| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Infizierte Dateiobjekte in der RegistryWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.01.2013, 10:02
| #1 |
 |  Infizierte Dateiobjekte in der Registry Hallo, bei einem scan mit anti-malwarebytes wurde folgendes gefunden: Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig (Windows.Tool.Disabled) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. Entfernen hat nicht funktioniert. Beim nächsten Scan war die gleiche Meldung wieder da. Ein Scan mit Avira und Ad-Aware hat keine Ergebnisse gebracht. Was kann ich tun?  Im Anhang der logfile von anti-malwarebytes und eine Liste meiner Programme über CCleaner. Ich hoffe, mir kann jemand weiterhelfen? Danke und Grüße Jasmina Anhang 49013 Anhang 49014 |
|
21.01.2013, 12:33
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Infizierte Dateiobjekte in der Registry Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
23.01.2013, 10:59
| #3 |
| | Infizierte Dateiobjekte in der Registry Hallo und vielen Dank für deine Antwort und Hilfe. Ja,ich habe noch andere logfiles und zwar von Malwarebytes und eset-online scanner.
__________________Viele Grüße, Jasmina Code:
ATTFilter Jasmina :: NICOJAS-PC [Administrator]
21.01.2013 10:15:16
MBAM-log-2013-01-21 (11-04-11).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen:
Durchsuchte Objekte: 519287
Laufzeit: 47 Minute(n), 8 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig (Windows.Tool.Disabled) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
(Ende)
Code:
ATTFilter C:\Windows\SysWOW64\drivers\mchccinj.sys Win32/MCH Anwendung
C:\Windows\SysWOW64\wdrv\wdrvccin.bin Win32/MCH Anwendung
C:\Program Files\Adaware_Installer_10.4.49.exe Win32/OpenCandy Anwendung gelöscht - in Quarantäne kopiert
C:\Program Files\FreeYouTubetoiPodConverter.exe Win32/OpenCandy Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
C:\Program Files\FreeYouTubetoMP3Converter.exe Win32/OpenCandy Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
C:\Program Files\kisi2012.exe Win32/MCH Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
C:\Program Files\VideoConverterSDM.exe Variante von Win32/SweetIM.C Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
C:\Program Files (x86)\kisi2011.exe Win32/MCH Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
C:\Program Files (x86)\kisi2012.exe Win32/MCH Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\Jasmina.NICOJAS-PC\Desktop\Sammel Dokumente\Scan Ergebnisse\Adaware_Installer_10.3.45.exe Win32/OpenCandy Anwendung gelöscht - in Quarantäne kopiert
C:\Users\Nico.NICOJAS-PC\Downloads\FreeYouTubeToMP3Converter31124.exe Win32/OpenCandy Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
C:\Windows\System32\drivers\mchccinj.sys Win32/MCH Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
C:\Windows\System32\wdrv\wdrvccin.bin Win32/MCH Anwendung Gesäubert durch Löschen - in Quarantäne kopiert
Code:
ATTFilter [rename]
c:\tempjunk5131.tmp=C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}\ARPPRODUCTICON.exe
nul=c:\tempjunk5344.tmp
c:\tempjunk1937.tmp=C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\Mozilla\Firefox\Profiles\zd0m12fn.default\searchplugins\sweetim.xml
c:\tempjunk3108.tmp=C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}\ARPPRODUCTICON.exe
c:\tempjunk7510.tmp=C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\Mozilla\Firefox\Profiles\zd0m12fn.default\searchplugins\sweetim.xml
c:\tempjunk1033.tmp=C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}\ARPPRODUCTICON.exe
c:\tempjunk5011.tmp=C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\Mozilla\Firefox\Profiles\zd0m12fn.default\searchplugins\sweetim.xml
c:\tempjunk4408.tmp=C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}\ARPPRODUCTICON.exe
c:\tempjunk6417.tmp=C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\Mozilla\Firefox\Profiles\zd0m12fn.default\searchplugins\sweetim.xml
c:\tempjunk5344.tmp=C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}\ARPPRODUCTICON.exe
Geändert von Rheingold (23.01.2013 um 11:34 Uhr) |
|
23.01.2013, 14:23
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Dateiobjekte in der Registry Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.01.2013, 16:42
| #5 |
| | Infizierte Dateiobjekte in der Registry Okay, mache ich. Beim otl scan kam bei mir nur eine datei/logfile. Oder seh ich das falsch? Poste ich hier. Grüße, Jasmina Code:
ATTFilter OTL logfile created on: 23.01.2013 15:54:38 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jasmina.NICOJAS-PC\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 51,11% Memory free 7,79 Gb Paging File | 5,50 Gb Available in Paging File | 70,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 265,66 Gb Total Space | 80,75 Gb Free Space | 30,40% Space Free | Partition Type: NTFS Drive D: | 200,00 Gb Total Space | 199,73 Gb Free Space | 99,87% Space Free | Partition Type: NTFS Computer Name: NICOJAS-PC | User Name: Jasmina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jasmina.NICOJAS-PC\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe () PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () PRC - D:\Tobit Radio.fx\Server\rfx-server.exe () PRC - C:\Windows\tray\wintmr.exe (Salfeld Computer) PRC - C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer) PRC - C:\Windows\SysWOW64\ccsync.exe (Salfeld Computer) PRC - C:\Windows\SysWOW64\cchservice.exe (Salfeld Computer) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll () MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia) SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Radio.fx) -- D:\Tobit Radio.fx\Server\rfx-server.exe () SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (ksupmgr) -- C:\Windows\SysWOW64\ksupmgr.exe (Salfeld Computer) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (HPub4DE3) -- C:\Windows\SysNative\drivers\HPub4DE3.sys (TPMX Electronics Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HPMo4DE3) -- C:\Windows\SysNative\drivers\HPMo4DE3.sys (TPMX Electronics Ltd.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (AVer7231_x64) -- C:\Windows\SysNative\drivers\AVer7231_x64.sys (AVerMedia TECHNOLOGIES, Inc.) DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481020&SSPV=IEOB12 IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 71 C1 6B 32 28 28 CD 01 [binary data] IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=413&sr=0&q={searchTerms} IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\..\SearchScopes\{DA35B54C-95B6-458E-9DF6-049E661E9F57}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NCH2&o=APN10013&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ACC&apn_dtid=^YYYYYY^YY^DE&apn_uid=419c7e26-339c-4d26-a298-3fa1e007def9&apn_sauid=00B8BEDE-E5ED-4356-9B52-D9ED2B658C14 IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..CT2269050.browser.search.defaultthis.engineName: true FF - prefs.js..CT2481020.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ashampoo DE Customized Web Search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: %7B34712C68-7391-4c47-94F3-8F88D49AD632%7D:1.3.0 FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.94.0 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?barid={FCC484FC-37F0-11E2-A636-BC77376D1A7C}&src=2&crg=3.09010003&q=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npcortona.dll (ParallelGraphics) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012.12.22 10:27:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.21 12:13:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 12:34:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 15:07:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.01.09 15:07:35 | 000,000,000 | ---D | M] [2012.05.20 09:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\Extensions [2013.01.14 08:34:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\Firefox\Profiles\zd0m12fn.default\extensions [2013.01.14 08:34:21 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\Firefox\Profiles\zd0m12fn.default\extensions\2020Player_IKEA@2020Technologies.com [2012.11.08 11:39:07 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\Firefox\Profiles\zd0m12fn.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012.02.25 12:43:49 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\firefox\profiles\zd0m12fn.default\extensions\personas@christopher.beard.xpi [2012.12.12 11:21:18 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\firefox\profiles\zd0m12fn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.09.26 15:56:22 | 000,002,343 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\firefox\profiles\zd0m12fn.default\searchplugins\askcom.xml [2012.11.01 14:48:38 | 000,000,915 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\firefox\profiles\zd0m12fn.default\searchplugins\conduit.xml [2012.09.27 10:04:27 | 000,001,028 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\firefox\profiles\zd0m12fn.default\searchplugins\dvdvideosofttb-customized-web-search.xml [2012.05.16 20:15:43 | 000,002,515 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\firefox\profiles\zd0m12fn.default\searchplugins\Search_Results.xml [2013.01.19 12:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.01.19 12:34:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.12.22 10:27:36 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT [2013.01.19 12:34:37 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.08.14 16:49:30 | 000,171,136 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2012.12.22 10:27:18 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.16 20:15:43 | 000,002,515 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - homepage: hxxp://www.google.com/ CHR - Extension: YouTube = C:\Users\Jasmina.NICOJAS-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Jasmina.NICOJAS-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Jasmina.NICOJAS-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Google Mail = C:\Users\Jasmina.NICOJAS-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer) O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe File not found O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\.DEFAULT..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKU\S-1-5-18..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Jasmina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Nico.NICOJAS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Nico.NICOJAS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Nico.NICOJAS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1 O7 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0 O7 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FE6BAC3-E33E-46EB-8477-B5A8961B8F76}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.23 15:51:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jasmina.NICOJAS-PC\Desktop\OTL.exe [2013.01.23 14:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2013.01.23 14:14:20 | 003,137,416 | ---- | C] (Secunia) -- C:\Program Files\PSISetup6001.exe [2013.01.23 07:43:56 | 000,000,000 | ---D | C] -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Lernen Nico [2013.01.21 12:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars [2013.01.21 12:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2013.01.21 09:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.01.20 17:37:17 | 000,000,000 | ---D | C] -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Antivirus Logs etc [2013.01.19 16:22:17 | 004,178,040 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup326.exe [2013.01.19 16:16:26 | 000,000,000 | ---D | C] -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\Avira [2013.01.19 16:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.01.19 16:12:28 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.01.19 16:12:28 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.01.19 16:12:28 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.01.19 16:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.01.19 16:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.01.19 12:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.18 09:13:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.18 09:13:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.18 09:13:07 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.16 16:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Definitions [2013.01.16 16:42:12 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.01.15 12:06:17 | 000,000,000 | ---D | C] -- C:\Users\Jasmina.NICOJAS-PC\Desktop\France [2013.01.14 08:43:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\20-20 Technologies [2013.01.10 08:31:56 | 020,151,664 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 18.0.exe [2013.01.09 15:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.01.09 06:39:45 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.09 06:39:45 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.09 06:39:33 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.09 06:39:31 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.09 06:39:20 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.09 06:39:20 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.09 06:39:20 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.09 06:39:20 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.09 06:39:20 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.09 06:39:20 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.09 06:39:20 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.09 06:39:20 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.09 06:39:20 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.09 06:39:20 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.09 06:39:20 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.09 06:39:20 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.09 06:39:20 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.09 06:39:20 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.09 06:39:20 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.09 06:39:20 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.09 06:39:20 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.09 06:39:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.09 06:39:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.09 06:39:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.09 