| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ungewollter clickandbuy.info redirect auf FirefoxWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.01.2013, 15:13
| #1 |
| |  ungewollter clickandbuy.info redirect auf Firefox Moin, ich habe auch das Redirect-Problem von den andere User geschrieben habe, obwohl ich keine illegale Software verwende. Wenn ich online Zeitungen lese, sind im Text plötzlich Links zu angeblich anderen Artikeln, wenn man aber darauff klickt, landet man bei clickandcompare.info. Der Link sieht zuerst so aus, als ob es tatsächlich eine Unterseite von spiegel oder stern ist, nur das dahinter eine Raute ist. Dann wird man über diverse andere URLs automatisch letztendlich zu clickandcompare.info weitergeleitet. Bei Preissuchmaschinen werden sogar in die Suchergebnisse hinein Angebote von dieser fremden Seite eingeblendet. Es nervt und ich befürchte, dass mein Rechner ausspioniert wird. Ich benutze Windows 8 Pro. Der Rechner wurde mit der Home-Edition geliefert, ber ich habe offiziell bei MS upgegraded. Wenn etwas illegales auf meinem Rechner ist, dann bitte ich mich darüber zu informieren. OLT habe ich bereits heruntergeladen und den Scan durchgeführt, anbei das Ergebnis: OLT DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.10.26 17:47:31 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2012.10.26 17:47:31 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2012.10.26 17:47:31 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2012.10.26 17:29:20 | 000,026,736 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys -- (Ps2Kb2Hid) DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.10.15 01:14:30 | 003,701,760 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr) DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.10.11 06:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2012.09.20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012.09.20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 08:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012.09.20 07:09:11 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2012.09.20 07:08:27 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.08.31 02:05:12 | 000,318,864 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD) DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2012.07.26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 03:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 03:28:02 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\acpials.sys -- (acpials) DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 03:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.10 13:43:12 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012.07.07 03:00:46 | 000,104,960 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ax88772.sys -- (AX88772) DRV:64bit: - [2012.07.02 14:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.19 16:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.06.14 03:24:00 | 000,252,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2012.06.02 15:31:32 | 000,425,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.05.06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UBHelper.sys -- (UBHelper) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== EXTRA:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.01.2013 14:33:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\rimas\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,82 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,36% Memory free
7,69 Gb Paging File | 5,67 Gb Available in Paging File | 73,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,99 Gb Total Space | 170,26 Gb Free Space | 76,01% Space Free | Partition Type: NTFS
Computer Name: RIMOKOMPAS | User Name: XXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 0
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" =
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" =
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework]
"Enabled" = 1
"RemoteAddresses" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]
"AllowOutboundDestinationUnreachable" = 0
"AllowOutboundSourceQuench" = 0
"AllowRedirect" = 0
"AllowInboundEchoRequest" = 0
"AllowInboundRouterRequest" = 0
"AllowOutboundTimeExceeded" = 0
"AllowOutboundParameterProblem" = 0
"AllowInboundTimestampRequest" = 0
"AllowInboundMaskRequest" = 0
"AllowOutboundPacketTooBig" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\UPnPFramework]
"Enabled" = 1
"RemoteAddresses" =
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1816F9D9-B496-49D5-83A5-E96EA30B5A90}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06003C87-9794-4C5F-850C-A38905FCE61C}" = dir=out | name=tunein radio |
"{07176D32-82CB-4BAC-A14E-70ED6D83AD3F}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{0D3DBBE9-DB1D-44D2-996E-D71374B82DFF}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{1826946A-E7D6-4FB9-A059-987FDF65E88A}" = dir=out | name=microsoft solitaire collection |
"{18A57E02-B1DF-4A94-AB51-9C11026B9E70}" = dir=out | name=wordament |
"{1C445921-6D03-4822-8342-785DD42FE6C6}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{2290C53D-6758-4752-985F-D8C44889F062}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{22E20E12-625A-4C40-AC5A-246DA3570D98}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{26656C82-66E5-4FB7-A849-E38BC5D60036}" = dir=out | name=doodle god free |
"{292997E1-977C-4ED6-8707-5123C5A18DB0}" = dir=in | name=evernote |
"{29675CBB-531B-4A45-857D-A3F3C2623CDA}" = dir=out | name=weatherbug |
"{2B1E044C-3F36-49E5-AB80-863262CABE2A}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{308CCC12-FCE5-449A-812F-A7B375CCD316}" = dir=in | name=skype |
"{32257BB2-E010-4653-8B72-B5C5A7173042}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe |
"{330A3008-A34A-4090-A61B-BE9B07341C43}" = dir=in | name=wurmi |
"{37571146-D075-4F0F-8330-A59EC0094662}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{37666DF6-F4A1-4EA2-8812-55F7308A6815}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{379204E4-C00D-47C8-BC2F-145BC6821C4F}" = dir=in | name=wurmi |
"{3B6E63C7-142E-43DE-8D33-1B2CD593128C}" = dir=out | name=7digital music store |
"{3DE10C7E-13A5-4F59-8231-95A6EE4E885A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3E74DDD3-0FF1-41E0-A065-30BD91674B47}" = dir=out | name=windows_ie_ac_001 |
"{43A57589-235E-412F-95AB-47C89F205ED1}" = dir=out | name=skype |
"{4415A98F-E60B-4A8A-A986-776D7A4AA44E}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe |
"{45543F19-C822-4834-9EEB-D173544865A7}" = dir=out | name=txtr reader |
"{4B477A22-EFDB-47EE-B053-056105E1830F}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{50246D7A-698A-4EC8-BB8B-68171F13FE01}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe |
"{529B99A6-E348-46A7-B296-83B214E5EB77}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{5670DF62-952B-4953-B85C-943E64992B64}" = dir=out | name=acer explorer |
"{5B0EB99A-D7D0-4E74-AA11-30DC93EFC068}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{5B144694-D85B-4381-B0F7-405A8AD70100}" = dir=out | name=ingenify (quiz - allgemeinwissen) |
"{5B239C11-F62C-4894-A59E-4D3974D2ABA7}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{6AEA52CA-458D-416F-AF2C-3046B51E33DB}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe |
"{71E75713-0332-46DA-9527-6DAF996925AF}" = dir=in | app=c:\program files\acer\acer theft shield\usecuappclient.exe |
"{725DB223-8DC1-405D-A250-74796DB5F87C}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{7564C152-D8B7-4195-BBC9-BDE9D448516F}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{7C242409-63FE-4B57-A87C-A870A8F682CF}" = dir=out | name=microsoft minesweeper |
