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2012.12.18 16:58:36 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll
[2012.12.18 16:58:36 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpclip.exe
[2012.12.18 16:58:36 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.12.18 16:58:36 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2012.12.18 16:58:36 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.12.18 16:58:35 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe
[2012.12.18 16:58:35 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012.12.18 16:58:35 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanapi.dll
[2012.12.18 16:58:35 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFCaptureEngine.dll
[2012.12.18 16:58:35 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2012.12.18 16:58:35 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.12.18 16:58:35 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2012.12.18 16:58:34 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEndpointBuilder.dll
[2012.12.18 16:58:34 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnApi.dll
[2012.12.18 16:58:34 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WcnApi.dll
[2012.12.18 16:58:33 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fdWCN.dll
[2012.12.18 16:58:33 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wfdprov.dll
[2012.12.18 16:58:33 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapAuthProxy.dll
[2012.12.18 16:58:33 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2012.12.18 16:58:32 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WcnEapPeerProxy.dll
[2012.12.18 16:58:31 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wfdprov.dll
[2012.12.18 16:58:30 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2012.12.18 16:58:29 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wushareduxresources.dll
[2012.12.18 16:58:29 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fxppm.sys
[2012.12.18 16:58:29 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanhlp.dll
[2012.12.18 16:58:29 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanhlp.dll
[2012.12.18 16:58:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iscsilog.dll
[2012.12.18 16:55:04 | 001,009,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll
[2012.12.18 16:55:04 | 000,945,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\resetengmig.dll
[2012.12.18 16:55:04 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll
[2012.12.18 16:55:04 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll
[2012.12.18 16:55:04 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysreset.exe
[2012.12.18 16:53:51 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2012.12.18 16:39:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.16 16:43:08 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.16 16:43:08 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.16 16:43:08 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.16 16:43:08 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.16 16:43:07 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.16 16:37:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.16 16:36:19 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.16 16:35:37 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.01.16 16:35:33 | 2561,933,311 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.16 16:29:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.16 14:49:16 | 000,554,087 | ---- | M] () -- C:\Users\MAY\Desktop\adwcleaner.exe
[2013.01.15 17:06:07 | 005,022,206 | ---- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.01.15 16:58:45 | 005,022,206 | ---- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix (1).exe
[2013.01.13 19:09:57 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.13 12:30:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.01.13 12:17:18 | 000,048,472 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klwfp.sys
[2013.01.13 12:17:18 | 000,029,528 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys
[2013.01.13 12:17:18 | 000,029,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klkbdflt.sys
[2013.01.13 12:17:17 | 000,612,696 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013.01.12 21:14:34 | 630,474,799 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.12 00:37:56 | 000,007,614 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2013.01.11 23:50:45 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013.01.11 23:46:48 | 004,984,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.11 23:37:27 | 000,218,134 | ---- | M] () -- C:\Windows\hpoins19.dat
[2013.01.11 23:22:41 | 000,002,109 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013.01.05 10:45:01 | 000,001,049 | ---- | M] () -- C:\Users\***\Desktop\Prison Break - Verknüpfung.lnk
[2012.12.30 22:53:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2012.12.29 11:34:47 | 026,931,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.12.29 11:34:47 | 025,256,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.12.29 11:34:47 | 020,450,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.12.29 11:34:47 | 018,054,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.12.29 11:34:47 | 017,560,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.12.29 11:34:47 | 015,129,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.12.29 11:34:47 | 015,052,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.12.29 11:34:47 | 012,641,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.12.29 11:34:47 | 009,389,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.12.29 11:34:47 | 007,931,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.12.29 11:34:47 | 007,565,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.12.29 11:34:47 | 006,263,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012.12.29 11:34:47 | 002,904,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.12.29 11:34:47 | 002,824,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.12.29 11:34:47 | 002,720,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.12.29 11:34:47 | 002,504,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.12.29 11:34:47 | 002,344,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.12.29 11:34:47 | 001,985,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.12.29 11:34:47 | 001,813,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.12.29 11:34:47 | 001,504,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012.12.29 11:34:47 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.12.29 09:40:27 | 006,382,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.12.29 09:40:27 | 003,455,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.12.29 09:40:09 | 002,558,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.12.29 09:40:09 | 000,118,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.12.29 09:40:09 | 000,063,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.12.19 00:32:58 | 000,695,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.12.19 00:32:58 | 000,080,728 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.12.18 18:55:07 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
 