06:39:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.09 06:39:20 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.09 06:39:20 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.09 06:39:19 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.09 06:39:19 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.09 06:39:18 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.09 06:39:18 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.09 06:39:18 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.09 06:39:18 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.09 06:39:18 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.09 06:39:18 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.09 06:39:18 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.09 06:38:46 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.09 06:38:46 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.09 06:38:45 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.09 06:38:45 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.09 06:38:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.09 06:38:45 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.09 06:38:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.09 06:38:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.09 06:38:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.09 06:38:45 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.09 06:38:45 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.09 06:38:45 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.09 06:38:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.09 06:38:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 06:38:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.09 06:38:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.09 06:38:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 06:38:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 06:38:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 06:38:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.09 06:38:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.09 06:38:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.09 06:38:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.09 06:38:16 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.06 11:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak [2013.01.06 11:43:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\kodak [2013.01.06 11:42:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2013.01.06 11:35:42 | 010,000,984 | ---- | C] (Eastman Kodak Company) -- C:\Program Files\aio_install.exe [2013.01.04 08:37:05 | 000,000,000 | ---D | C] -- C:\Users\Jasmina.NICOJAS-PC\AppData\Local\Programs [2012.12.25 11:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Sports [2012.12.25 11:30:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Sports [2012.12.22 10:27:43 | 000,016,384 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\wmdmhelper.dll [2012.12.22 10:27:42 | 001,115,376 | ---- | C] (Gracenote) -- C:\Program Files\cddbmusicid.dll [2012.12.22 10:27:42 | 000,943,344 | ---- | C] (Gracenote) -- C:\Program Files\cddblink.dll [2012.12.22 10:27:42 | 000,641,536 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjbres.dll [2012.12.22 10:27:42 | 000,370,176 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjdlg.dll [2012.12.22 10:27:42 | 000,139,264 | ---- | C] (Inner Media, Inc.) -- C:\Program Files\dunzip32.dll [2012.12.22 10:27:42 | 000,045,568 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\ierjplug.dll [2012.12.22 10:27:42 | 000,031,232 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjprog.dll [2012.12.22 10:27:42 | 000,008,704 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\fixrjb.exe [2012.12.22 10:27:41 | 002,041,072 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\cddbcontrol.dll [2012.12.22 10:27:41 | 000,073,216 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tsasdk.dll [2012.12.22 10:27:41 | 000,044,544 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\mmcdda32.dll [2012.12.22 10:27:41 | 000,022,528 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tnetdtct.dll [2012.12.22 10:27:40 | 009,159,680 | ---- | C] (MediaArea.net) -- C:\Program Files\mediainfo.dll [2012.12.22 10:27:40 | 000,389,272 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realcleaner.exe [2012.12.22 10:27:40 | 000,056,320 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpwa3260.dll [2012.12.22 10:27:40 | 000,048,640 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tpasdk.dll [2012.12.22 10:27:40 | 000,044,736 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshellsearch.dll [2012.12.22 10:27:31 | 000,383,640 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realconverter.exe [2012.12.22 10:27:31 | 000,354,968 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\convert.exe [2012.12.22 10:27:23 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll [2012.12.22 10:27:23 | 000,390,384 | ---- | C] (MainConcept GmbH) -- C:\Program Files\mc_enc_mp4v.dll [2012.12.22 10:27:23 | 000,389,272 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realtrimmer.exe [2012.12.22 10:27:23 | 000,136,336 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realshare.exe [2012.12.22 10:27:23 | 000,115,200 | ---- | C] (RealPlayer) -- C:\Program Files\rpshellextension.dll [2012.12.22 10:27:23 | 000,069,632 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjwmapln.dll [2012.12.22 10:27:22 | 000,047,616 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpau3260.dll [2012.12.22 10:27:18 | 000,030,368 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rndevicedbbuilder.exe [2012.12.22 10:27:17 | 000,112,824 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rdsf3260.dll [2012.12.22 10:27:17 | 000,087,552 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\hxaudiodevicehook.dll [2012.12.22 10:27:17 | 000,086,016 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpplugprot.dll [2012.12.22 10:27:17 | 000,070,840 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshell.dll [2012.12.22 10:27:17 | 000,017,080 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rphelperapp.exe [2012.12.22 10:27:17 | 000,009,216 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realjbox.exe [2012.12.22 10:27:16 | 000,500,888 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realplay.exe [2012.12.22 08:43:14 | 000,766,272 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer16_de.exe [2012.11.22 09:36:25 | 019,650,144 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 17.0.exe [2012.11.22 09:35:36 | 019,231,504 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 17.0.exe [2012.11.13 13:41:41 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.65.0.1400.exe [2012.11.13 11:16:01 | 000,895,464 | ---- | C] (Oracle Corporation) -- C:\Program Files (x86)\jxpiinstall.exe [2012.11.13 10:15:40 | 018,090,960 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 16.0.2.exe [2012.11.13 10:11:21 | 018,580,512 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 16.0.2.exe [2012.11.02 13:40:21 | 000,955,488 | ---- | C] (NCH Software) -- C:\Program Files\wpsetup-5.18.exe [2012.11.01 14:39:24 | 009,814,632 | ---- | C] (Ashampoo GmbH & Co. KG ) -- C:\Program Files\ashampoo_burning_studio_6_free_6.81_3639.exe [2012.10.15 15:25:45 | 005,922,048 | ---- | C] (ManiacTools.com ) -- C:\Program Files\m4a-to-mp3-70converter.exe [2012.09.20 06:45:49 | 008,782,120 | ---- | C] (Tobit.Software) -- C:\Program Files\radiorecorder-setup.exe [2012.09.11 12:51:11 | 014,894,636 | ---- | C] (Gougelet Pierre-e ) -- C:\Program Files\XnView1991-win-full-de.exe [2012.09.07 06:33:50 | 017,653,976 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 15.0.1.exe [2012.08.30 06:12:27 | 018,365,488 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 15.0.exe [2012.08.30 06:10:52 | 017,655,464 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 15.0.exe [2012.08.25 14:15:13 | 076,021,168 | ---- | C] (The GIMP Team ) -- C:\Program Files\gimp-2.8.2-setup.exe [2012.08.12 12:22:26 | 018,503,824 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 14.0.exe [2012.06.12 06:31:47 | 013,107,424 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Full.exe [2012.06.12 06:09:52 | 018,362,696 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 13.0.exe [2012.06.11 18:11:49 | 017,301,984 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\AdobeAIRInstaller.exe [2012.06.11 17:27:14 | 016,418,456 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 13.0.exe [2012.05.19 22:53:40 | 001,292,648 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web_15.4.3555.exe [2012.05.15 12:30:33 | 040,437,664 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe [2012.05.02 06:57:45 | 016,179,464 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 12.0.exe [2012.04.30 17:46:07 | 017,449,712 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 12.0.1.exe [2012.04.05 09:20:03 | 026,534,080 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Program Files (x86)\FreeAudioCDBurner.exe [2012.04.02 12:04:59 | 027,672,000 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Program Files (x86)\FreeYouTubeToiPodConverter_3.10.17.exe [2012.02.25 09:42:27 | 006,674,008 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files (x86)\Shockwave_Installer_Slim.exe [2012.02.25 09:40:38 | 039,401,336 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\QuickTimeInstaller.exe [2012.02.25 09:39:34 | 028,038,592 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealPlayer1502_de.exe [2012.02.24 10:16:36 | 000,763,408 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleEarthSetup.exe [2008.04.11 09:09:24 | 000,093,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1049.dll [2008.04.11 07:03:48 | 000,562,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.exe [2008.04.11 07:03:48 | 000,097,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1036.dll [2008.04.11 07:03:48 | 000,096,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.3082.dll [2008.04.11 07:03:48 | 000,096,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1031.dll [2008.04.11 07:03:48 | 000,095,248 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1040.dll [2008.04.11 07:03:48 | 000,091,152 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1033.dll [2008.04.11 07:03:48 | 000,081,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1041.dll [2008.04.11 07:03:48 | 000,079,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1042.dll [2008.04.11 07:03:48 | 000,076,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1028.dll [2008.04.11 07:03:48 | 000,075,792 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.2052.dll [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.23 15:58:02 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.23 15:57:11 | 000,001,226 | ---- | M] () -- C:\Windows\SysWow64\excltmp~.dat [2013.01.23 15:52:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jasmina.NICOJAS-PC\Desktop\OTL.exe [2013.01.23 15:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.23 15:23:00 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1835506289-3229931497-3952218681-1004UA.job [2013.01.23 15:16:41 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.23 15:16:41 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.23 15:10:19 | 000,000,117 | -H-- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\.~lock.Tabelle Test.odt# [2013.01.23 15:09:07 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.23 15:08:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.23 15:08:24 | 3137,994,752 | -HS- | M] () -- C:\hiberfil.sys [2013.01.23 14:20:55 | 000,001,089 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.01.23 14:14:26 | 003,137,416 | ---- | M] (Secunia) -- C:\Program Files\PSISetup6001.exe [2013.01.23 12:30:05 | 000,011,582 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Elternsprechtag Jan 2013.odt [2013.01.23 12:23:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1835506289-3229931497-3952218681-1004Core.job [2013.01.22 19:59:00 | 000,000,419 | ---- | M] () -- C:\NET.INI [2013.01.22 16:01:13 | 000,013,934 | ---- | M] () -- C:\Windows\SysWow64\cchservice.err [2013.01.21 14:58:54 | 000,009,086 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Zu bezahlen.odt [2013.01.21 14:52:29 | 000,008,371 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Deutscher Bauernverband Praktikum.odt [2013.01.21 12:14:10 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.01.21 10:08:51 | 000,001,069 | ---- | M] () -- C:\Windows\wininit.ini [2013.01.19 16:22:18 | 004,178,040 | ---- | M] (Piriform Ltd) -- C:\Program Files\ccsetup326.exe [2013.01.19 16:04:21 | 105,661,272 | ---- | M] () -- C:\Program Files\avira_free_antivirus_de.exe [2013.01.19 15:32:44 | 000,016,227 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Tabelle Test.odt [2013.01.19 12:24:55 | 000,012,793 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Documents\Imperativ Übung Sätze 2.odt [2013.01.19 12:24:25 | 000,013,615 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Documents\Imperativ Übung Verben 2.odt [2013.01.19 12:23:47 | 000,016,176 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Documents\Imperativ Übung Sätze-Lösungen 2.odt [2013.01.12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.10 08:33:13 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.10 08:32:39 | 020,151,664 | ---- | M] (Mozilla) -- C:\Program Files\Firefox Setup 18.0.exe [2013.01.10 08:29:37 | 017,301,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\AdobeAIRInstaller.exe [2013.01.09 16:27:29 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.09 16:27:29 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.09 12:09:59 | 000,424,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.09 12:01:30 | 001,520,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.09 12:01:30 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.09 12:01:30 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.09 12:01:30 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.09 12:01:30 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.09 09:08:08 | 000,004,082 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Local\recently-used.xbel [2013.01.08 12:15:31 | 000,008,726 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\HPG 19-02-2013.odt [2013.01.06 11:51:05 | 000,008,465 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\trude.odt [2013.01.06 11:35:52 | 010,000,984 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\aio_install.exe [2013.01.04 08:37:26 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.23 15:10:19 | 000,000,117 | -H-- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\.