"{7F0CD931-41DE-4068-9552-9C5B156B8076}" = dir=out | name=cut the rope |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{88082F27-D9DF-4DA7-9385-E8437B53413E}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{8D3BF5BE-8622-427D-A6E4-1783636F61CD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{90A18B64-49FA-40D9-AD1F-5FDAB248A561}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{90AE801C-8C1D-45DC-9069-FE4C6396A23F}" = dir=out | name=@{artifexmundi.darkarcanathecarnival_1.0.0.13_x86__xmkq9zz36w32m?ms-resource://artifexmundi.darkarcanathecarnival/resources/packagedisplayname} |
"{9865CF9C-7F3A-4679-8A48-AEF4A76DFDD4}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe |
"{986F28C8-4014-4E6C-909D-AA0F445D1FC8}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{9AA53087-EE99-4AB7-8FD4-AE0B551906AD}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{9FDFD18D-A438-4C1F-A518-17FCC2D930EB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{A034718E-883B-4988-A18E-4722766259D1}" = dir=out | name=wurmi |
"{A38E9661-75E6-4BFE-84A1-47FD83E1C036}" = dir=out | name=acer crystal eye |
"{A6AF5717-321C-49C8-9DA3-61F7DAB3C9EF}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{A96906D8-65CC-404E-BE41-5F618A01CE72}" = dir=out | name=painty |
"{AA3D1EE2-D6B7-4795-BAE8-A4AE87FE46DA}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{AE2D0CB1-4CDD-404D-9E0D-B229A344F5DE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AF6F4EEF-AD4A-483F-9A46-1287C3CD7403}" = dir=out | name=- games app - |
"{B8B36328-619E-4DB6-B45D-640D1ADA4703}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{C4FC189C-4354-41EA-A270-94A5CB86569A}" = dir=out | name=@{artifexmundi.enigmatistheghostsofmaplecreek_1.0.0.13_x86__xmkq9zz36w32m?ms-resource://artifexmundi.enigmatistheghostsofmaplecreek/resources/packagedisplayname} |
"{C6F10B2A-C415-41A4-9A09-03EF4DDDD3BF}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{CED0F9CC-EBBC-4636-92A7-0E57382DEF5E}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
"{D12FEFFB-9E25-405B-A899-27B9CD891A8E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D23E16D5-831F-472A-A1CD-81C8D786A4F2}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{D3AB6072-B2FB-4A26-88B1-9E74C314CC85}" = dir=out | name=taptiles |
"{D3C947EC-731B-4BD4-A34E-2556DC804ABE}" = dir=out | name=evernote |
"{D5383636-B4C1-4736-A11B-1B6424530ACA}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{DA257F3D-BA11-42E6-99E5-82FF82E01574}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
"{DAFA7E42-016E-4E9B-83C6-A87F87970ECB}" = dir=out | name=@{artifexmundi.abyssthewraithsofeden_1.0.0.5_x86__xmkq9zz36w32m?ms-resource://artifexmundi.abyssthewraithsofeden/resources/packagedisplayname} |
"{DB087D9C-1C53-447F-BEFF-0EA0DA5884D2}" = dir=out | name=newsxpresso metro |
"{DB661E97-AF86-4CA3-85BB-7EBFFF932FBA}" = dir=out | name=@{3574gindasoft.to-dos_1.0.0.16_neutral__vhpcp2ef0a8kc?ms-resource://3574gindasoft.to-dos/resources/manifest_appname} |
"{DD7CB518-49A7-4B42-97C6-DF2D9B849895}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{DED3043E-AF6A-4404-A566-4AFA691F5732}" = dir=out | name=uncompress |
"{E2E937EC-9B0C-44AE-A6C7-DA8AB11493FC}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe |
"{E3B779EC-6075-4B50-9B3F-796393050E02}" = dir=out | name=social jogger |
"{E40DF4FE-3AE2-4AE2-AE24-8C944752A281}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E8E92040-D254-49E9-8FFB-53592AD71FFD}" = dir=out | name=microsoft mahjong |
"{EEF8BB6C-0E9C-4191-80E3-C4A864828EA6}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe |
"{EFA50905-12C6-4F3A-BDB1-EB4D67A81736}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
"{F00A95FD-7063-44AB-848C-DF0AB00D1358}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{F3573B85-DB40-4D2C-A0BB-45617896F759}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe |
"{F5EEEF9D-779B-4E4B-8E28-8A942EA2E62E}" = dir=out | name=mahjong deluxe free |
"{F637EA8C-3CC1-4F88-9FCA-D4821788B1E3}" = dir=out | name=geodart |
"{F74234FD-04BA-4137-9E31-C9AB438B155B}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
"{F86DE0CB-CFAF-4C09-9756-F169B856DCE8}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{F8BDD4A6-41B5-4F47-866B-A3BAC7C33B27}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{FDBCB9B0-7422-4786-892B-153144A7877E}" = dir=out | name=tic tac toe pro |
"{FF207D77-8FDC-4680-8FED-1D4038018465}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07E867C5-0C48-40FF-A013-DDAF4565AD47}" = Acer USB Charge Manager
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{29525672-4146-4306-A1ED-0964F2B17484}" = ContinueToSave
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}" = Acer Theft Shield
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.SingleImage_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.SingleImage_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.SingleImage_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.SingleImage_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.SingleImage_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F6100F13-F183-47A2-94A8-9AAC4976E228}" = Acer Instant Update Service
"ContinueToSave" = ContinueToSave
"Elantech" = ETDWare PS/2-X64 11.6.8.001_WHQL
"Office14.SingleImage" = Microsoft Office Professional 2010
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{26B5A6D1-1F75-3B59-5825-E4D4CAE3445D}" = SaveByclick
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WLAN and Bluetooth Client Installation Program
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{3DC00E50-BD19-4EFE-96FF-3C94CFF4E5BF}" = HID Monitor
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"Internet Manager" = Internet Manager
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WTA-1a3d0271-37fc-4e9b-9c09-131ff7e5de8e" = Island Tribe
"WTA-330c22dc-695a-462c-a0f0-6a06dcdae2e9" = Aloha TriPeaks
"WTA-3468b7bc-2cc6-44d4-b2fa-ae592e055b37" = Penguins!
"WTA-3d762777-0395-4e1a-b44b-101b2471d8d6" = Tales of Lagoona
"WTA-6d54dd77-2203-4e63-8447-1ed3f00366ae" = Jewel Match 3
"WTA-74f143a0-acb9-4597-aea9-5ba528d9e1e0" = Plants vs. Zombies - Game of the Year
"WTA-a52c5951-b9bb-4571-91f7-3be5bccea90e" = Zuma's Revenge
"WTA-a88eaab8-36be-4312-9c04-96ab1dd036f4" = Agatha Christie - Death on the Nile
"WTA-b9d12662-9a99-4c92-8ffb-2c316308b751" = Governor of Poker 2 Premium Edition
"WTA-bb65eef2-5be5-4e44-a1ca-a1c105e68c44" = Final Drive: Nitro
"WTA-c2bd0806-dfc6-4a1d-b743-b046fcd818d4" = Polar Bowler
"WTA-c585839b-506b-434a-b5d7-96bbaa176290" = John Deere Drive Green
"WTA-dd910cda-457e-4eca-92e6-3e307e91e067" = Delicious: Emily's True Love Premium Edition
"WTA-df4d3b31-2932-4166-a903-53d89bb03ac5" = Bejeweled 3
"WTA-fbf03463-0234-4769-b085-283391ae28a2" = Magic Academy
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-477488421-3254435502-813908088-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"C74B42DAD40776B5A47FF77AE67D68DC289ADFC1" = Atheros Outlook Addin 2010
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.12.2012 09:29:56 | Computer Name = rimokompas.Kernavetravel.local | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 02.01.2013 05:16:55 | Computer Name = rimokompas.Kernavetravel.local | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 03.01.2013 06:41:38 | Computer Name = rimokompas.Kernavetravel.local | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 04.01.2013 09:05:23 | Computer Name = rimokompas.Kernavetravel.local | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 07.01.2013 07:51:07 | Computer Name = rimokompas.Kernavetravel.local | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 08.01.2013 05:33:15 | Computer Name = rimokompas.Kernavetravel.local | Source = ETDService | ID = 0
Description =
Error - 08.01.2013 09:08:53 | Computer Name = rimokompas.Kernavetravel.local | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
48954681. System Error: Das System kann die angegebene Datei nicht finden. .
Error - 08.01.2013 09:08:53 | Computer Name = rimokompas.Kernavetravel.local | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
57938976. System Error: Das System kann die angegebene Datei nicht finden. .
Error - 08.01.2013 09:08:53 | Computer Name = rimokompas.Kernavetravel.local | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