========== Files Created - No Company Name ==========
 
[2013.01.16 14:49:16 | 000,554,087 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.01.13 19:09:57 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.01.12 21:14:34 | 630,474,799 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.01.11 23:51:56 | 000,001,298 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013.lnk
[2013.01.11 23:50:54 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013.01.11 23:46:21 | 004,984,432 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.11 23:22:41 | 000,002,109 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2013.01.11 23:21:54 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2013.01.11 23:13:30 | 000,218,134 | ---- | C] () -- C:\Windows\hpoins19.dat
[2013.01.11 23:13:30 | 000,015,561 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2013.01.11 23:12:05 | 003,867,040 | ---- | C] () -- C:\Windows\SysNative\PortChanger.exe
[2013.01.10 14:13:30 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
[2013.01.10 14:13:30 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013.01.05 10:45:01 | 000,001,049 | ---- | C] () -- C:\Users\***\Desktop\Prison Break - Verknüpfung.lnk
[2013.01.03 21:27:01 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.12.30 22:53:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2012.12.28 01:20:28 | 000,000,824 | ---- | C] () -- C:\Users\***\Desktop\hosts
[2012.12.28 00:28:44 | 000,007,614 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.12.18 17:24:28 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.18 17:24:23 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.18 16:58:48 | 000,385,604 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2012.08.10 09:55:05 | 000,000,600 | ---- | C] () -- C:\Users\***\PUTTY.RND
[2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.11.06 05:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.11.06 05:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.18 18:55:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
 
========== Purity Check ==========
 
 

< End of report >

Bursa · 16.01.2013, 17:23

Code:

ATTFilter

OTL Extras logfile created on: 16.01.2013 16:45:35 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\MAY\Desktop
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,66 Gb Available Physical Memory | 83,40% Memory free
16,97 Gb Paging File | 15,53 Gb Available in Paging File | 91,47% Paging File free
Paging file location(s): c:\pagefile.sys 4603 4603d:\pagef [Binary data over 200 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 275,10 Gb Total Space | 127,83 Gb Free Space | 46,47% Space Free | Partition Type: NTFS
Drive D: | 183,40 Gb Total Space | 3,63 Gb Free Space | 1,98% Space Free | Partition Type: NTFS
Drive G: | 596,17 Gb Total Space | 68,23 Gb Free Space | 11,45% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: MAY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A4AB54CF-8A9E-4647-8C3C-19C0EEE06F0A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03644458-392C-4837-9657-7DC068FC4E68}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{0497C27F-D7D5-45F1-856E-B87287304577}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0D8247DE-CD87-478C-AE02-D60AF8615CB6}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{0F5D2293-9860-42F0-BD9A-6D70872FBFF7}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{1391D6AA-442C-4A2C-85FA-1C6D3536BF08}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{157AAF18-B665-48E4-849C-BE04AF2D08CB}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{1897CB5A-153B-478E-A164-A479C1994422}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{1D1089A6-9813-463D-ABBD-6F2EA77688E3}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{1F4FE330-BF64-459C-8279-F3E8F88E27DA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{2E3E7F86-21CD-46BF-9567-EFD104A90FCE}" = dir=out | name=google search | 
"{2E76AC0C-B9A9-4C1F-8137-30156933F833}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{2F00314E-0C97-4D80-89B1-1DD65426FECA}" = dir=out | name=microsoft solitaire collection | 
"{373BF5FB-0890-4A4B-8772-ECB740E58239}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{38B7AF8A-7EEE-4456-B1B5-B8172195207A}" = dir=out | name=@{microsoft.bingfinance_1.7.0.29_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{398FE0FD-D9C3-4360-8788-1B21A29F1808}" = protocol=17 | dir=in | app=c:\windows\syswow64\***exec.exe | 
"{3B92EA16-16D6-4530-B4A1-6405A77958FA}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{3EF1F1CA-9998-4118-95EF-6CF69630999F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{3F0C543D-BF67-48A8-8E20-8AD81A1D3C6D}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{3FA1A067-714D-4E47-B900-E75218F826E0}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{41B667A1-EB49-41AE-85E5-9A3426A0F573}" = protocol=6 | dir=in | app=c:\windows\syswow64\***exec.exe | 
"{4654794F-F0C1-43EF-864E-EBB4F0C51F8F}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{46D2CDED-E687-4D5F-AD88-9E1ACD425EBE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{46E03A79-1BD5-4CA6-A9E5-69A034242A11}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{47A10E32-1B4F-4E6D-BF35-16BD998D8052}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{48926F30-5852-41CA-950C-B484AE95DD1B}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{4A3E8B76-5F93-4CD9-A321-BE13637933E6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{4A9CE0A4-A117-42AD-9526-32D58AB69EE0}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{54516221-2988-410E-B654-7C18BD01087A}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{5CB5B077-FF1D-4D36-BA6E-68CA4738BF3C}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{687AE83A-75E3-4C05-A370-A5D50F11A5D3}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{68D2C239-6B61-4D27-80F9-B397A2527A5A}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{6A487C65-2B52-4C64-9295-37784FA44531}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{6E16D189-7E12-4829-ACEE-346CBF8ABAE7}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{7B4AB7AC-F272-4A17-8F5E-D0AC90C8C145}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7B77F275-1F78-4848-9CB5-55A950BD1C62}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{87B7D8C9-9C0A-4433-870F-BCFCB8BCF766}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{8ABEEF9D-5F8B-4349-A021-381C152953EF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{8E6AF5B0-984C-4107-9C73-DB1066245C27}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{91B0D286-D4D7-44E2-896E-1CFBE342920F}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{9239336D-344A-4C2A-813A-4E6261C582B9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
"{92C360AE-81ED-4097-899B-EE909F0461EC}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{93E1C433-5D14-4E2D-A0B2-157FEA47BB02}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{96647140-16F4-4298-9274-3C9A19433332}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{9C0BDD56-EF76-433A-B3E0-5BBE21824DF2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{A0617557-36E9-4832-AE58-1C135E0FE8C6}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{A3F57BAE-2624-453D-8E19-83DFF6D75135}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{A789EF85-B4CC-420E-B6A8-23C7CDF0A03D}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{A7A36D86-8D8F-444F-93CC-EFDEA4D6BC79}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{AABB3AEC-C851-4428-8C29-A10BDABA551D}" = dir=out | name=@{microsoft.bingsports_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{AC06E190-3D84-425C-935F-9B328C9F46C1}" = dir=in | name=jetpack joyride | 
"{AD7658AA-279C-462B-839F-AB4B8670E3C1}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{B061C919-A47A-4CD2-A6DC-F396E4AFDEC4}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{B2C4EFCF-62F1-424D-87F0-AFBF570E24CD}" = dir=out | name=cut the rope | 