~lock.Tabelle Test.odt# [2013.01.23 14:20:55 | 000,001,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.01.23 14:20:55 | 000,001,052 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013.01.21 14:50:03 | 000,008,371 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Deutscher Bauernverband Praktikum.odt [2013.01.21 10:02:14 | 000,001,069 | ---- | C] () -- C:\Windows\wininit.ini [2013.01.20 10:27:08 | 000,013,934 | ---- | C] () -- C:\Windows\SysWow64\cchservice.err [2013.01.19 14:19:29 | 000,016,227 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Tabelle Test.odt [2013.01.19 12:24:53 | 000,012,793 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Documents\Imperativ Übung Sätze 2.odt [2013.01.19 12:24:23 | 000,013,615 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Documents\Imperativ Übung Verben 2.odt [2013.01.19 12:19:06 | 000,016,176 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Documents\Imperativ Übung Sätze-Lösungen 2.odt [2013.01.16 14:56:19 | 000,011,582 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Elternsprechtag Jan 2013.odt [2013.01.13 17:50:56 | 000,009,086 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Zu bezahlen.odt [2013.01.09 09:08:08 | 000,004,082 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Local\recently-used.xbel [2013.01.07 10:22:14 | 000,008,726 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\HPG 19-02-2013.odt [2012.12.30 12:54:17 | 000,008,465 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\trude.odt [2012.12.22 10:27:42 | 000,002,851 | ---- | C] () -- C:\Program Files\cdroms.cfg [2012.12.22 10:27:40 | 000,119,808 | ---- | C] () -- C:\Program Files\waiting.avi [2012.12.22 10:27:40 | 000,067,473 | ---- | C] () -- C:\Program Files\realplay.chm [2012.12.22 10:27:40 | 000,057,762 | ---- | C] () -- C:\Program Files\howto.chm [2012.12.22 10:27:40 | 000,027,278 | ---- | C] () -- C:\Program Files\frw.bmp [2012.12.22 10:27:40 | 000,016,296 | ---- | C] () -- C:\Program Files\realtfon.fon [2012.12.22 10:27:31 | 000,476,724 | ---- | C] () -- C:\Program Files\converter.vs [2012.12.22 10:27:23 | 000,045,428 | ---- | C] () -- C:\Program Files\sharemedia.vs [2012.12.22 10:27:23 | 000,001,209 | ---- | C] () -- C:\Program Files\flvplay.swf [2012.12.22 10:27:22 | 000,033,157 | ---- | C] () -- C:\Program Files\RealNetworks License.html [2012.12.22 10:27:22 | 000,033,157 | ---- | C] () -- C:\Program Files\playrlic.html [2012.12.22 10:27:21 | 001,109,306 | ---- | C] () -- C:\Program Files\normal.vs [2012.12.22 10:27:21 | 000,061,495 | ---- | C] () -- C:\Program Files\ssimages.vs [2012.12.22 10:27:21 | 000,000,480 | ---- | C] () -- C:\Program Files\keys.dat [2012.12.22 10:27:17 | 000,001,161 | ---- | C] () -- C:\Program Files\autoplaylist.dat [2012.12.22 10:27:17 | 000,000,043 | ---- | C] () -- C:\Program Files\strs23.dat [2012.12.22 10:27:17 | 000,000,013 | ---- | C] () -- C:\Program Files\strs26.dat [2012.12.22 10:27:16 | 000,427,405 | ---- | C] () -- C:\Program Files\calibrate.rv [2012.12.22 10:27:16 | 000,017,846 | ---- | C] () -- C:\Program Files\videotest.rm [2012.12.22 10:27:16 | 000,000,221 | ---- | C] () -- C:\Program Files\subscription.rnx [2012.12.22 10:27:16 | 000,000,177 | ---- | C] () -- C:\Program Files\freeoffers.rnx [2012.12.15 13:46:18 | 022,916,830 | ---- | C] () -- C:\Program Files\vlc-2.0.5-win32.exe [2012.12.15 13:06:25 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2012.09.27 10:19:36 | 000,013,824 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.20 06:46:53 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2012.08.31 12:55:15 | 019,609,977 | ---- | C] () -- C:\Program Files\PDFXVwer_2.5.205.zip [2012.08.29 08:03:59 | 000,160,350 | ---- | C] () -- C:\Program Files\JavaRa.zip [2012.08.29 07:42:01 | 009,672,192 | ---- | C] () -- C:\Program Files\Adobe_Flash_Player_AX_11.4.402.265_SPS.exe [2012.08.29 07:41:24 | 015,567,360 | ---- | C] () -- C:\Program Files\Adobe_AIR_3.4.0.2540_SPS.exe [2012.08.27 10:09:16 | 152,249,762 | ---- | C] () -- C:\Program Files\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe [2012.08.15 11:05:18 | 009,697,792 | ---- | C] () -- C:\Program Files\ShockwavePlayer_11.6.6.636_SPS.exe [2012.07.15 09:39:36 | 022,657,136 | ---- | C] () -- C:\Program Files\vlc-2.0.2-win32.exe [2012.06.27 07:54:46 | 009,679,360 | ---- | C] () -- C:\Program Files\Shockwaveplayer_11.6.4.634.exe [2012.06.17 18:54:57 | 000,000,271 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\burnaware.ini [2012.06.12 06:48:02 | 007,656,960 | ---- | C] () -- C:\Program Files\cortona3d.msi [2012.06.12 06:05:13 | 000,441,829 | ---- | C] () -- C:\Program Files\ade-tb-13.0.c.xpi [2012.06.11 08:53:53 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.05.29 09:37:28 | 151,893,470 | ---- | C] () -- C:\Program Files\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_de.exe [2012.05.23 17:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.05.23 17:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.05.23 17:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.05.23 17:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.05.22 06:51:22 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.05.19 14:32:36 | 000,278,643 | ---- | C] () -- C:\Program Files\fast_video_download-4.1.6-fx.zip [2012.05.19 14:22:36 | 196,941,888 | ---- | C] () -- C:\Program Files\ALDI Bestellsoftware Setup.exe [2012.05.11 07:57:44 | 029,272,056 | ---- | C] () -- C:\Program Files\SaalDesignSoftware2.9.2.exe [2012.05.05 16:00:03 | 004,998,707 | ---- | C] () -- C:\Program Files\flvplayer_setup20_25.exe [2012.03.27 12:48:40 | 000,253,952 | ---- | C] () -- C:\Program Files\OOo_3.3.9567.500.exe [2012.02.25 09:57:51 | 000,155,536 | ---- | C] () -- C:\Windows\SysWow64\dllcinx.exe [2012.02.25 09:57:49 | 000,000,626 | ---- | C] () -- C:\Windows\SysWow64\nochook.ini [2012.02.25 09:38:55 | 004,998,707 | ---- | C] () -- C:\Program Files (x86)\flvplayer_setup20_25.exe [2012.02.24 16:59:09 | 000,001,226 | ---- | C] () -- C:\Windows\SysWow64\excltmp~.dat [2012.02.24 16:58:29 | 000,000,140 | -H-- | C] () -- C:\Windows\SysWow64\ctlsw.ini [2012.02.24 16:58:29 | 000,000,091 | ---- | C] () -- C:\Windows\SysWow64\SWCTL.DLL [2012.02.24 11:05:44 | 018,980,864 | ---- | C] () -- C:\Program Files\SkypeSetup_5.8.0.156.msi [2012.02.24 10:48:18 | 031,870,976 | ---- | C] () -- C:\Program Files\PXCViewer_x6425201.msi [2012.02.24 10:47:54 | 001,376,768 | ---- | C] () -- C:\Program Files\7z920-x64.msi [2012.02.24 10:35:22 | 105,661,272 | ---- | C] () -- C:\Program Files\avira_free_antivirus_de.exe [2012.02.24 10:15:24 | 168,166,968 | ---- | C] () -- C:\Program Files\OOo_3.3.0_Win_x86_install-wJRE_de.exe [2012.02.22 08:07:19 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.11.30 01:26:12 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.11.30 01:26:09 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.11.30 01:26:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_6B071461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_5B011461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_3B011461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A031461_ca.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A031461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_1C011461_61.bin [2011.11.30 01:23:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin [2011.11.30 01:23:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin [2011.11.30 01:23:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin [2011.11.30 01:23:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin [2011.11.30 01:23:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin [2011.11.30 01:23:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin [2011.11.30 01:23:23 | 000,000,436 | ---- | C] () -- C:\Windows\11317231_1C0F1461_41.bin [2011.11.30 01:23:23 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin [2011.11.30 01:23:23 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_3B0f1461_ca.bin [2011.11.30 01:23:23 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin [2011.11.30 01:23:23 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin [2011.11.30 01:23:23 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin [2011.11.30 01:23:23 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B011461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin [2011.11.30 01:23:22 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin [2011.11.30 01:23:22 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin [2011.11.30 01:23:22 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_0B001461_aa.bin [2011.11.30 01:23:22 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin [2008.04.11 09:11:40 | 000,233,472 | ---- | C] () -- C:\Program Files\VC_RED.MSI [2008.04.11 09:09:38 | 003,797,292 | ---- | C] () -- C:\Program Files\VC_RED.cab [2008.04.11 09:07:18 | 000,005,686 | ---- | C] () -- C:\Program Files\vcredist.bmp [2008.04.11 09:07:18 | 000,001,110 | ---- | C] () -- C:\Program Files\globdata.ini [2008.04.11 09:07:18 | 000,000,843 | ---- | C] () -- C:\Program Files\install.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
23.01.2013, 16:45
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Dateiobjekte in der Registry Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Infizierte Dateiobjekte in der Registry |
|
23.01.2013, 22:10
| #7 |
| | Infizierte Dateiobjekte in der Registry Über den link habe ich Malwarebytes Anti-Rootkit BETA runtergeladen. Beim scan start erschien folgende Meldung: "Registry value Appint_Dlls has been found, which may be caused by rootkit activity. Note: press 'No' button if you are not sure. If the tool crashes or termiantes unexpectedly during a system scan, restart the tool and press 'Yes' should this message appear again." Ich habe "No" gewählt. Den Neustart musst ich manuell durchführen. Der Start verlief in normaler Geschwindigkeit. Beim zweiten Scan gab es erneut Funde. Hier die beiden logs: 1. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_33
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 4183994368, free: 2042388480
------------ Kernel report ------------
01/23/2013 21:11:39
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\gfibto.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stdcfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\nvkflt.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\AVer7231_x64.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\Accelern.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\qicflt.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\??\C:\Windows\SysWOW64\CCInj64.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\psi_mf.sys
\SystemRoot\system32\drivers\MSPQM.sys
\SystemRoot\system32\drivers\MSPCLOCK.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004cf1790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8004815060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.01.23.09
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004cf1790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004cf12c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004cf1790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004c08cb0, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
DevicePointer: 0xfffffa8004815060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a0014eff00, 0xfffffa8004cf1790, 0xfffffa80043aa790
Lower DeviceData: 0xfffff8a00a558e10, 0xfffffa8004815060, 0xfffffa80049bbe40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C4255875
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 557135872
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 557342720 Numsec = 419426304
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig --> [Windows.Tool.Disabled]
Infected: HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig --> [Windows.Tool.Disabled]
Done!
Scan finished
Creating System Restore point...
Could not create restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
(c) Malwarebytes Corporation 2011-2012
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_33
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 4183994368, free: 2042388480
------------ Kernel report ------------
01/23/2013 21:11:39
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\gfibto.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stdcfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\nvkflt.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\AVer7231_x64.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\Accelern.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\qicflt.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\??\C:\Windows\SysWOW64\CCInj64.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\psi_mf.sys
\SystemRoot\system32\drivers\MSPQM.sys
\SystemRoot\system32\drivers\MSPCLOCK.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004cf1790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8004815060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.01.23.09
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004cf1790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004cf12c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004cf1790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004c08cb0, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
DevicePointer: 0xfffffa8004815060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a0014eff00, 0xfffffa8004cf1790, 0xfffffa80043aa790
Lower DeviceData: 0xfffff8a00a558e10, 0xfffffa8004815060, 0xfffffa80049bbe40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C4255875
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 557135872
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 557342720 Numsec = 419426304
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig --> [Windows.Tool.Disabled]
Infected: HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig --> [Windows.Tool.Disabled]
Done!
Scan finished
Creating System Restore point...