82478335. System Error: Das System kann die angegebene Datei nicht finden. .
Error - 09.01.2013 07:25:02 | Computer Name = rimokompas.Kernavetravel.local | Source = Customer Experience Improvement Program | ID = 1008
Description =
[ System Events ]
Error - 04.01.2013 13:18:52 | Computer Name = rimokompas.Kernavetravel.local | Source = Microsoft-Windows-GroupPolicy | ID = 1058
Description = Fehler bei der Verarbeitung der Gruppenrichtlinie. Der Versuch, die
Datei "\\Kernavetravel.local\SysVol\Kernavetravel.local\Policies\{B76660E1-851B-41B3-8D8A-5DA31F1BE3D6}\gpt.ini"
von einem Domänencontroller zu lesen, war nicht erfolgreich. Die Gruppenrichtlinieneinstellungen
dürfen nicht angewendet werden, bis dieses Ereignis behoben ist. Dies ist möglicherweise
ein vorübergehendes Problem, das mindestens eine der folgenden Ursachen haben kann:
a) Namensauflösung/Netzwerkverbindung mit dem aktuellen Domänencontroller. b) Wartezeit
des Dateireplikationsdienstes (eine auf einem anderen Domänencontroller erstellte
Datei hat nicht auf dem aktuellen Domänencontroller repliziert). c) Der DFS-Client
(Distributed File System) wurde deaktiviert.
Error - 05.01.2013 01:53:37 | Computer Name = rimokompas.Kernavetravel.local | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 07.01.2013 07:48:49 | Computer Name = rimokompas.Kernavetravel.local | Source = Microsoft-Windows-GroupPolicy | ID = 1058
Description = Fehler bei der Verarbeitung der Gruppenrichtlinie. Der Versuch, die
Datei "\\Kernavetravel.local\SysVol\Kernavetravel.local\Policies\{B76660E1-851B-41B3-8D8A-5DA31F1BE3D6}\gpt.ini"
von einem Domänencontroller zu lesen, war nicht erfolgreich. Die Gruppenrichtlinieneinstellungen
dürfen nicht angewendet werden, bis dieses Ereignis behoben ist. Dies ist möglicherweise
ein vorübergehendes Problem, das mindestens eine der folgenden Ursachen haben kann:
a) Namensauflösung/Netzwerkverbindung mit dem aktuellen Domänencontroller. b) Wartezeit
des Dateireplikationsdienstes (eine auf einem anderen Domänencontroller erstellte
Datei hat nicht auf dem aktuellen Domänencontroller repliziert). c) Der DFS-Client
(Distributed File System) wurde deaktiviert.
Error - 08.01.2013 04:57:27 | Computer Name = rimokompas.Kernavetravel.local | Source = Microsoft-Windows-GroupPolicy | ID = 1058
Description = Fehler bei der Verarbeitung der Gruppenrichtlinie. Der Versuch, die
Datei "\\Kernavetravel.local\SysVol\Kernavetravel.local\Policies\{B76660E1-851B-41B3-8D8A-5DA31F1BE3D6}\gpt.ini"
von einem Domänencontroller zu lesen, war nicht erfolgreich. Die Gruppenrichtlinieneinstellungen
dürfen nicht angewendet werden, bis dieses Ereignis behoben ist. Dies ist möglicherweise
ein vorübergehendes Problem, das mindestens eine der folgenden Ursachen haben kann:
a) Namensauflösung/Netzwerkverbindung mit dem aktuellen Domänencontroller. b) Wartezeit
des Dateireplikationsdienstes (eine auf einem anderen Domänencontroller erstellte
Datei hat nicht auf dem aktuellen Domänencontroller repliziert). c) Der DFS-Client
(Distributed File System) wurde deaktiviert.
Error - 08.01.2013 05:28:44 | Computer Name = rimokompas.Kernavetravel.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "8507469drv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 08.01.2013 05:33:15 | Computer Name = rimokompas.Kernavetravel.local | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Internet Manager. OUC erreicht.
Error - 08.01.2013 05:33:15 | Computer Name = rimokompas.Kernavetravel.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 08.01.2013 05:33:16 | Computer Name = rimokompas.Kernavetravel.local | Source = Service Control Manager | ID = 7023
Description = Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet:
%%2147500037
Error - 08.01.2013 05:34:46 | Computer Name = rimokompas.Kernavetravel.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "8507469drv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 08.01.2013 05:56:27 | Computer Name = rimokompas.Kernavetravel.local | Source = Service Control Manager | ID = 7000
Description = Der Dienst "0652292drv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
< End of report >
Defogger: defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:11 on 15/01/2013 (rimas) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Defogger: defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:11 on 15/01/2013 (rimas) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-01-15 15:13:48 ----------------------------- 15:13:48.504 OS Version: Windows x64 6.2.9200 15:13:48.504 Number of processors: 4 586 0x3A09 15:13:48.504 ComputerName: RIMOKOMPAS UserName:XXXXX 15:13:48.584 Initialze error 1 15:13:48.724 AVAST engine defs: 13011500 15:15:00.440 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003b 15:15:00.449 Disk 0 Vendor: Intel___ 1.0. Size: 244200MB BusType: 8 15:15:00.449 Disk 0 MBR read successfully 15:15:00.449 Disk 0 MBR scan 15:15:00.449 Disk 0 unknown MBR code 15:15:00.449 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1 15:15:00.459 Disk 0 scanning C:\Windows\system32\drivers 15:15:00.459 Service scanning 15:15:01.000 Modules scanning 15:15:01.009 Disk 0 trace - called modules: 15:15:01.019 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys 15:15:01.029 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80063d6060] 15:15:01.039 3 CLASSPNP.SYS[fffff880010028aa] -> nt!IofCallDriver -> \Device\0000003b[0xfffffa80058ad060] 15:15:01.079 AVAST engine scan C:\Windows 15:15:01.079 AVAST engine scan C:\Windows\system32 15:15:01.089 AVAST engine scan C:\Windows\system32\drivers 15:15:01.099 AVAST engine scan C:\Users\XXXXX 15:15:01.099 AVAST engine scan C:\ProgramData 15:15:01.109 Scan finished successfully 15:15:12.479 Disk 0 MBR has been saved successfully to "C:\Users\XXXXX\Desktop\MBR.dat" 15:15:12.479 The log file has been saved successfully to "C:\Users\XXXXX\Desktop\aswMBR.txt" |
|
15.01.2013, 19:58
| #2 |
| /// Malware-holic   | ungewollter clickandbuy.info redirect auf Firefox hi
__________________otl.txt ist nicht vollständig, bitte noch mal
__________________ |
|
17.01.2013, 13:16
| #3 |
| | ungewollter clickandbuy.info redirect auf Firefox hier:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 17.01.2013 12:55:35 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XXXX\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16453) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,82 Gb Total Physical Memory | 1,44 Gb Available Physical Memory | 37,82% Memory free 7,69 Gb Paging File | 5,08 Gb Available in Paging File | 66,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 223,99 Gb Total Space | 169,49 Gb Free Space | 75,67% Space Free | Partition Type: NTFS Computer Name: RIMOKOMPAS | User Name: XXXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.15 15:11:18 | 000,050,477 | ---- | M] () -- C:\Users\XXXX\Desktop\Defogger.exe PRC - [2013.01.15 14:31:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XXXX\Downloads\OTL.exe PRC - [2013.01.15 14:06:12 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe PRC - [2013.01.11 16:06:29 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.01.07 20:53:22 | 000,340,992 | ---- | M] () -- C:\ProgramData\Premium\ContinueToSave\ContinueToSave.exe PRC - [2012.12.19 12:23:50 | 000,168,960 | ---- | M] (Adobe Systems) -- C:\Programme\WindowsApps\AdobeSystemsIncorporated.AdobeReader_1.0.7.440_x86__ynb6jyjzte8ga\AdobeReader.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.14 11:57:54 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe PRC - [2012.12.10 13:39:41 | 000,224,096 | ---- | M] () -- C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe PRC - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe PRC - [2012.11.09 01:46:30 | 000,081,536 | ---- | M] (Atheros) -- C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.09.03 04:28:10 | 000,473,712 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe PRC - [2012.09.03 04:28:08 | 001,179,760 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2012.09.03 04:28:08 | 000,348,784 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2012.08.23 20:24:38 | 002,435,728 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe PRC - [2012.08.23 13:02:48 | 000,030,640 | ---- | M] () -- C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe PRC - [2012.08.23 07:24:38 | 000,259,136 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe PRC - [2012.08.23 07:24:10 | 000,533,568 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe PRC - [2012.08.22 14:04:22 | 000,025,232 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe PRC - [2012.08.22 14:04:20 | 000,044,176 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe PRC - [2012.07.17 13:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.07.17 13:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.07.04 09:57:44 | 000,990,320 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe PRC - [2012.06.25 09:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe PRC - [2011.03.14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe ========== Modules (No Company Name) ========== MOD - [2013.01.15 15:11:18 | 000,050,477 | ---- | M] () -- C:\Users\XXXX\Desktop\Defogger.exe MOD - [2013.01.15 14:06:12 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll MOD - [2013.01.15 11:36:26 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.System\14b18e5f71953e0d5cc6b07ea84e1dd3\Windows.System.ni.dll MOD - [2013.01.15 11:36:23 | 000,184,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\118921ebb873649347cd07133eb279f9\Windows.Foundation.ni.dll MOD - [2013.01.15 11:36:22 | 000,693,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Storage\c5b2d981d5022dc6965bb7128f6d3d0c\Windows.Storage.ni.dll MOD - [2013.01.15 11:36:21 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI\61d325f7c7ad311a0c649f373cce828c\Windows.UI.ni.dll MOD - [2013.01.15 11:36:19 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\23528197ae6f38cc0f55b521025800db\Windows.ApplicationModel.ni.dll MOD - [2013.01.15 11:36:17 | 002,861,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\569932625437abf2237ae801efa144eb\Windows.UI.Xaml.ni.dll MOD - [2013.01.11 16:06:29 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.12.19 12:23:51 | 004,038,144 | ---- | M] () -- C:\Programme\WindowsApps\AdobeSystemsIncorporated.AdobeReader_1.0.7.440_x86__ynb6jyjzte8ga\ARComponentDll.dll MOD - [2012.08.23 13:02:48 | 000,034,736 | ---- | M] () -- C:\Program Files (x86)\Acer Incorporated\HID Monitor\ElanTPAPI.dll MOD - [2012.08.23 13:02:48 | 000,030,640 | ---- | M] () -- C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe MOD - [2012.08.23 07:26:10 | 000,465,384 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll MOD - [2012.08.22 14:04:22 | 000,025,232 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe MOD - [2012.08.22 14:04:20 | 000,044,176 | ---- | M] () -- C:\Programme\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe ========== Services (SafeList) ========== SRV:64bit: - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.11.06 05:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.09.20 10:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 07:32:59 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012.09.20 07:32:58 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012.09.20 07:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 07:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.07.26 04:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2012.07.26 04:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 04:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 04:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 04:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 04:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2012.07.26 04:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 04:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 04:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 04:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.07.26 04:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 04:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 04:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 04:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 04:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 04:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 01:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV - [2013.01.11 16:06:29 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.20 17:17:56 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.10 13:39:41 | 000,224,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe -- (Internet Manager. RunOuc) SRV - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Stopped] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2012.11.12 13:34:56 | 000,345,744 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Programme\Acer\Acer Theft Shield\USecuAppSvc.exe -- (USecuAppSvc) SRV - [2012.11.09 16:06:26 | 000,231,040 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc) SRV - [2012.11.09 01:46:30 | 000,081,536 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent) SRV - [2012.11.06 05:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.10.26 17:29:20 | 000,093,296 | ---- | M] (Dritek System INC.) [Auto | Running] -- C:\Windows\RfBtnSvc64.exe -- (RfButtonDriverService) SRV - [2012.09.03 04:28:08 | 000,348,784 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2012.08.31 02:05:10 | 000,028,560 | ---- | M] (ELAN Microelectronics Corp.) [Auto | Running] -- C:\Programme\Elantech\ETDService.exe -- (ETDService) SRV - [2012.08.23 20:24:38 | 002,435,728 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe -- (CCDMonitorService) SRV - [2012.08.23 07:24:38 | 000,259,136 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2012.08.22 19:02:36 | 000,658,576 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Programme\Acer\Acer Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2012.07.26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.17 13:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.07.17 13:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.07.11 19:10:24 | 000,174,160 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service) SRV - [2012.06.25 09:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) SRV - [2012.04.20 13:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.03.14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose64) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.14 13:05:17 | 000,468,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswnet.sys -- (aswnet) DRV:64bit: - [2012.12.20 17:17:55 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.12.10 13:39:41 | 000,421,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ewusbwwan.sys -- (ewusbmbb) DRV:64bit: - [2012.12.10 13:39:41 | 000,221,312 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2012.12.10 13:39:41 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:64bit: - [2012.12.10 13:39:41 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:64bit: - [2012.12.10 13:39:41 | 000,039,552 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\tcpipBM.sys -- (tcpipBM) DRV:64bit: - [2012.12.10 13:39:41 | 000,016,512 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\BMLoad.sys -- (BMLoad) DRV:64bit: - [2012.12.10 13:39:41 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV:64bit: - [2012.11.20 05:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.09 15:44:56 | 000,576,152 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2012.11.09 15:44:52 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2012.11.09 15:44:52 | 000,076,952 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2012.11.09 15:44:50 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2012.11.09 15:44:50 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2012.11.09 15:44:48 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2012.11.09 15:44:48 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2012.11.09 15:44:48 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2012.11.06 08:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2012.11.06 08:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2012.11.06 08:36:14 | 000,096,488 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.11.06 08:35:34 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012.11.06 04:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.10.26 17:47:31 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2012.10.26 17:47:31 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2012.10.26 17:47:31 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2012.10.26 17:29:20 | 000,026,736 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys -- (Ps2Kb2Hid) DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.10.15 01:14:30 | 003,701,760 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr) DRV:64bit: - [2012.10.12 09:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 08:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 08:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.10.11 06:19:44 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2012.09.20 08:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012.09.20 08:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 08:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 08:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012.09.20 08:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 08:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.20 08:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012.09.20 07:09:11 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2012.09.20 07:08:27 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.08.31 02:05:12 | 000,318,864 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD) DRV:64bit: - [2012.07.26 06:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 06:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 06:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 06:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 06:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 06:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 06:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012.07.26 06:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012.07.26 06:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 06:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 06:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 06:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 06:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 06:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 06:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 06:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 06:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 06:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 06:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 05:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 05:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2012.07.26 05:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2012.07.26 04:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 03:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2012.07.26 03:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 03:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 03:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 03:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 03:28:02 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\acpials.sys -- (acpials) DRV:64bit: - [2012.07.26 03:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 03:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 03:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 03:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 03:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 03:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 03:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 03:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 03:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 03:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 03:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 03:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 03:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 03:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 03:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2012.07.26 03:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 03:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 03:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.10 13:43:12 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012.07.07 03:00:46 | 000,104,960 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ax88772.sys -- (AX88772) DRV:64bit: - [2012.07.02 14:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.06.19 16:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.06.14 03:24:00 | 000,252,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2012.06.02 15:31:32 | 000,425,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.05.06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009.05.06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UBHelper.sys -- (UBHelper) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0D74A7F9-096D-4778-A697-43E5C596BB23} IE:64bit: - HKLM\..\SearchScopes\{0D74A7F9-096D-4778-A697-43E5C596BB23}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0D74A7F9-096D-4778-A697-43E5C596BB23} IE - HKLM\..\SearchScopes\{0D74A7F9-096D-4778-A697-43E5C596BB23}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-477488421-3254435502-813908088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com IE - HKU\S-1-5-21-477488421-3254435502-813908088-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-477488421-3254435502-813908088-1001\..