"{B5681001-BA07-4BC7-9550-DA51AD075C62}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{B7D979B5-D4AA-4230-8A67-80C1752C31C4}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{B7EFD76A-C56F-47A0-B376-FC942F704D69}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{B93ECDE8-4896-4EE7-9C35-45C1F3C9CDDA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{BB6E92E2-F4CD-42E8-A0C5-5ACBA7643940}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{BF89B3E4-E535-4192-98EE-7F299BB7FEE4}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{C3137A5B-82AF-4972-AE82-AD033F46E3C7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{C719CAFF-86E1-4470-B4BB-3367BF41A0F2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{C81219B8-38B4-448F-BD35-2F88963ED646}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{CAD50962-AA8B-49CC-9354-E649DFB6E84F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CB8BAFC5-588D-42BE-9728-1564E9A612FB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{D7AEB463-D107-4018-9834-4863FDBDEB5D}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{D8CB8536-BBBE-4BDB-9BC3-A6D2F0CAA92D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{DA91BEB4-69EF-41F3-A572-2037996861D4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{DC40C0A7-B91A-4340-84CE-76070B752A57}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{DF47A45B-2E8F-4CDE-B4DF-2056CED2CB41}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{E4BB504C-C515-4D60-8768-D3623E956AA1}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E7D80813-8B65-4EE7-A2F8-0F7585D2F78B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EA79962D-598A-4E26-816D-FEB896B9B466}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{ED201F4A-342C-47D9-95FF-1B0507E81ED8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{F32E70D9-76A4-4CC3-ADBB-6DC61364F433}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{F47C98F6-DC30-4356-9D2B-1A44313069D5}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{F519A85B-B8B3-43DF-86B7-84616F801430}" = dir=out | name=jetpack joyride | 
"{F57F720A-45E1-4F04-82E5-AADDC86CF59E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{F838E101-A08A-4187-A43B-E2E99F25236F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{F96EB1C9-C052-4CBE-A21A-28C39734D740}" = dir=out | name=@{microsoft.bingnews_1.7.0.31_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"TCP Query User{83101E08-A349-45F9-8726-008E80787054}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
"UDP Query User{A737F4C3-AD29-4776-86D7-6DEE20FD2715}C:\program files (x86)\jdownloader\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader\jre\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Shop for HP Supplies" = Shop for HP Supplies
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2605461E-AB2E-49F5-8A16-64B7F3595030}" = 5600Trb
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2DFDE21D-AFFE-4CDD-BBD4-3B7832BEC036}" = AIO_CDB_Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6BA1CFB2-AB74-4D7B-8FEF-C80A06190E18}" = 5600
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DCBC3D8-8954-491D-A1B9-8C61C563B004}" = 5600_Help
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D5045A94-1D46-44A7-9C4F-7D05B40D82EC}" = AIO_CDB_ProductContext
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.01.2013 10:16:22 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Adobe\Adobe
 After Effects CS5\Support Files\(PCI)\Setup\resources\libraries\ARKCmdCaps.dll".
Die
 abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 16.01.2013 10:16:24 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Adobe\Adobe
 Media Encoder CS5\PCI\AMEPCI\resources\libraries\ARKCmdCaps.dll".  Die abhängige 
Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 16.01.2013 10:16:24 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Adobe\Adobe
 Media Encoder CS5\PCI\AMEPCI\resources\libraries\ARKCmdDefrag.dll".  Die abhängige
 Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 16.01.2013 10:16:24 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Adobe\Adobe
 Media Encoder CS5\PCI\Dolby\resources\libraries\ARKCmdCaps.dll".  Die abhängige Assemblierung
 "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 16.01.2013 10:16:24 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Adobe\Adobe
 Media Encoder CS5\PCI\Dolby\resources\libraries\ARKCmdDefrag.dll".  Die abhängige
 Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 16.01.2013 10:16:24 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Adobe\Adobe
 Media Encoder CS5\PCI\Dolby\resources\libraries\ARKEngine.dll".  Die abhängige Assemblierung
 "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 16.01.2013 10:16:24 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Adobe\Adobe
 Media Encoder CS5\PCI\AMEPCI\resources\libraries\ARKCmdFS.dll".  Die abhängige Assemblierung
 "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 16.01.2013 10:16:24 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Adobe\Adobe
 Media Encoder CS5\PCI\AMEPCI\resources\libraries\ARKEngine.dll".  Die abhängige Assemblierung
 "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 16.01.2013 10:16:24 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Adobe\Adobe
 Media Encoder CS5\PCI\Dolby\resources\libraries\ARKCmdFS.dll".  Die abhängige Assemblierung
 "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 16.01.2013 10:16:26 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Adobe\Adobe
 Premiere Pro CS5\SetupRoyalty\resources\libraries\ARKCmdDefrag.dll".  Die abhängige
 Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 12.01.2013 03:35:59 | Computer Name = *** | Source = DCOM | ID = 10010
Description = 
 