Could not create restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_33
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 4183994368, free: 2746236928
Removal queue found; removal started
Removal finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_33
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 4183994368, free: 2266288128
------------ Kernel report ------------
01/23/2013 21:33:55
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\gfibto.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stdcfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\nvkflt.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\AVer7231_x64.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\Accelern.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\qicflt.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Windows\SysWOW64\CCInj64.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\psi_mf.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004cf2790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8004ad8060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.01.23.10
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004cf2790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004cf22c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004cf2790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004c089c0, DeviceName: Unknown, DriverName: \Driver\stdcfltn\
DevicePointer: 0xfffffa8004ad8060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a00b88c4e0, 0xfffffa8004cf2790, 0xfffffa8004277790
Lower DeviceData: 0xfffff8a00a5c6770, 0xfffffa8004ad8060, 0xfffffa800417ba30
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C4255875
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 557135872
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 557342720 Numsec = 419426304
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig --> [Windows.Tool.Disabled]
Infected: HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig --> [Windows.Tool.Disabled]
Done!
Scan finished
Creating System Restore point...
Could not create restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_33
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 4183994368, free: 2700341248
Removal queue found; removal started
Removal finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_33
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 4183994368, free: 1764106240
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_33
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 4183994368, free: 1936502784
------------ Kernel report ------------
01/23/2013 22:05:17
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\gfibto.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stdcfltn.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\nvkflt.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\AVer7231_x64.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\Accelern.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\qicflt.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\psi_mf.sys
\??\C:\Windows\SysWOW64\CCInj64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004cd2790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa800498e060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
=======================================
|
|
24.01.2013, 00:22
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Dateiobjekte in der Registry 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.01.2013, 07:02
| #9 |
| | Infizierte Dateiobjekte in der Registry Sorry, sorry, sorry! Den zweiten logfile von otl habe ich übersehen.  Hier jetzt aber: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.01.2013 15:54:38 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jasmina.NICOJAS-PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 51,11% Memory free
7,79 Gb Paging File | 5,50 Gb Available in Paging File | 70,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 265,66 Gb Total Space | 80,75 Gb Free Space | 30,40% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 199,73 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Computer Name: NICOJAS-PC | User Name: Jasmina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
"DisableConfig" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
"DisableConfig" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B9EF93-80A8-4845-BBEA-E57E652BBCAF}" = rport=445 | protocol=6 | dir=out | app=system |
"{06E9E081-AF16-48F3-A65C-45D38EFFFDC6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13482F04-C479-4714-A5ED-39793B8AAE1D}" = rport=139 | protocol=6 | dir=out | app=system |
"{13E37376-E86C-4019-A725-370DBA1C472E}" = rport=138 | protocol=17 | dir=out | app=system |
"{19ABAAFE-5469-4D69-ADA2-4699E51AAFCF}" = lport=445 | protocol=6 | dir=in | app=system |
"{22BA7DA7-E3C4-47BD-BD6A-B114541112F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2AA89C74-81DA-40D8-903C-81F5681F1A55}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{34E72618-0DA7-47D5-A7A0-F15510D9E758}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{482FEDE2-F7D7-4FCF-BC03-256AAC6974E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49716C09-3F9C-404E-B180-E4081D0BBDC8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4A808828-8225-46D2-87EC-5E577FAB1B3A}" = lport=139 | protocol=6 | dir=in | app=system |
"{6EEE79D5-2A03-486E-9097-D0C7BAD265DF}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{99CBA5AC-9892-45B9-8760-B588F1E908B0}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{A2DF74D5-A568-4A13-A040-D2D95D6C75DE}" = rport=137 | protocol=17 | dir=out | app=system |
"{A3589360-384E-4156-A3A9-B670DC44F140}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{ADCF185E-AB3F-49C7-B4C6-6FEECB08A98F}" = lport=137 | protocol=17 | dir=in | app=system |
"{D9814FB7-C5B3-41F3-913D-6FC368B5C6E6}" = lport=138 | protocol=17 | dir=in | app=system |
"{F82628F2-3F45-4F25-BAAA-14803BF0F409}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DE7700-6E5A-4350-9F44-2A7432769CCB}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{02F141FE-498D-4574-A66D-58E2561D793C}" = protocol=17 | dir=in | app=c:\program files (x86)\2k sports\nba 2k13\nba2k13.exe |
"{126782C9-2354-44F3-8F23-A92D102A4E93}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{2F2EB0A3-4B90-4E33-8C0C-80A6A9C83A72}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{2F5BDC80-D4CF-46DA-BFFF-FB1A05C2693B}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe |
"{300ACAB8-ACF5-4FC8-A2ED-1BF12C2151CD}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{36C3CA04-80CA-4D39-B6C5-AF220F844087}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{3AB28388-7EB4-46AA-8C6D-806B6571D56D}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{3B630698-B25B-41DF-8EF9-E2B396B0B083}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{3CAEF7AF-5FBE-4237-9D6F-D6C0A7991314}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{3E609762-8618-4993-A50C-77D22F878630}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{43CBC248-7E0B-477C-8DB0-449AE476C7D5}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{45B64134-8F9D-49F1-8940-F8D85BA68411}" = protocol=6 | dir=in | app=c:\program files (x86)\2k sports\nba 2k13\nba2k13.exe |
"{461D9763-7840-401C-8EA8-A9016EAFB6A0}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{4B4AC4D5-F226-4ED8-91F7-5BF8E74E2912}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{4D4EFD79-8431-489B-ACBF-22842823D940}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5CE13E4F-212C-42A3-98D7-C10DCBBAEAB8}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{6286D4F7-67FF-4293-AA87-AC04E642A996}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{673EE027-9D91-408D-8E7F-F9EAE8AA5195}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{7FBC02D6-A43E-46B5-B55E-F878996E72CA}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{80514CFD-8048-4C14-B844-9891D4854D21}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{83AF232F-8E60-4AE4-91F3-177AADA4C95D}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{86B3BA1A-EB42-41EB-8BE5-ED2F3CCD803F}" = protocol=17 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe |
"{8A47FCBE-4950-4015-8D01-2C2AC9895ED7}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{8A76F869-12AA-4BBE-8D9F-B97FFECBF30E}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{91EB51CE-59DF-48E1-BAF4-52E98B8F4352}" = protocol=17 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe |
"{97EB7143-70C5-495B-B9AF-62423A6EB4CC}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{9B906E24-8273-4393-AA06-F8A6FDA9FFC3}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{9E64C8F7-38F7-4211-9F24-27502D9F9377}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{A2834B87-C86E-4D08-90B2-DA67BCA1716B}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe |
"{A301FAD5-5412-4D17-BFE7-FECBF23E370B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A7F89437-5CF4-4291-AC2D-3A780F3ABEE7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BD7E8F19-BBB9-4C22-A1A9-13145F003618}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BE688A9C-1735-4E3E-A89C-BC83633D49E9}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{BF64C12D-723D-4411-A3FB-77E0F02E6A4A}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{C290BE6A-1286-4F6B-8429-B0EC7335FEE4}" = protocol=6 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe |
"{C8790961-8656-4860-9076-A2D6623D10E5}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{CC860D3A-C81A-4786-878A-4D6E17556474}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{CD406032-BF04-4303-912E-D7130F577CF8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CD7240F0-B94F-46EF-926F-AAE573567F82}" = protocol=6 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe |
"{DC484A61-D39E-484F-ABAC-79D0B001A970}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{E590CA35-BF4B-43AB-AD11-E1DFA3E5E85F}" = dir=in | app=c:\program files (x86)\dell stage\videostage\videostage.exe |
"{EB9E90E3-6809-4C85-8486-954384E4415E}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"TCP Query User{2C129A0F-15ED-4EB5-B1D1-52762861834F}C:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{415EE727-2686-4681-A0CC-B633456BC9A1}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{44F9B41D-F81E-4237-B65C-495E923A0A91}C:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{56412238-720A-46B5-A739-61A80F922067}C:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe |
"TCP Query User{9B9701E4-29D1-4FF2-979C-8597475BDD6F}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{D1677699-5DF9-4125-9F3C-4687B71E4538}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{E0CFE6E6-8D1F-4EA9-8CB2-172678AAC4F5}C:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe |
"UDP Query User{01DE79D1-8DE7-4447-ADB8-56C8B3C7497B}C:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{2F8A7DF9-1087-41D1-8A2C-9992D60A33F1}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{40F012E4-AE29-44CC-BD71-803C69499479}C:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe |
"UDP Query User{5DEF9C85-2CF8-4430-B799-143CCE815566}C:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe |
"UDP Query User{7D3AE024-0E92-4F74-A165-5F405D7115A1}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{BA636B01-B9F1-4665-9285-7B080D1B5368}C:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{FC56FE20-5872-4926-A640-6CA999CC5F9B}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D98F04D-11A1-4B64-A406-43292B9EEE90}" = Dell PhotoStage
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E90B7F4-1817-4405-B4A5-E4EA5EC0E2B3}" = Dell MusicStage
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D96B6543-A0C0-4351-AF96-73DEF1DD6820}" = NBA 2K13
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DEACDFFA-D424-416F-B849-FA282F55B2CE}" = Cortona3D Viewer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}" = Dell Stage
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALDI Bestellsoftware" = ALDI Bestellsoftware 4.12.1
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.81
"Avira AntiVir Desktop" = Avira Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"ExpressBurn" = Express Burn
"ExpressRip" = Express Rip
"FLV Player" = FLV Player 2.0 (build 25)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.10.32.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Kindersicherung_is1" = Kindersicherung 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MixPad" = MixPad Audiodatei-Mixer
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PrintProjects" = PrintProjects
"RealPlayer 16.0" = RealPlayer
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"Tobit Radio.fx Server 1" = WDR RadioRecorder
"Video Converter" = Video Converter
"VLC media player" = VLC media player 2.0.5
"WavePad" = WavePad Audiobearbeitungs-Software
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.10.2012 06:21:15 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 439
Description = Windows (2888) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 24.10.2012 06:24:30 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 490
Description = Windows (2888) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 24.10.2012 06:24:30 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 439
Description = Windows (2888) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 24.10.2012 06:26:43 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 490
Description = Windows (2888) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 24.10.2012 06:26:43 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 439
Description = Windows (2888) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 24.10.2012 06:26:53 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 490
Description = Windows (2888) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 24.10.2012 06:26:53 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 439
Description = Windows (2888) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 24.10.2012 06:27:03 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 490
Description = Windows (2888) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 24.10.2012 06:27:03 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 439
Description = Windows (2888) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 24.10.2012 06:44:26 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 490
Description = Windows (2888) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 24.10.2012 06:44:26 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 439
Description = Windows (2888) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
[ Media Center Events ]
Error - 20.03.2012 15:11:39 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 20:11:34 - Fehler beim Herstellen der Internetverbindung. 20:11:34
- Serververbindung konnte nicht hergestellt werden..
Error - 20.03.2012 16:11:42 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 21:11:42 - Fehler beim Herstellen der Internetverbindung. 21:11:42
- Serververbindung konnte nicht hergestellt werden..
Error - 20.03.2012 16:11:51 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 21:11:47 - Fehler beim Herstellen der Internetverbindung. 21:11:47
- Serververbindung konnte nicht hergestellt werden..
Error - 05.05.2012 14:52:38 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 20:44:58 - EpgListing.enc konnte nicht abgerufen werden (Fehler: HTTP-Status
404: Die angeforderte URL ist auf diesem Server nicht vorhanden. )
Error - 22.05.2012 14:13:50 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 20:13:50 - Fehler beim Herstellen der Internetverbindung. 20:13:50
- Serververbindung konnte nicht hergestellt werden..
Error - 22.05.2012 14:14:07 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 20:13:55 - Fehler beim Herstellen der Internetverbindung. 20:13:55
- Serververbindung konnte nicht hergestellt werden..