\SearchScopes,DefaultScope = {0D74A7F9-096D-4778-A697-43E5C596BB23} IE - HKU\S-1-5-21-477488421-3254435502-813908088-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: FFPDFArchitectConverter%40pdfarchitect.com:1.0 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012.12.20 11:05:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.01.08 14:09:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 16:06:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 16:06:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.04 00:30:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXX\AppData\Roaming\mozilla\Extensions [2012.12.20 17:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\08qv7rb4.default\extensions [2012.12.20 17:07:33 | 000,000,000 | ---D | M] (SaveByclick) -- C:\Users\XXXX\AppData\Roaming\mozilla\Firefox\Profiles\08qv7rb4.default\extensions\50d2e80bd62dc@50d2e80bd6315.com [2012.12.06 16:53:00 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\XXXX\AppData\Roaming\mozilla\firefox\profiles\08qv7rb4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.11 16:06:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.12.20 11:05:38 | 000,000,000 | ---D | M] (PDF Architect Converter For Firefox) -- C:\PROGRAM FILES (X86)\PDF ARCHITECT\FFPDFARCHITECTEXT [2013.01.08 14:09:23 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2013.01.11 16:06:29 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL CHR - Extension: Google Drive = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: SaveByclick = C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcjhfkfjknfpfekfbofpkdffcnenhh\1_0\ CHR - Extension: avast! WebRep = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: Google Mail = C:\Users\XXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.07.26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SaveByclick Class) - {2035EEDB-6A15-0F22-A195-A4B8C0B33F9A} - C:\ProgramData\SaveByclick\50d2e80bd646d.ocx () O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtPreLoad.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [LManager] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.16.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Kernavetravel.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BA6D5BF-C33F-40ED-B644-D1D11EE0356D}: NameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFF489CE-61BA-4514-BB6A-D5035F047992}: DhcpNameServer = 192.168.16.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F309E7FA-E7D6-446D-8530-541FAEA579EB}: DhcpNameServer = 192.51.112.29 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{28d8c3ff-4246-11e2-be7b-6894236f6c1a}\Shell - "" = AutoRun O33 - MountPoints2\{28d8c3ff-4246-11e2-be7b-6894236f6c1a}\Shell\AutoRun\command - "" = "D:\AutoRun.exe" O33 - MountPoints2\{28d8c453-4246-11e2-be7b-6894236f6c1a}\Shell - "" = AutoRun O33 - MountPoints2\{28d8c453-4246-11e2-be7b-6894236f6c1a}\Shell\AutoRun\command - "" = "D:\AutoRun.exe" O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.15 14:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium [2013.01.15 14:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Cloud Software LTD [2013.01.15 14:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.01.15 13:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.01.15 13:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.01.15 13:50:37 | 000,859,552 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.01.15 13:50:37 | 000,780,192 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.01.15 13:50:37 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.01.15 13:50:32 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.15 13:50:32 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.15 13:50:32 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.15 13:50:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.01.14 13:01:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.01.11 16:06:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.10 11:41:40 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptsslp.dll [2013.01.10 11:41:40 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptsslp.dll [2013.01.10 11:41:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll [2013.01.10 11:41:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll [2013.01.10 11:41:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2013.01.10 11:41:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2013.01.10 11:41:22 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.dll [2013.01.10 11:41:21 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.dll [2013.01.10 11:41:21 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\newdev.exe [2013.01.10 11:41:21 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ndadmin.exe [2013.01.10 11:41:21 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\newdev.exe [2013.01.10 11:41:21 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ndadmin.exe [2013.01.10 11:41:18 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.01.10 11:39:41 | 013,640,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll [2013.01.10 11:39:41 | 002,367,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSService.dll [2013.01.10 11:39:36 | 003,265,256 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\evbda.sys [2013.01.10 11:39:33 | 014,259,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2013.01.10 11:39:33 | 010,791,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll [2013.01.10 11:39:30 | 002,397,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WpcMon.exe [2013.01.10 11:39:28 | 003,847,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.01.10 11:39:27 | 011,875,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2013.01.10 11:39:27 | 003,964,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSAT.exe [2013.01.10 11:39:26 | 000,533,224 | ---- | C] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bxvbda.sys [2013.01.10 11:39:25 | 001,513,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vssapi.dll [2013.01.10 11:39:24 | 001,825,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013.01.10 11:39:22 | 002,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.01.10 11:39:22 | 001,739,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RacEngn.dll [2013.01.10 11:39:22 | 001,019,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.dll [2013.01.10 11:39:21 | 001,304,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.Streaming.dll [2013.01.10 11:39:21 | 001,096,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2013.01.10 11:39:21 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\provcore.dll [2013.01.10 11:39:21 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uDWM.dll [2013.01.10 11:39:21 | 000,389,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MMDevAPI.dll [2013.01.10 11:39:20 | 001,146,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcmde.dll [2013.01.10 11:39:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013.01.10 11:39:19 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll [2013.01.10 11:39:18 | 001,145,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll [2013.01.10 11:39:18 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSATAPI.dll [2013.01.10 11:39:16 | 000,995,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.Streaming.dll [2013.01.10 11:39:16 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apphelp.dll [2013.01.10 11:39:15 | 001,590,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.01.10 11:39:15 | 000,709,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsSpellCheckingFacility.dll [2013.01.10 11:39:15 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll [2013.01.10 11:39:15 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IPHLPAPI.DLL [2013.01.10 11:39:14 | 001,743,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\combase.dll [2013.01.10 11:39:14 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll [2013.01.10 11:39:14 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWAHost.exe [2013.01.10 11:39:14 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFPlay.dll [2013.01.10 11:39:13 | 000,866,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinTypes.dll [2013.01.10 11:39:13 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapi.dll [2013.01.10 11:39:12 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UserLanguagesCpl.dll [2013.01.10 11:39:12 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfsrcsnk.dll [2013.01.10 11:39:12 | 000,545,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2013.01.10 11:39:12 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfsvr.dll [2013.01.10 11:39:12 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidcredprov.dll [2013.01.10 11:39:12 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rascfg.dll [2013.01.10 11:39:12 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rascfg.dll [2013.01.10 11:39:11 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS [2013.01.10 11:39:11 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013.01.10 11:39:11 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnprv.dll [2013.01.10 11:39:11 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcdsrv.dll [2013.01.10 11:39:10 | 001,400,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\propsys.dll [2013.01.10 11:39:10 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VAN.dll [2013.01.10 11:39:10 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll [2013.01.10 11:39:10 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinSATAPI.dll [2013.01.10 11:39:09 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe [2013.01.10 11:39:09 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fveapibase.dll [2013.01.10 11:39:09 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSClient.dll [2013.01.10 11:39:08 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll [2013.01.10 11:39:08 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appwiz.cpl [2013.01.10 11:39:08 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll [2013.01.10 11:39:08 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bisrv.dll [2013.01.10 11:39:08 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psmsrv.dll [2013.01.10 11:39:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhengine.dll [2013.01.10 11:39:07 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsutil.dll [2013.01.10 11:39:07 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSSync.dll [2013.01.10 11:39:07 | 000,028,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys [2013.01.10 11:39:06 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appwiz.cpl [2013.01.10 11:39:06 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWAHost.exe [2013.01.10 11:39:06 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFPlay.dll [2013.01.10 11:39:06 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSClient.dll [2013.01.10 11:39:06 