Error - 12.01.2013 16:14:46 | Computer Name = *** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?01.?2013 um 21:13:34 unerwartet heruntergefahren.
 
Error - 12.01.2013 16:14:50 | Computer Name = *** | Source = BugCheck | ID = 1001
Description = 
 
Error - 12.01.2013 20:32:19 | Computer Name = *** | Source = DCOM | ID = 10010
Description = 
 
Error - 12.01.2013 20:32:19 | Computer Name = *** | Source = DCOM | ID = 10010
Description = 
 
Error - 14.01.2013 10:59:05 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 
Mal passiert.
 
Error - 14.01.2013 11:01:55 | Computer Name = *** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?01.?2013 um 15:48:11 unerwartet heruntergefahren.
 
Error - 14.01.2013 18:51:23 | Computer Name = *** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?01.?2013 um 23:21:55 unerwartet heruntergefahren.
 
Error - 14.01.2013 19:53:09 | Computer Name = *** | Source = DCOM | ID = 10010
Description = 
 
Error - 15.01.2013 11:20:57 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
 gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
 Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
 lautet: 900.
 
 
< End of report >

auf eins hatt es nicht gepasst

cosinus · 17.01.2013, 09:32

Code:

ATTFilter

O1 - Hosts: 127.0.0.1 activate.adobe.com

Ähm das seh ich ja jetzt erst.
Was bitte willst du mit diesem Hosts Eintrag?! Wie willst du Adobe-Software aktivieren wenn du sie über die Hosts-Datei sperrst?

Bursa · 17.01.2013, 09:51

Wie wo was,
Ich weiß nicht gerade was du meinst was will ich aktivieren was gespert wird, und wie soll ich das gespert haben?

Sind übrigens die skanns richtig gewesen,
Sind schon die viren weg oder muss ich noch für die vollständige beseitigung ein par schritte tun

cosinus · 17.01.2013, 16:02

Du hast ein sehr teures AdobeCS5 installiert!
Das will aktiviert werden!

Wie bitte will man das aktivieren wenn man die Kommunikation mit dem Aktivierungsserver unterbindet!?

Bursa · 17.01.2013, 16:59

ist das nicht aktiviert ich dachte es währe schon aktiviert,
und wie soll ich das unterbunden haben diese Aktivierung

cosinus · 18.01.2013, 10:57

Zitat:

und wie soll ich das unterbunden haben diese Aktivierung

Zum dritten Mal, durch diesen Hosts-Datei Eintrag!
Bemerkenswerter dabei ist, dass typischerweise man das bei gecrackter Adobe-CS benötigt

Bursa · 18.01.2013, 12:06

Ok habs verstanden durch diesen eintrag unterbindet man es also.

Wie sieht es mit meinem fehler aus, ist mein rechner jetzt schon sauber oder muss ich da noch schritte unternehmen

cosinus · 18.01.2013, 13:09

Ja, Schlussfolgerung: gecrackte Software!

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

17.01.2013, 09:32	#23
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Ordner auf Wechselmedien werden als Verknüpfung angezeigt Code: ATTFilter O1 - Hosts: 127.0.0.1 activate.adobe.com Ähm das seh ich ja jetzt erst. Was bitte willst du mit diesem Hosts Eintrag?! Wie willst du Adobe-Software aktivieren wenn du sie über die Hosts-Datei sperrst? __________________ Logfiles bitte immer in CODE-Tags posten

17.01.2013, 16:02	#25
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Ordner auf Wechselmedien werden als Verknüpfung angezeigt Du hast ein sehr teures AdobeCS5 installiert! Das will aktiviert werden! Wie bitte will man das aktivieren wenn man die Kommunikation mit dem Aktivierungsserver unterbindet!? __________________ Logfiles bitte immer in CODE-Tags posten

Ordner auf Wechselmedien werden als Verknüpfung angezeigt

Log-Analyse und Auswertung: Ordner auf Wechselmedien werden als Verknüpfung angezeigt