Error - 13.07.2012 14:26:21 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 20:26:21 - Fehler beim Herstellen der Internetverbindung. 20:26:21
- Serververbindung konnte nicht hergestellt werden..
Error - 13.07.2012 14:26:39 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 20:26:27 - Fehler beim Herstellen der Internetverbindung. 20:26:27
- Serververbindung konnte nicht hergestellt werden..
Error - 24.08.2012 15:46:57 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 21:46:57 - Fehler beim Herstellen der Internetverbindung. 21:46:57
- Serververbindung konnte nicht hergestellt werden..
Error - 24.08.2012 15:47:42 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 21:47:11 - Fehler beim Herstellen der Internetverbindung. 21:47:11
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 23.01.2013 07:26:57 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 23.01.2013 07:28:11 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 23.01.2013 09:03:30 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 23.01.2013 09:03:54 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 23.01.2013 09:17:24 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 23.01.2013 09:17:53 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 23.01.2013 09:49:15 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%50 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 23.01.2013 09:49:15 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1069
Error - 23.01.2013 10:08:27 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 23.01.2013 10:09:34 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
< End of report >
[/CODE] Hallo, hier die logfiles von aswMBR und TDSSKiller: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-24 07:38:06
-----------------------------
07:38:06.558 OS Version: Windows x64 6.1.7601 Service Pack 1
07:38:06.559 Number of processors: 8 586 0x2A07
07:38:06.559 ComputerName: NICOJAS-PC UserName: Jasmina
07:38:08.408 Initialize success
07:41:01.326 AVAST engine defs: 13012301
07:43:32.582 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:43:32.597 Disk 0 Vendor: ST9500420AS D005SDM1 Size: 476940MB BusType: 11
07:43:32.628 Disk 0 MBR read successfully
07:43:32.628 Disk 0 MBR scan
07:43:32.628 Disk 0 Windows 7 default MBR code
07:43:32.644 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
07:43:32.660 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 272039 MB offset 206848
07:43:32.675 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 204798 MB offset 557342720
07:43:32.706 Disk 0 scanning C:\Windows\system32\drivers
07:43:44.365 Service scanning
07:44:06.468 Modules scanning
07:44:06.468 Disk 0 trace - called modules:
07:44:06.515 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
07:44:07.014 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cd2790]
07:44:07.014 3 CLASSPNP.SYS[fffff88001b5843f] -> nt!IofCallDriver -> [0xfffffa8004be8890]
07:44:07.014 5 stdcfltn.sys[fffff88001a98c52] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049cd680]
07:44:07.981 AVAST engine scan C:\Windows
07:44:09.993 AVAST engine scan C:\Windows\system32
07:47:20.597 AVAST engine scan C:\Windows\system32\drivers
07:47:37.960 AVAST engine scan C:\Users\Jasmina.NICOJAS-PC
07:48:52.513 Disk 0 MBR has been saved successfully to "C:\Users\Jasmina.NICOJAS-PC\Desktop\Antivirus Logs etc\MBR.dat"
07:48:52.513 The log file has been saved successfully to "C:\Users\Jasmina.NICOJAS-PC\Desktop\Antivirus Logs etc\aswMBR.txt"
Code:
ATTFilter 07:49:56.0573 4908 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
07:49:56.0830 4908 ============================================================
07:49:56.0831 4908 Current date / time: 2013/01/24 07:49:56.0830
07:49:56.0831 4908 SystemInfo:
07:49:56.0831 4908
07:49:56.0831 4908 OS Version: 6.1.7601 ServicePack: 1.0
07:49:56.0831 4908 Product type: Workstation
07:49:56.0831 4908 ComputerName: NICOJAS-PC
07:49:56.0831 4908 UserName: Jasmina
07:49:56.0831 4908 Windows directory: C:\Windows
07:49:56.0831 4908 System windows directory: C:\Windows
07:49:56.0831 4908 Running under WOW64
07:49:56.0831 4908 Processor architecture: Intel x64
07:49:56.0831 4908 Number of processors: 8
07:49:56.0831 4908 Page size: 0x1000
07:49:56.0831 4908 Boot type: Normal boot
07:49:56.0831 4908 ============================================================
07:49:57.0915 4908 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:49:57.0933 4908 ============================================================
07:49:57.0933 4908 \Device\Harddisk0\DR0:
07:49:57.0933 4908 MBR partitions:
07:49:57.0933 4908 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:49:57.0933 4908 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x21353800
07:49:57.0934 4908 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x21386000, BlocksNum 0x18FFF000
07:49:57.0934 4908 ============================================================
07:49:57.0957 4908 C: <-> \Device\Harddisk0\DR0\Partition2
07:49:57.0996 4908 D: <-> \Device\Harddisk0\DR0\Partition3
07:49:57.0996 4908 ============================================================
07:49:57.0996 4908 Initialize success
07:49:57.0996 4908 ============================================================
07:50:10.0704 4872 ============================================================
07:50:10.0704 4872 Scan started
07:50:10.0704 4872 Mode: Manual; SigCheck; TDLFS;
07:50:10.0704 4872 ============================================================
07:50:11.0968 4872 ================ Scan system memory ========================
07:50:11.0968 4872 System memory - ok
07:50:11.0968 4872 ================ Scan services =============================
07:50:12.0093 4872 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
07:50:12.0124 4872 1394ohci - ok
07:50:12.0155 4872 [ E0065CBF1A25C015C218457D2CD522B9 ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
07:50:12.0171 4872 Acceler - ok
07:50:12.0218 4872 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
07:50:12.0233 4872 ACPI - ok
07:50:12.0233 4872 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
07:50:12.0249 4872 AcpiPmi - ok
07:50:12.0342 4872 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:50:12.0358 4872 AdobeFlashPlayerUpdateSvc - ok
07:50:12.0389 4872 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
07:50:12.0405 4872 adp94xx - ok
07:50:12.0420 4872 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
07:50:12.0436 4872 adpahci - ok
07:50:12.0436 4872 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
07:50:12.0452 4872 adpu320 - ok
07:50:12.0467 4872 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
07:50:12.0498 4872 AeLookupSvc - ok
07:50:12.0530 4872 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
07:50:12.0545 4872 AFD - ok
07:50:12.0561 4872 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
07:50:12.0576 4872 agp440 - ok
07:50:12.0592 4872 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
07:50:12.0608 4872 ALG - ok
07:50:12.0608 4872 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
07:50:12.0623 4872 aliide - ok
07:50:12.0639 4872 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
07:50:12.0639 4872 amdide - ok
07:50:12.0654 4872 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
07:50:12.0654 4872 AmdK8 - ok
07:50:12.0670 4872 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
07:50:12.0670 4872 AmdPPM - ok
07:50:12.0686 4872 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
07:50:12.0686 4872 amdsata - ok
07:50:12.0701 4872 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
07:50:12.0701 4872 amdsbs - ok
07:50:12.0732 4872 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
07:50:12.0732 4872 amdxata - ok
07:50:13.0076 4872 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
07:50:13.0076 4872 AntiVirSchedulerService - ok
07:50:13.0138 4872 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
07:50:13.0138 4872 AntiVirService - ok
07:50:13.0200 4872 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
07:50:13.0216 4872 AppID - ok
07:50:13.0263 4872 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
07:50:13.0294 4872 AppIDSvc - ok
07:50:13.0325 4872 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
07:50:13.0356 4872 Appinfo - ok
07:50:13.0403 4872 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
07:50:13.0403 4872 arc - ok
07:50:13.0403 4872 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
07:50:13.0419 4872 arcsas - ok
07:50:13.0434 4872 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
07:50:13.0466 4872 AsyncMac - ok
07:50:13.0497 4872 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
07:50:13.0497 4872 atapi - ok
07:50:13.0590 4872 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\Windows\system32\drivers\atikmdag.sys
07:50:13.0653 4872 atikmdag - ok
07:50:13.0715 4872 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:50:13.0746 4872 AudioEndpointBuilder - ok
07:50:13.0793 4872 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
07:50:13.0824 4872 AudioSrv - ok
07:50:13.0902 4872 [ 1D56DCD05784B1F1D9C6E2F529043279 ] AVer7231_x64 C:\Windows\system32\DRIVERS\AVer7231_x64.sys
07:50:13.0965 4872 AVer7231_x64 - ok
07:50:14.0012 4872 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
07:50:14.0027 4872 avgntflt - ok
07:50:14.0074 4872 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
07:50:14.0090 4872 avipbb - ok
07:50:14.0105 4872 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
07:50:14.0105 4872 avkmgr - ok
07:50:14.0152 4872 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
07:50:14.0183 4872 AxInstSV - ok
07:50:14.0230 4872 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
07:50:14.0261 4872 b06bdrv - ok
07:50:14.0292 4872 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
07:50:14.0308 4872 b57nd60a - ok
07:50:14.0339 4872 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
07:50:14.0370 4872 BDESVC - ok
07:50:14.0386 4872 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
07:50:14.0433 4872 Beep - ok
07:50:14.0511 4872 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
07:50:14.0542 4872 BFE - ok
07:50:14.0589 4872 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
07:50:14.0620 4872 BITS - ok
07:50:14.0651 4872 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
07:50:14.0651 4872 blbdrive - ok
07:50:14.0698 4872 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
07:50:14.0714 4872 bowser - ok
07:50:14.0729 4872 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
07:50:14.0729 4872 BrFiltLo - ok
07:50:14.0729 4872 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
07:50:14.0745 4872 BrFiltUp - ok
07:50:14.0792 4872 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
07:50:14.0792 4872 Browser - ok
07:50:14.0807 4872 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
07:50:14.0807 4872 Brserid - ok
07:50:14.0823 4872 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
07:50:14.0823 4872 BrSerWdm - ok
07:50:14.0838 4872 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
07:50:14.0838 4872 BrUsbMdm - ok
07:50:14.0838 4872 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
07:50:14.0854 4872 BrUsbSer - ok
07:50:14.0901 4872 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
07:50:14.0916 4872 BthEnum - ok
07:50:14.0932 4872 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
07:50:14.0948 4872 BTHMODEM - ok
07:50:14.0979 4872 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
07:50:14.0979 4872 BthPan - ok
07:50:15.0010 4872 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
07:50:15.0026 4872 BTHPORT - ok
07:50:15.0057 4872 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
07:50:15.0088 4872 bthserv - ok
07:50:15.0104 4872 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
07:50:15.0119 4872 BTHUSB - ok
07:50:15.0166 4872 [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
07:50:15.0182 4872 btmhsf - ok
07:50:15.0228 4872 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
07:50:15.0275 4872 cdfs - ok
07:50:15.0306 4872 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
07:50:15.0322 4872 cdrom - ok
07:50:15.0369 4872 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
07:50:15.0400 4872 CertPropSvc - ok
07:50:15.0431 4872 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
07:50:15.0447 4872 circlass - ok
07:50:15.0478 4872 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
07:50:15.0494 4872 CLFS - ok
07:50:15.0556 4872 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:50:15.0556 4872 clr_optimization_v2.0.50727_32 - ok
07:50:15.0603 4872 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:50:15.0618 4872 clr_optimization_v2.0.50727_64 - ok
07:50:15.0665 4872 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:50:15.0681 4872 clr_optimization_v4.0.30319_32 - ok
07:50:15.0696 4872 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:50:15.0712 4872 clr_optimization_v4.0.30319_64 - ok
07:50:15.0728 4872 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
07:50:15.0728 4872 CmBatt - ok
07:50:15.0759 4872 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
07:50:15.0774 4872 cmdide - ok
07:50:15.0806 4872 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
07:50:15.0837 4872 CNG - ok
07:50:15.0868 4872 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
07:50:15.0868 4872 Compbatt - ok