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSSync.dll [2013.01.10 11:39:06 | 000,120,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpioclx.sys [2013.01.10 11:39:06 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PackageStateRoaming.dll [2013.01.10 11:39:05 | 001,369,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RacEngn.dll [2013.01.10 11:39:05 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpncore.dll [2013.01.10 11:39:05 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmredir.dll [2013.01.10 11:39:04 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.BackgroundTransfer.dll [2013.01.10 11:39:04 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ProximityService.dll [2013.01.10 11:39:04 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TpmTasks.dll [2013.01.10 11:39:03 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\provcore.dll [2013.01.10 11:39:03 | 000,256,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvproc.dll [2013.01.10 11:39:03 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PackageStateRoaming.dll [2013.01.10 11:39:03 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll [2013.01.10 11:39:02 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinapi.dll [2013.01.10 11:39:02 | 000,027,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\avrt.dll [2013.01.10 11:39:01 | 001,247,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\combase.dll [2013.01.10 11:39:01 | 000,480,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VAN.dll [2013.01.10 11:39:01 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfsrcsnk.dll [2013.01.10 11:39:01 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\microsoft-windows-kernel-power-events.dll [2013.01.10 11:39:01 | 000,062,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpfve.sys [2013.01.10 11:39:00 | 002,016,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\batmeter.dll [2013.01.10 11:39:00 | 002,007,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\batmeter.dll [2013.01.10 11:39:00 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UserLanguagesCpl.dll [2013.01.10 11:39:00 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.01.10 11:39:00 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys [2013.01.10 11:38:59 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WinTypes.dll [2013.01.10 11:38:59 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.01.10 11:38:59 | 000,212,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UCX01000.SYS [2013.01.10 11:38:59 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncHost.exe [2013.01.10 11:38:59 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfdisk.dll [2013.01.10 11:38:58 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfsvr.dll [2013.01.10 11:38:58 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfdisk.dll [2013.01.10 11:38:58 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\svchost.exe [2013.01.10 11:38:57 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlidcredprov.dll [2013.01.10 11:38:57 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhevents.dll [2013.01.10 11:38:56 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll [2013.01.10 11:38:56 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll [2013.01.10 11:38:55 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.10 11:38:54 | 000,437,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfh264enc.dll [2013.01.10 11:38:54 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvproc.dll [2013.01.10 11:38:54 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncHost.exe [2013.01.10 11:38:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfnet.dll [2013.01.10 11:38:53 | 000,699,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinapi.dll [2013.01.10 11:38:53 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpksetup.exe [2013.01.10 11:38:53 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfh264enc.dll [2013.01.10 11:38:53 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevPropMgr.dll [2013.01.10 11:38:53 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwm.exe [2013.01.10 11:38:52 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe [2013.01.10 11:38:51 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhcfg.dll [2013.01.10 11:38:51 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvinst.exe [2013.01.10 11:38:50 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.01.10 11:38:50 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DAFWSD.dll [2013.01.10 11:38:49 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.01.10 11:38:49 | 001,701,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.01.10 11:38:49 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfos.dll [2013.01.10 11:38:49 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsrchapi.dll [2013.01.10 11:38:49 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfnet.dll [2013.01.10 11:38:48 | 000,588,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2013.01.10 11:38:48 | 000,417,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2013.01.10 11:38:48 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhcat.dll [2013.01.10 11:38:48 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll [2013.01.10 11:38:48 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll [2013.01.10 11:38:48 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CscMig.dll [2013.01.10 11:38:48 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsvc.dll [2013.01.10 11:38:47 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2013.01.10 11:38:47 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpremove.exe [2013.01.10 11:38:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhmanagew.exe [2013.01.10 11:38:46 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhshl.dll [2013.01.10 11:38:46 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasdiag.dll [2013.01.10 11:38:46 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhlisten.dll [2013.01.10 11:38:46 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasdiag.dll [2013.01.10 11:38:46 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013.01.10 11:38:46 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013.01.10 11:38:45 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vsstrace.dll [2013.01.10 11:38:45 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsrchph.dll [2013.01.10 11:38:45 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhcleanup.dll [2013.01.10 11:38:44 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhtask.dll [2013.01.10 11:38:44 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sdbinst.exe [2013.01.10 11:38:44 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vdsldr.exe [2013.01.10 11:38:44 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sdbinst.exe [2013.01.10 11:38:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ndptsp.tsp [2013.01.10 11:38:43 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasmxs.dll [2013.01.10 11:38:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasmxs.dll [2013.01.10 11:38:42 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhautoplay.dll [2013.01.10 11:38:42 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ndptsp.tsp [2013.01.10 11:38:42 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfctrs.dll [2013.01.10 11:38:42 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rasser.dll [2013.01.10 11:38:41 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfctrs.dll [2013.01.10 11:38:41 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perfproc.dll [2013.01.10 11:38:41 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfproc.dll [2013.01.10 11:38:41 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perfos.dll [2013.01.10 11:38:41 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rasser.dll [2013.01.10 11:38:40 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kmddsp.tsp [2013.01.10 11:38:40 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\kmddsp.tsp [2013.01.10 11:38:40 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2013.01.10 11:38:40 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fhsvcctl.dll [2013.01.10 11:38:39 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vds_ps.dll [2013.01.10 11:38:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vds_ps.dll [2013.01.10 11:38:39 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LangCleanupSysprepAction.dll [2013.01.10 11:38:39 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eventcls.dll [2013.01.10 11:38:39 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eventcls.dll [2013.01.10 11:38:38 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MUILanguageCleanup.dll [2013.01.10 11:38:38 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll [2013.01.10 11:38:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll [2013.01.10 11:38:38 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpksetupproxyserv.dll [2013.01.10 11:38:38 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shimeng.dll [2013.01.10 11:38:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx [2013.01.10 11:38:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll [2013.01.10 11:38:38 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx [2013.01.10 11:38:38 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll [2013.01.10 11:38:37 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.01.10 11:38:37 | 000,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys [2013.01.10 11:38:37 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthhfHid.sys [2013.01.10 11:38:37 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BtaMPM.sys [2013.01.10 11:38:36 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2013.01.10 11:38:36 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2013.01.09 13:30:10 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\PDF Architect [2013.01.08 14:09:36 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.01.08 14:09:36 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013.01.08 14:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.01.08 14:09:35 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.01.08 14:09:35 | 000,468,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswnet.sys [2013.01.08 14:09:35 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013.01.08 14:09:34 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.01.08 14:09:34 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013.01.08 14:09:14 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013.01.08 14:09:13 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2013.01.08 14:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.01.08 14:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013.01.04 18:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\WoW Worldwide Software LTD [2013.01.04 18:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2013.01.04 18:16:21 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes [2013.01.04 18:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.04 18:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.04 18:15:55 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.04 18:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.21 14:54:35 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.21 14:54:35 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.21 14:54:35 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.21 14:54:35 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.21 14:47:06 | 000,000,000 | -H-D | C] -- C:\Users\XXXX\Desktop\daten [2012.12.20 17:17:56 | 000,509,984 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe [2012.12.20 17:17:56 | 000,441,888 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe [2012.12.20 17:17:56 | 000,440,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc [2012.12.20 17:17:56 | 000,439,808 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc [2012.12.20 17:17:56 | 000,439,808 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc [2012.12.20 17:17:56 | 000,439,296 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc [2012.12.20 17:17:56 | 000,439,296 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrom.lrc [2012.12.20 17:17:56 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc [2012.12.20 17:17:56 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc [2012.12.20 17:17:56 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc [2012.12.20 17:17:56 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc [2012.12.20 17:17:56 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc [2012.12.20 17:17:56 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhrv.lrc [2012.12.20 17:17:56 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc [2012.12.20 17:17:56 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc [2012.12.20 17:17:56 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc [2012.12.20 17:17:56 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc [2012.12.20 17:17:56 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc [2012.12.20 17:17:56 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc [2012.12.20 17:17:56 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc [2012.12.20 17:17:56 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc [2012.12.20 17:17:56 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc [2012.12.20 17:17:56 | 000,437,248 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc [2012.12.20 17:17:56 | 000,437,248 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc [2012.12.20 17:17:56 | 000,435,712 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc [2012.12.20 17:17:56 | 000,435,712 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc [2012.12.20 17:17:56 | 000,432,128 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc [2012.12.20 17:17:56 | 000,431,104 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc [2012.12.20 17:17:56 | 000,429,056 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc [2012.12.20 17:17:56 | 000,428,544 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc [2012.12.20 17:17:56 | 000,410,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll [2012.12.20 17:17:56 | 000,330,240 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll [2012.12.20 17:17:56 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc [2012.12.20 17:17:56 | 000,277,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012.12.20 17:17:56 | 000,252,448 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe [2012.12.20 17:17:56 | 000,241,664 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\IntelOpenCL64.dll [2012.12.20 17:17:56 | 000,195,584 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\IntelOpenCL32.dll [2012.12.20 17:17:56 | 000,171,040 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe [2012.12.20 17:17:56 | 000,142,336 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll [2012.12.20 17:17:56 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl [2012.12.20 17:17:56 | 000,116,224 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2867.dll [2012.12.20 17:17:56 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll [2012.12.20 17:17:55 | 027,664,896 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igdrcl64.dll [2012.12.20 17:17:55 | 027,643,904 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdrcl32.dll [2012.12.20 17:17:55 | 027,438,080 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igdfcl64.dll [2012.12.20 17:17:55 | 021,818,368 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdfcl32.dll [2012.12.20 17:17:55 | 011,040,256 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumd32.dll [2012.12.20 17:17:55 | 005,343,584 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys [2012.12.20 17:17:55 | 003,582,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igdbcl64.dll [2012.12.20 17:17:54 | 011,595,776 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\ig7icd64.dll [2012.12.20 17:17:54 | 008,579,584 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\ig7icd32.dll [2012.12.20 17:17:54 | 005,903,392 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe [2012.12.20 17:17:54 | 002,899,968 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdbcl32.dll [2012.12.20 17:17:54 | 000,399,392 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe [2012.12.20 17:17:54 | 000,185,376 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\difx64.exe [2012.12.20 17:17:54 | 000,173,568 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll [2012.12.20 11:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveByclick [2012.12.20 11:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveByclick [2012.12.20 11:05:41 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\APP_NAME_NON_STRING [2012.12.20 11:05:40 | 000,000,000 | ---D | C] -- C:\Users\XXXX\Documents\PDF Architect Files [2012.12.20 11:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect [2012.12.20 11:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect [2012.12.20 11:05:33 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\pdfforge [2012.12.20 11:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.12.20 11:05:27 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX [2012.12.20 11:05:27 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX [2012.12.20 11:05:27 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2012.12.20 11:05:27 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.12.20 11:05:26 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL [2012.12.20 11:05:26 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL [2012.12.20 11:05:26 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL [2012.12.20 11:05:25 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2012.12.20 11:05:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.12.20 11:04:50 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Programs [2012.12.20 08:40:46 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\clear.fi [2012.12.19 14:20:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros [2012.12.19 14:20:02 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Roaming\Atheros [2012.12.19 14:12:02 | 000,135,832 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_rcp.sys [2012.12.19 14:12:01 | 000,178,840 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_hcrp.sys [2012.12.19 14:12:01 | 000,076,952 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_lwflt.sys [2012.12.19 14:12:00 | 000,576,152 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btfilter.sys [2012.12.19 14:12:00 | 000,344,216 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_a2dp.sys [2012.12.19 14:12:00 | 000,114,840 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_avdt.sys [2012.12.19 14:12:00 | 000,088,728 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_flt.sys [2012.12.19 14:11:59 | 000,033,944 | ---- | C] (Qualcomm Atheros) -- C:\Windows\SysNative\drivers\btath_bus.sys [2012.12.19 14:11:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\QCA_Bluetooth [2012.12.19 12:12:55 | 000,000,000 | ---D | C] -- C:\Users\XXXX\AppData\Local\Diagnostics [2012.12.19 10:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.12.19 10:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2012.12.19 10:46:02 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.12.19 10:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services [2012.12.19 10:44:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2012.12.19 10:43:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012.12.19 10:43:47 | 000,000,000 | RH-D | C] -- C:\MSOCache ========== Files - Modified Within 30 Days ========== [2013.01.17 12:01:59 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.17 12:01:59 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.17 10:32:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.16 16:44:37 | 000,047,198 | ---- | M] () -- C:\Users\XXXX\Desktop\mokejimai.pdf [2013.01.15 15:15:12 | 000,000,512 | ---- | M] () -- C:\Users\XXX\Desktop\MBR.dat [2013.01.15 15:11:18 | 000,050,477 | ---- | M] () -- C:\Users\XXXX\Desktop\Defogger.exe [2013.01.15 15:08:44 | 000,000,000 | ---- | M] () -- C:\Users\XXXX\defogger_reenable [2013.01.15 14:26:22 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\{96E03AE8-689B-4D4A-8F77-3AF7F8F0E77D}.job [2013.01.15 13:50:28 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.01.15 13:50:28 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.01.15 13:50:28 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.01.15 13:50:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.15 13:50:28 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.15 13:50:28 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.15 10:58:16 | 001,754,016 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.15 10:58:16 | 000,756,644 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.15 10:58:16 | 000,713,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.15 10:58:16 | 000,156,836 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.15 10:58:16 | 000,133,458 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.14 14:50:49 | 000,002,219 | ---- | M] () -- C:\Users\XXXX\Desktop\Google Chrome.lnk [2013.01.14 14:49:50 | 000,430,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.14 14:49:48 | 3281,010,688 | -HS- | M] () -- C:\hiberfil.sys [2013.01.14 14:49:48 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.01.14 13:05:17 | 000,468,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswnet.sys [2013.01.14 13:05:17 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswnet.sys.sum [2013.01.14 13:01:38 | 983,446,652 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.01.08 14:09:36 | 000,001,962 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.01.08 14:09:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64 [2012.12.21 14:42:34 | 000,016,276 | ---- | M] () -- C:\Windows\SysNative\results.xml [2012.12.20 17:17:56 | 012,604,416 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll [2012.12.20 17:17:56 | 011,040,256 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igdumd32.dll [2012.12.20 17:17:56 | 009,007,616 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll [2012.12.20 17:17:56 | 000,598,780 | ---- | M] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.12.20 17:17:56 | 000,598,780 | ---- | M] () -- C:\Windows\SysNative\igvpkrng700.bin [2012.12.20 17:17:56 | 000,509,984 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe [2012.12.20 17:17:56 | 000,441,888 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe [2012.12.20 17:17:56 | 000,441,856 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll [2012.12.20 17:17:56 | 000,440,320 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc [2012.12.20 17:17:56 | 000,439,808 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc [2012.12.20 17:17:56 | 000,439,808 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc [2012.12.20 17:17:56 | 000,439,296 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc [2012.12.20 17:17:56 | 000,439,296 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrrom.lrc [2012.12.20 17:17:56 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc [2012.12.20 17:17:56 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc [2012.12.20 17:17:56 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc [2012.12.20 17:17:56 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc [2012.12.20 17:17:56 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc [2012.12.20 17:17:56 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrhrv.lrc [2012.12.20 17:17:56 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc [2012.12.20 17:17:56 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc [2012.12.20 17:17:56 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc [2012.12.20 17:17:56 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc [2012.12.20 17:17:56 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc [2012.12.20 17:17:56 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc [2012.12.20 17:17:56 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc [2012.12.20 17:17:56 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc [2012.12.20 17:17:56 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc [2012.12.20 17:17:56 | 000,437,248 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc [2012.12.20 17:17:56 | 000,437,248 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc [2012.12.20 17:17:56 | 000,435,712 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc [2012.12.20 17:17:56 | 000,435,712 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc [2012.12.20 17:17:56 | 000,432,128 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc [2012.12.20 17:17:56 | 000,431,104 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc [2012.12.20 17:17:56 | 000,429,056 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc [2012.12.20 17:17:56 | 000,428,544 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc [2012.12.20 17:17:56 | 000,410,624 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll [2012.12.20 17:17:56 | 000,386,048 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll [2012.12.20 17:17:56 | 000,330,240 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll [2012.12.20 17:17:56 | 000,286,208 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc [2012.12.20 17:17:56 | 000,277,024 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012.12.20 17:17:56 | 000,252,448 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe [2012.12.20 17:17:56 | 000,241,664 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\IntelOpenCL64.dll [2012.12.20 17:17:56 | 000,195,584 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\IntelOpenCL32.dll [2012.12.20 17:17:56 | 000,171,040 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe [2012.12.20 17:17:56 | 000,142,336 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll [2012.12.20 17:17:56 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl [2012.12.20 17:17:56 | 000,116,224 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2867.dll [2012.12.20 17:17:56 | 000,063,488 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll [2012.12.20 17:17:56 | 000,028,672 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll [2012.12.20 17:17:56 | 000,025,088 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll [2012.12.20 17:17:56 | 000,017,058 | ---- | M] () -- C:\Windows\SysNative\iglhxs64.vp [2012.12.20 17:17:56 | 000,009,728 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll [2012.12.20 17:17:55 | 027,664,896 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igdrcl64.dll [2012.12.20 17:17:55 | 027,643,904 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igdrcl32.dll [2012.12.20 17:17:55 | 027,438,080 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igdfcl64.dll [2012.12.20 17:17:55 | 021,818,368 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igdfcl32.dll [2012.12.20 17:17:55 | 005,343,584 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys [2012.12.20 17:17:55 | 003,582,976 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igdbcl64.dll [2012.12.20 17:17:55 | 002,899,968 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igdbcl32.dll [2012.12.20 17:17:55 | 000,080,384 | ---- | M] () -- C:\Windows\SysNative\igdde64.dll [2012.12.20 17:17:55 | 000,064,512 | ---- | M] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.20 17:17:54 | 012,836,864 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll [2012.12.20 17:17:54 | 011,595,776 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\ig7icd64.dll [2012.12.20 17:17:54 | 011,158,528 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igd10umd32.dll [2012.12.20 17:17:54 | 008,579,584 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\ig7icd32.dll [2012.12.20 17:17:54 | 005,903,392 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe [2012.12.20 17:17:54 | 000,755,048 | ---- | M] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.12.20 17:17:54 | 000,755,048 | ---- | M] () -- C:\Windows\SysNative\igcodeckrng700.bin [2012.12.20 17:17:54 | 000,399,392 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe [2012.12.20 17:17:54 | 000,185,376 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\difx64.exe [2012.12.20 17:17:54 | 000,173,568 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll [2012.12.20 17:17:54 | 000,110,592 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll [2012.12.20 11:05:42 | 000,000,997 | ---- | M] () -- C:\Users\XXXX\Desktop\PDF Architect.lnk [2012.12.20 11:05:33 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.12.19 00:32:58 | 000,695,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.19 00:32:58 | 000,080,728 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013.01.15 15:15:12 | 000,000,512 | ---- | C] () -- C:\Users\XXXX\Desktop\MBR.dat [2013.01.15 15:11:18 | 000,050,477 | ---- | C] () -- C:\Users\XXXX\Desktop\Defogger.exe [2013.01.15 15:08:44 | 000,000,000 | ---- | C] () -- C:\Users\XXXX\defogger_reenable [2013.01.15 14:26:22 | 000,000,414 | -H-- | C] () -- C:\Windows\tasks\{96E03AE8-689B-4D4A-8F77-3AF7F8F0E77D}.job [2013.01.14 14:49:49 | 000,430,072 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.14 13:05:18 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswnet.sys.sum [2013.01.14 13:01:38 | 983,446,652 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.01.10 11:38:44 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll [2013.01.10 11:38:44 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2013.01.08 14:09:36 | 000,001,962 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.01.08 14:09:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\HOTELBEDS STATEMENT 1 GBP.pdf [2012.12.20 17:17:56 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.12.20 17:17:56 | 000,598,780 | ---- | C] () -- C:\Windows\SysNative\igvpkrng700.bin [2012.12.20 17:17:56 | 000,017,058 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp [2012.12.20 17:17:56 | 000,009,728 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll [2012.12.20 17:17:55 | 000,080,384 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll [2012.12.20 17:17:55 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.20 17:17:54 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.12.20 17:17:54 | 000,755,048 | ---- | C] () -- C:\Windows\SysNative\igcodeckrng700.bin [2012.12.20 11:05:42 | 000,000,997 | ---- | C] () -- C:\Users\XXXX\Desktop\PDF Architect.lnk [2012.12.20 11:05:33 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.12.14 12:00:37 | 001,774,862 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.14 11:53:36 | 000,007,300 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.10.27 03:13:08 | 000,000,280 | ---- | C] () -- C:\Windows\LaunApp.ini [2012.10.27 03:09:30 | 000,001,519 | ---- | C] () -- C:\Windows\WPatchProgress.ini [2012.10.27 03:09:30 | 000,000,223 | ---- | C] () -- C:\Windows\WisLangCode.ini [2012.10.26 17:25:27 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2012.08.29 23:55:14 | 000,000,460 | ---- | C] () -- C:\Windows\Prelaunch.ini [2012.08.29 23:55:14 | 000,000,395 | ---- | C] () -- C:\Windows\WisPriority.ini [2012.07.26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.07.25 21:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012.07.25 21:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012.06.02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012.04.20 12:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.11.06 05:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.11.06 05:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.20 11:05:41 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\APP_NAME_NON_STRING [2012.12.04 00:23:51 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\lm [2013.01.09 13:32:42 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\PDF Architect [2012.12.20 11:05:33 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\pdfforge [2012.12.10 13:40:02 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\T-Mobile [2012.12.06 05:35:41 | 000,000,000 | ---D | M] -- C:\Users\XXXX\AppData\Roaming\WildTangent ========== Purity Check ========== < End of report > |
|
17.01.2013, 15:00
| #4 |
| /// Malware-holic | ungewollter clickandbuy.info redirect auf Firefox hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu ungewollter clickandbuy.info redirect auf Firefox |
| ausspioniert, classpnp.sys, cloud, continue, cpu, error, excel, fehler, firefox, flash player, format, geliefert, google, gruppe, hal.dll, homepage, iexplore.exe, install.exe, installation, internet, internet explorer, launch, logfile, mozilla, realtek, redirect clickandcompare.info trojaner, registry, rundll, scan, security, software, system, system error, unknown mbr, visual studio, windows |
Linear-Darstellung