07:50:15.0915 4872 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
07:50:15.0915 4872 CompositeBus - ok
07:50:15.0930 4872 COMSysApp - ok
07:50:15.0946 4872 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
07:50:15.0962 4872 crcdisk - ok
07:50:15.0993 4872 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
07:50:16.0024 4872 CryptSvc - ok
07:50:16.0071 4872 [ FBE228ABEAB2BE13B9C3A3A112D4D8DC ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
07:50:16.0086 4872 CtClsFlt - ok
07:50:16.0133 4872 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
07:50:16.0164 4872 DcomLaunch - ok
07:50:16.0196 4872 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
07:50:16.0227 4872 defragsvc - ok
07:50:16.0274 4872 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
07:50:16.0305 4872 DfsC - ok
07:50:16.0336 4872 dgderdrv - ok
07:50:16.0430 4872 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
07:50:16.0445 4872 Dhcp - ok
07:50:16.0461 4872 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
07:50:16.0508 4872 discache - ok
07:50:16.0523 4872 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
07:50:16.0539 4872 Disk - ok
07:50:16.0570 4872 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
07:50:16.0570 4872 Dnscache - ok
07:50:16.0617 4872 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
07:50:16.0648 4872 dot3svc - ok
07:50:16.0742 4872 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
07:50:16.0773 4872 DPS - ok
07:50:16.0788 4872 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
07:50:16.0804 4872 drmkaud - ok
07:50:16.0851 4872 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
07:50:16.0882 4872 DXGKrnl - ok
07:50:16.0898 4872 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
07:50:16.0944 4872 EapHost - ok
07:50:17.0007 4872 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
07:50:17.0116 4872 ebdrv - ok
07:50:17.0132 4872 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
07:50:17.0147 4872 EFS - ok
07:50:17.0272 4872 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
07:50:17.0288 4872 ehRecvr - ok
07:50:17.0350 4872 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
07:50:17.0350 4872 ehSched - ok
07:50:17.0381 4872 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
07:50:17.0397 4872 elxstor - ok
07:50:17.0444 4872 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
07:50:17.0444 4872 ErrDev - ok
07:50:17.0506 4872 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
07:50:17.0537 4872 EventSystem - ok
07:50:17.0537 4872 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
07:50:17.0568 4872 exfat - ok
07:50:17.0600 4872 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
07:50:17.0631 4872 fastfat - ok
07:50:17.0678 4872 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
07:50:17.0693 4872 Fax - ok
07:50:17.0693 4872 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
07:50:17.0693 4872 fdc - ok
07:50:17.0724 4872 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
07:50:17.0740 4872 fdPHost - ok
07:50:17.0756 4872 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
07:50:17.0787 4872 FDResPub - ok
07:50:17.0787 4872 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
07:50:17.0802 4872 FileInfo - ok
07:50:17.0818 4872 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
07:50:17.0849 4872 Filetrace - ok
07:50:17.0849 4872 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
07:50:17.0849 4872 flpydisk - ok
07:50:17.0865 4872 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
07:50:17.0880 4872 FltMgr - ok
07:50:17.0927 4872 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
07:50:17.0958 4872 FontCache - ok
07:50:18.0005 4872 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:50:18.0021 4872 FontCache3.0.0.0 - ok
07:50:18.0036 4872 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
07:50:18.0052 4872 FsDepends - ok
07:50:18.0099 4872 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
07:50:18.0114 4872 Fs_Rec - ok
07:50:18.0177 4872 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
07:50:18.0192 4872 fvevol - ok
07:50:18.0208 4872 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
07:50:18.0208 4872 gagp30kx - ok
07:50:18.0270 4872 [ 14908F4F9005C29DE8F5587E271390EE ] gfibto C:\Windows\system32\drivers\gfibto.sys
07:50:18.0286 4872 gfibto - ok
07:50:18.0333 4872 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
07:50:18.0364 4872 gpsvc - ok
07:50:18.0426 4872 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:50:18.0426 4872 gupdate - ok
07:50:18.0442 4872 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:50:18.0442 4872 gupdatem - ok
07:50:18.0458 4872 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
07:50:18.0473 4872 hcw85cir - ok
07:50:18.0520 4872 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:50:18.0536 4872 HdAudAddService - ok
07:50:18.0567 4872 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
07:50:18.0582 4872 HDAudBus - ok
07:50:18.0582 4872 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
07:50:18.0582 4872 HidBatt - ok
07:50:18.0598 4872 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
07:50:18.0598 4872 HidBth - ok
07:50:18.0614 4872 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
07:50:18.0614 4872 HidIr - ok
07:50:18.0676 4872 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
07:50:18.0707 4872 hidserv - ok
07:50:18.0723 4872 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
07:50:18.0738 4872 HidUsb - ok
07:50:18.0770 4872 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
07:50:18.0801 4872 hkmsvc - ok
07:50:18.0832 4872 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:50:18.0863 4872 HomeGroupListener - ok
07:50:18.0894 4872 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:50:18.0910 4872 HomeGroupProvider - ok
07:50:18.0941 4872 [ 502433044773567F6CE942F8E0A621CA ] HPMo4DE3 C:\Windows\system32\DRIVERS\HPMo4DE3.sys
07:50:18.0957 4872 HPMo4DE3 - ok
07:50:18.0988 4872 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
07:50:19.0004 4872 HpSAMD - ok
07:50:19.0050 4872 [ A635DDB3ED98953BB4D42079017B4E30 ] HPub4DE3 C:\Windows\system32\Drivers\HPub4DE3.sys
07:50:19.0050 4872 HPub4DE3 - ok
07:50:19.0144 4872 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
07:50:19.0175 4872 HTTP - ok
07:50:19.0206 4872 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
07:50:19.0206 4872 hwpolicy - ok
07:50:19.0238 4872 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
07:50:19.0238 4872 i8042prt - ok
07:50:19.0269 4872 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
07:50:19.0284 4872 iaStorV - ok
07:50:19.0316 4872 [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
07:50:19.0331 4872 iBtFltCoex - ok
07:50:19.0378 4872 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:50:19.0394 4872 idsvc - ok
07:50:19.0628 4872 [ EFE5A0AF39A8E179624117C521F1E012 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
07:50:19.0877 4872 igfx - ok
07:50:19.0893 4872 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
07:50:19.0908 4872 iirsp - ok
07:50:19.0955 4872 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
07:50:19.0986 4872 IKEEXT - ok
07:50:20.0002 4872 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
07:50:20.0018 4872 intelide - ok
07:50:20.0033 4872 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
07:50:20.0049 4872 intelppm - ok
07:50:20.0064 4872 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
07:50:20.0096 4872 IPBusEnum - ok
07:50:20.0189 4872 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:50:20.0236 4872 IpFilterDriver - ok
07:50:20.0392 4872 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
07:50:20.0408 4872 iphlpsvc - ok
07:50:20.0470 4872 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
07:50:20.0470 4872 IPMIDRV - ok
07:50:20.0486 4872 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
07:50:20.0517 4872 IPNAT - ok
07:50:20.0532 4872 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
07:50:20.0548 4872 IRENUM - ok
07:50:20.0579 4872 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
07:50:20.0579 4872 isapnp - ok
07:50:20.0595 4872 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
07:50:20.0610 4872 iScsiPrt - ok
07:50:20.0626 4872 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
07:50:20.0642 4872 kbdclass - ok
07:50:20.0642 4872 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
07:50:20.0657 4872 kbdhid - ok
07:50:20.0673 4872 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
07:50:20.0688 4872 KeyIso - ok
07:50:20.0860 4872 [ 775C6D5D60146D7DB08A01CB596D7EC6 ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
07:50:20.0876 4872 Kodak AiO Network Discovery Service - ok
07:50:20.0938 4872 [ 17AFF68AB32F8671BC46612D35351099 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
07:50:20.0954 4872 Kodak AiO Status Monitor Service - ok
07:50:20.0969 4872 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
07:50:20.0985 4872 KSecDD - ok
07:50:21.0016 4872 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
07:50:21.0032 4872 KSecPkg - ok
07:50:21.0047 4872 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
07:50:21.0078 4872 ksthunk - ok
07:50:21.0234 4872 [ 3CA4073A107B42828732088957960643 ] ksupmgr C:\Windows\SysWOW64\ksupmgr.exe
07:50:21.0266 4872 ksupmgr - ok
07:50:21.0297 4872 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
07:50:21.0328 4872 KtmRm - ok
07:50:21.0390 4872 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
07:50:21.0422 4872 LanmanServer - ok
07:50:21.0468 4872 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:50:21.0500 4872 LanmanWorkstation - ok
07:50:21.0562 4872 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
07:50:21.0593 4872 lltdio - ok
07:50:21.0609 4872 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
07:50:21.0640 4872 lltdsvc - ok
07:50:21.0656 4872 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
07:50:21.0687 4872 lmhosts - ok
07:50:21.0718 4872 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
07:50:21.0734 4872 LSI_FC - ok
07:50:21.0734 4872 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
07:50:21.0734 4872 LSI_SAS - ok
07:50:21.0749 4872 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
07:50:21.0749 4872 LSI_SAS2 - ok
07:50:21.0749 4872 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
07:50:21.0765 4872 LSI_SCSI - ok
07:50:21.0780 4872 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
07:50:21.0812 4872 luafv - ok
07:50:21.0874 4872 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
07:50:21.0890 4872 MBAMProtector - ok
07:50:21.0952 4872 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
07:50:21.0968 4872 MBAMScheduler - ok
07:50:22.0030 4872 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
07:50:22.0046 4872 MBAMService - ok
07:50:22.0092 4872 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
07:50:22.0108 4872 Mcx2Svc - ok
07:50:22.0108 4872 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
07:50:22.0124 4872 megasas - ok
07:50:22.0202 4872 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
07:50:22.0217 4872 MegaSR - ok
07:50:22.0233 4872 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
07:50:22.0248 4872 MEIx64 - ok
07:50:22.0264 4872 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
07:50:22.0295 4872 MMCSS - ok
07:50:22.0295 4872 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
07:50:22.0326 4872 Modem - ok
07:50:22.0358 4872 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
07:50:22.0358 4872 monitor - ok
07:50:22.0389 4872 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
07:50:22.0404 4872 mouclass - ok
07:50:22.0420 4872 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
07:50:22.0436 4872 mouhid - ok
07:50:22.0467 4872 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
07:50:22.0467 4872 mountmgr - ok
07:50:22.0529 4872 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:50:22.0545 4872 MozillaMaintenance - ok
07:50:22.0592 4872 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
07:50:22.0592 4872 mpio - ok
07:50:22.0607 4872 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
07:50:22.0638 4872 mpsdrv - ok
07:50:22.0701 4872 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
07:50:22.0748 4872 MpsSvc - ok
07:50:22.0779 4872 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
07:50:22.0794 4872 MRxDAV - ok
07:50:22.0810 4872 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
07:50:22.0826 4872 mrxsmb - ok
07:50:22.0841 4872 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:50:22.0857 4872 mrxsmb10 - ok
07:50:22.0872 4872 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:50:22.0888 4872 mrxsmb20 - ok
07:50:22.0919 4872 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
07:50:22.0935 4872 msahci - ok
07:50:22.0950 4872 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
07:50:22.0966 4872 msdsm - ok
07:50:22.0997 4872 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
07:50:23.0013 4872 MSDTC - ok
07:50:23.0091 4872 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
07:50:23.0106 4872 Msfs - ok
07:50:23.0138 4872 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
07:50:23.0153 4872 mshidkmdf - ok
07:50:23.0169 4872 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
07:50:23.0184 4872 msisadrv - ok
07:50:23.0200 4872 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
07:50:23.0231 4872 MSiSCSI - ok
07:50:23.0231 4872 msiserver - ok
07:50:23.0262 4872 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
07:50:23.0294 4872 MSKSSRV - ok
07:50:23.0325 4872 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
07:50:23.0356 4872 MSPCLOCK - ok
07:50:23.0387 4872 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
07:50:23.0418 4872 MSPQM - ok
07:50:23.0481 4872 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
07:50:23.0481 4872 MsRPC - ok
07:50:23.0496 4872 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
07:50:23.0512 4872 mssmbios - ok
07:50:23.0512 4872 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
07:50:23.0543 4872 MSTEE - ok
07:50:23.0543 4872 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
07:50:23.0559 4872 MTConfig - ok
07:50:23.0574 4872 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
07:50:23.0590 4872 Mup - ok
07:50:23.0606 4872 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
07:50:23.0637 4872 napagent - ok
07:50:23.0699 4872 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
07:50:23.0715 4872 NativeWifiP - ok
07:50:23.0762 4872 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
07:50:23.0793 4872 NDIS - ok
07:50:23.0808 4872 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
07:50:23.0840 4872 NdisCap - ok
07:50:23.0871 4872 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
07:50:23.0902 4872 NdisTapi - ok
07:50:23.0949 4872 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
07:50:23.0980 4872 Ndisuio - ok
07:50:24.0011 4872 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
07:50:24.0042 4872 NdisWan - ok
07:50:24.0074 4872 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
07:50:24.0105 4872 NDProxy - ok
07:50:24.0120 4872 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
07:50:24.0152 4872 NetBIOS - ok
07:50:24.0152 4872 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
07:50:24.0183 4872 NetBT - ok
07:50:24.0198 4872 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
07:50:24.0214 4872 Netlogon - ok
07:50:24.0245 4872 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
07:50:24.0276 4872 Netman - ok
07:50:24.0308 4872 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
07:50:24.0339 4872 netprofm - ok
07:50:24.0370 4872 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:50:24.0370 4872 NetTcpPortSharing - ok
07:50:24.0557 4872 [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
07:50:24.0744 4872 NETwNs64 - ok
07:50:24.0760 4872 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
07:50:24.0776 4872 nfrd960 - ok
07:50:24.0822 4872 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
07:50:24.0822 4872 NlaSvc - ok
07:50:24.0854 4872 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
07:50:24.0885 4872 Npfs - ok
07:50:24.0900 4872 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
07:50:24.0932 4872 nsi - ok
07:50:24.0932 4872 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
07:50:24.0978 4872 nsiproxy - ok
07:50:25.0025 4872 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
07:50:25.0072 4872 Ntfs - ok
07:50:25.0088 4872 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
07:50:25.0119 4872 Null - ok
07:50:25.0150 4872 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
07:50:25.0166 4872 nusb3hub - ok
07:50:25.0197 4872 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
07:50:25.0212 4872 nusb3xhc - ok
07:50:25.0244 4872 [ 65E6BB06A644533118BE007E9601B2C2 ] nvkflt C:\Windows\system32\DRIVERS\nvkflt.sys
07:50:25.0259 4872 nvkflt - ok
07:50:25.0680 4872 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:50:26.0008 4872 nvlddmkm - ok
07:50:26.0039 4872 [ 918841B2454F4F2BD94479692079490B ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
07:50:26.0039 4872 nvpciflt - ok
07:50:26.0055 4872 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
07:50:26.0070 4872 nvraid - ok
07:50:26.0102 4872 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
07:50:26.0117 4872 nvstor - ok
07:50:26.0180 4872 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
07:50:26.0211 4872 nvsvc - ok
07:50:26.0273 4872 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
07:50:26.0304 4872 nvUpdatusService - ok
07:50:26.0320 4872 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
07:50:26.0336 4872 nv_agp - ok
07:50:26.0367 4872 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
07:50:26.0367 4872 ohci1394 - ok
07:50:26.0398 4872 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
07:50:26.0429 4872 p2pimsvc - ok
07:50:26.0445 4872 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
07:50:26.0460 4872 p2psvc - ok
07:50:26.0492 4872 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
07:50:26.0492 4872 Parport - ok
07:50:26.0523 4872 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
07:50:26.0538 4872 partmgr - ok
07:50:26.0538 4872 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
07:50:26.0554 4872 PcaSvc - ok
07:50:26.0570 4872 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
07:50:26.0585 4872 pci - ok
07:50:26.0601 4872 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
07:50:26.0616 4872 pciide - ok
07:50:26.0632 4872 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
07:50:26.0632 4872 pcmcia - ok
07:50:26.0648 4872 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
07:50:26.0663 4872 pcw - ok
07:50:26.0694 4872 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
07:50:26.0741 4872 PEAUTH - ok
07:50:26.0772 4872 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
07:50:26.0788 4872 PerfHost - ok
07:50:26.0850 4872 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
07:50:26.0913 4872 pla - ok
07:50:26.0960 4872 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
07:50:26.0975 4872 PlugPlay - ok
07:50:26.0991 4872 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
07:50:26.0991 4872 PNRPAutoReg - ok
07:50:27.0006 4872 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
07:50:27.0022 4872 PNRPsvc - ok
07:50:27.0053 4872 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
07:50:27.0100 4872 PolicyAgent - ok
07:50:27.0116 4872 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
07:50:27.0147 4872 Power - ok
07:50:27.0194 4872 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
07:50:27.0209 4872 PptpMiniport - ok
07:50:27.0240 4872 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
07:50:27.0256 4872 Processor - ok
07:50:27.0287 4872 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
07:50:27.0318 4872 ProfSvc - ok
07:50:27.0318 4872 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:50:27.0334 4872 ProtectedStorage - ok
07:50:27.0381 4872 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
07:50:27.0412 4872 Psched - ok
07:50:27.0490 4872 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
07:50:27.0490 4872 PSI - ok
07:50:27.0521 4872 [ 0928BD20273625622722FE1DE5BBDE57 ] qicflt C:\Windows\system32\DRIVERS\qicflt.sys
07:50:27.0521 4872 qicflt - ok
07:50:27.0568 4872 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
07:50:27.0630 4872 ql2300 - ok
07:50:27.0630 4872 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
07:50:27.0646 4872 ql40xx - ok
07:50:27.0662 4872 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
07:50:27.0677 4872 QWAVE - ok
07:50:27.0677 4872 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
07:50:27.0693 4872 QWAVEdrv - ok
07:50:27.0896 4872 [ 138F7963118EC710C348819C08F72230 ] Radio.fx D:\Tobit Radio.fx\Server\rfx-server.exe
07:50:27.0942 4872 Radio.fx - ok
07:50:27.0942 4872 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
07:50:27.0974 4872 RasAcd - ok
07:50:28.0020 4872 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
07:50:28.0052 4872 RasAgileVpn - ok
07:50:28.0067 4872 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
07:50:28.0098 4872 RasAuto - ok
07:50:28.0145 4872 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
07:50:28.0176 4872 Rasl2tp - ok
07:50:28.0223 4872 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
07:50:28.0270 4872 RasMan - ok
07:50:28.0301 4872 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
07:50:28.0332 4872 RasPppoe - ok
07:50:28.0332 4872 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
07:50:28.0364 4872 RasSstp - ok
07:50:28.0379 4872 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
07:50:28.0410 4872 rdbss - ok
07:50:28.0426 4872 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
07:50:28.0426 4872 rdpbus - ok
07:50:28.0442 4872 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
07:50:28.0473 4872 RDPCDD - ok
07:50:28.0488 4872 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
07:50:28.0520 4872 RDPENCDD - ok
07:50:28.0535 4872 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
07:50:28.0566 4872 RDPREFMP - ok
07:50:28.0629 4872 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
07:50:28.0644 4872 RdpVideoMiniport - ok
07:50:28.0691 4872 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
07:50:28.0707 4872 RDPWD - ok
07:50:28.0754 4872 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
07:50:28.0769 4872 rdyboost - ok
07:50:28.0878 4872 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
07:50:28.0894 4872 RealNetworks Downloader Resolver Service - ok
07:50:28.0941 4872 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
07:50:28.0956 4872 RemoteAccess - ok
07:50:29.0003 4872 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
07:50:29.0034 4872 RemoteRegistry - ok
07:50:29.0081 4872 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
07:50:29.0097 4872 RFCOMM - ok
07:50:29.0097 4872 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
07:50:29.0128 4872 RpcEptMapper - ok
07:50:29.0159 4872 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
07:50:29.0175 4872 RpcLocator - ok
07:50:29.0222 4872 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
07:50:29.0253 4872 RpcSs - ok
07:50:29.0268 4872 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
07:50:29.0300 4872 rspndr - ok
07:50:29.0378 4872 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
07:50:29.0393 4872 RTL8167 - ok
07:50:29.0424 4872 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
07:50:29.0440 4872 SamSs - ok
07:50:29.0471 4872 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
07:50:29.0487 4872 sbp2port - ok
07:50:29.0502 4872 SBRE - ok
07:50:29.0518 4872 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
07:50:29.0549 4872 SCardSvr - ok
07:50:29.0580 4872 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
07:50:29.0612 4872 scfilter - ok
07:50:29.0658 4872 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
07:50:29.0721 4872 Schedule - ok
07:50:29.0768 4872 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
07:50:29.0799 4872 SCPolicySvc - ok
07:50:29.0846 4872 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
07:50:29.0861 4872 sdbus - ok
07:50:29.0908 4872 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
07:50:29.0908 4872 SDRSVC - ok
07:50:29.0939 4872 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
07:50:29.0970 4872 secdrv - ok
07:50:30.0033 4872 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
07:50:30.0064 4872 seclogon - ok
07:50:30.0204 4872 [ 306F9390976E41063D21AB9AB6D48122 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
07:50:30.0220 4872 Secunia PSI Agent - ok
07:50:30.0314 4872 [ 29C852880E9634F8C6BD77A4E68B5B34 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
07:50:30.0329 4872 Secunia Update Agent - ok
07:50:30.0360 4872 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
07:50:30.0392 4872 SENS - ok
07:50:30.0423 4872 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
07:50:30.0423 4872 SensrSvc - ok
07:50:30.0438 4872 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
07:50:30.0454 4872 Serenum - ok
07:50:30.0454 4872 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
07:50:30.0470 4872 Serial - ok
07:50:30.0485 4872 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
07:50:30.0501 4872 sermouse - ok
07:50:30.0563 4872 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
07:50:30.0579 4872 SessionEnv - ok
07:50:30.0626 4872 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
07:50:30.0641 4872 sffdisk - ok
07:50:30.0657 4872 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
07:50:30.0657 4872 sffp_mmc - ok
07:50:30.0672 4872 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
07:50:30.0672 4872 sffp_sd - ok
07:50:30.0688 4872 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
07:50:30.0704 4872 sfloppy - ok
07:50:30.0735 4872 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
07:50:30.0766 4872 SharedAccess - ok
07:50:30.0828 4872 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:50:30.0875 4872 ShellHWDetection - ok
07:50:30.0953 4872 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
07:50:30.0953 4872 SiSRaid2 - ok
07:50:30.0969 4872 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
07:50:30.0969 4872 SiSRaid4 - ok
07:50:30.0984 4872 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
07:50:31.0016 4872 Smb - ok
07:50:31.0078 4872 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
07:50:31.0078 4872 SNMPTRAP - ok
07:50:31.0094 4872 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
07:50:31.0094 4872 spldr - ok
07:50:31.0156 4872 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
07:50:31.0172 4872 Spooler - ok
07:50:31.0281 4872 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
07:50:31.0406 4872 sppsvc - ok
07:50:31.0437 4872 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
07:50:31.0484 4872 sppuinotify - ok
07:50:31.0530 4872 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
07:50:31.0546 4872 srv - ok
07:50:31.0562 4872 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
07:50:31.0577 4872 srv2 - ok
07:50:31.0608 4872 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
07:50:31.0624 4872 srvnet - ok
07:50:31.0640 4872 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
07:50:31.0671 4872 SSDPSRV - ok
07:50:31.0718 4872 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
07:50:31.0749 4872 SstpSvc - ok
07:50:31.0780 4872 [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
07:50:31.0796 4872 stdcfltn - ok
07:50:31.0889 4872 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
07:50:31.0889 4872 Stereo Service - ok
07:50:31.0905 4872 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
07:50:31.0920 4872 stexstor - ok
07:50:31.0952 4872 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
07:50:31.0967 4872 StillCam - ok
07:50:32.0014 4872 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
07:50:32.0045 4872 stisvc - ok
07:50:32.0123 4872 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
07:50:32.0123 4872 swenum - ok
07:50:32.0139 4872 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
07:50:32.0186 4872 swprv - ok
07:50:32.0248 4872 [ B0C7D4DCF4800DF2F2145B500D0161E8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
07:50:32.0295 4872 SynTP - ok
07:50:32.0357 4872 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
07:50:32.0420 4872 SysMain - ok
07:50:32.0451 4872 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:50:32.0466 4872 TabletInputService - ok
07:50:32.0529 4872 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
07:50:32.0560 4872 TapiSrv - ok
07:50:32.0591 4872 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
07:50:32.0622 4872 TBS - ok
07:50:32.0669 4872 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
07:50:32.0732 4872 Tcpip - ok
07:50:32.0763 4872 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
07:50:32.0794 4872 TCPIP6 - ok
07:50:32.0825 4872 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
07:50:32.0841 4872 tcpipreg - ok
07:50:32.0856 4872 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
07:50:32.0872 4872 TDPIPE - ok
07:50:32.0903 4872 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
07:50:32.0903 4872 TDTCP - ok
07:50:32.0950 4872 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
07:50:32.0981 4872 tdx - ok
07:50:33.0044 4872 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
07:50:33.0059 4872 TermDD - ok
07:50:33.0075 4872 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
07:50:33.0122 4872 TermService - ok
07:50:33.0137 4872 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
07:50:33.0153 4872 Themes - ok
07:50:33.0168 4872 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
07:50:33.0200 4872 THREADORDER - ok
07:50:33.0215 4872 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
07:50:33.0246 4872 TrkWks - ok
07:50:33.0324 4872 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:50:33.0340 4872 TrustedInstaller - ok
07:50:33.0387 4872 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
07:50:33.0418 4872 tssecsrv - ok
07:50:33.0465 4872 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
07:50:33.0465 4872 TsUsbFlt - ok
07:50:33.0512 4872 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
07:50:33.0543 4872 tunnel - ok
07:50:33.0558 4872 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
07:50:33.0574 4872 uagp35 - ok
07:50:33.0590 4872 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
07:50:33.0621 4872 udfs - ok
07:50:33.0636 4872 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
07:50:33.0652 4872 UI0Detect - ok
07:50:33.0668 4872 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
07:50:33.0683 4872 uliagpkx - ok
07:50:33.0714 4872 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
07:50:33.0714 4872 umbus - ok
07:50:33.0730 4872 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
07:50:33.0746 4872 UmPass - ok
07:50:33.0761 4872 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
07:50:33.0792 4872 upnphost - ok
07:50:33.0792 4872 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
07:50:33.0824 4872 usbccgp - ok
07:50:33.0839 4872 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
07:50:33.0855 4872 usbcir - ok
07:50:33.0870 4872 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
07:50:33.0870 4872 usbehci - ok
07:50:33.0886 4872 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
07:50:33.0902 4872 usbhub - ok
07:50:33.0917 4872 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
07:50:33.0933 4872 usbohci - ok
07:50:33.0948 4872 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
07:50:33.0964 4872 usbprint - ok
07:50:33.0995 4872 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
07:50:34.0011 4872 usbscan - ok
07:50:34.0026 4872 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:50:34.0026 4872 USBSTOR - ok
07:50:34.0058 4872 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
07:50:34.0073 4872 usbuhci - ok
07:50:34.0089 4872 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
07:50:34.0104 4872 usbvideo - ok
07:50:34.0120 4872 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
07:50:34.0151 4872 UxSms - ok
07:50:34.0167 4872 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
07:50:34.0167 4872 VaultSvc - ok
07:50:34.0182 4872 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
07:50:34.0198 4872 vdrvroot - ok
07:50:34.0245 4872 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
07:50:34.0292 4872 vds - ok
07:50:34.0323 4872 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
07:50:34.0338 4872 vga - ok
07:50:34.0354 4872 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
07:50:34.0370 4872 VgaSave - ok
07:50:34.0401 4872 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
07:50:34.0416 4872 vhdmp - ok
07:50:34.0448 4872 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
07:50:34.0463 4872 viaide - ok
07:50:34.0494 4872 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
07:50:34.0494 4872 volmgr - ok
07:50:34.0541 4872 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
07:50:34.0557 4872 volmgrx - ok
07:50:34.0572 4872 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
07:50:34.0588 4872 volsnap - ok
07:50:34.0619 4872 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
07:50:34.0619 4872 vsmraid - ok
07:50:34.0682 4872 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
07:50:34.0744 4872 VSS - ok
07:50:34.0760 4872 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
07:50:34.0775 4872 vwifibus - ok
07:50:34.0791 4872 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
07:50:34.0791 4872 vwififlt - ok
07:50:34.0822 4872 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
07:50:34.0822 4872 vwifimp - ok
07:50:34.0853 4872 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
07:50:34.0884 4872 W32Time - ok
07:50:34.0900 4872 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
07:50:34.0900 4872 WacomPen - ok
07:50:34.0931 4872 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
07:50:34.0947 4872 WANARP - ok
07:50:34.0947 4872 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
07:50:34.0978 4872 Wanarpv6 - ok
07:50:35.0025 4872 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
07:50:35.0072 4872 wbengine - ok
07:50:35.0087 4872 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
07:50:35.0103 4872 WbioSrvc - ok
07:50:35.0150 4872 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
07:50:35.0165 4872 wcncsvc - ok
07:50:35.0212 4872 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:50:35.0228 4872 WcsPlugInService - ok
07:50:35.0259 4872 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
07:50:35.0259 4872 Wd - ok
07:50:35.0321 4872 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
07:50:35.0352 4872 Wdf01000 - ok
07:50:35.0368 4872 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
07:50:35.0384 4872 WdiServiceHost - ok
07:50:35.0384 4872 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
07:50:35.0399 4872 WdiSystemHost - ok
07:50:35.0430 4872 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
07:50:35.0446 4872 WebClient - ok
07:50:35.0462 4872 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
07:50:35.0493 4872 Wecsvc - ok
07:50:35.0508 4872 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
07:50:35.0540 4872 wercplsupport - ok
07:50:35.0586 4872 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
07:50:35.0602 4872 WerSvc - ok
07:50:35.0649 4872 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
07:50:35.0664 4872 WfpLwf - ok
07:50:35.0696 4872 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
07:50:35.0696 4872 WIMMount - ok
07:50:35.0711 4872 WinDefend - ok
07:50:35.0711 4872 WinHttpAutoProxySvc - ok
07:50:35.0758 4872 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
07:50:35.0789 4872 Winmgmt - ok
07:50:35.0852 4872 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
07:50:35.0930 4872 WinRM - ok
07:50:35.0976 4872 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
07:50:35.0992 4872 WinUsb - ok
07:50:36.0023 4872 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
07:50:36.0054 4872 Wlansvc - ok
07:50:36.0164 4872 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:50:36.0210 4872 wlidsvc - ok
07:50:36.0242 4872 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
07:50:36.0257 4872 WmiAcpi - ok
07:50:36.0273 4872 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
07:50:36.0288 4872 wmiApSrv - ok
07:50:36.0335 4872 WMPNetworkSvc - ok
07:50:36.0351 4872 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
07:50:36.0351 4872 WPCSvc - ok
07:50:36.0398 4872 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
07:50:36.0398 4872 WPDBusEnum - ok
07:50:36.0413 4872 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
07:50:36.0444 4872 ws2ifsl - ok
07:50:36.0476 4872 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
07:50:36.0476 4872 wscsvc - ok
07:50:36.0491 4872 WSearch - ok
07:50:36.0554 4872 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
07:50:36.0616 4872 wuauserv - ok
07:50:36.0647 4872 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
07:50:36.0678 4872 WudfPf - ok
07:50:36.0710 4872 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
07:50:36.0710 4872 WUDFRd - ok
07:50:36.0741 4872 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
07:50:36.0756 4872 wudfsvc - ok
07:50:36.0772 4872 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
07:50:36.0788 4872 WwanSvc - ok
07:50:36.0834 4872 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
07:50:36.0850 4872 xusb21 - ok
07:50:36.0866 4872 ================ Scan global ===============================
07:50:36.0897 4872 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
07:50:36.0928 4872 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
07:50:36.0944 4872 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
07:50:36.0975 4872 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
07:50:36.0990 4872 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
07:50:37.0006 4872 [Global] - ok
07:50:37.0006 4872 ================ Scan MBR ==================================
07:50:37.0006 4872 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
07:50:37.0380 4872 \Device\Harddisk0\DR0 - ok
07:50:37.0396 4872 ================ Scan VBR ==================================
07:50:37.0396 4872 [ BFAFC4D88AD23596A4FD81FFE8C83D3B ] \Device\Harddisk0\DR0\Partition1
07:50:37.0396 4872 \Device\Harddisk0\DR0\Partition1 - ok
07:50:37.0427 4872 [ ED6DE001831F836B7AB10CC4DD634146 ] \Device\Harddisk0\DR0\Partition2
07:50:37.0427 4872 \Device\Harddisk0\DR0\Partition2 - ok
07:50:37.0458 4872 [ 1615A093366FC82A8EFADBD48E23F6EF ] \Device\Harddisk0\DR0\Partition3
07:50:37.0458 4872 \Device\Harddisk0\DR0\Partition3 - ok
07:50:37.0458 4872 ============================================================
07:50:37.0458 4872 Scan finished
07:50:37.0458 4872 ============================================================
07:50:37.0458 4784 Detected object count: 0
07:50:37.0458 4784 Actual detected object count: 0
07:51:00.0396 3740 Deinitialize success
 |
|
24.01.2013, 10:34
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Dateiobjekte in der Registry Ist unauffällig  adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.01.2013, 11:55
| #11 |
| | Infizierte Dateiobjekte in der Registry Gut! Hier dann der adwcleaner logfile. Code:
ATTFilter # AdwCleaner v2.107 - Datei am 24/01/2013 um 11:51:57 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Jasmina - NICOJAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jasmina.NICOJAS-PC\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\ProgramData\blekko toolbars
Ordner Gefunden : C:\ProgramData\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gefunden : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\Freeze.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gefunden : HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481020&SSPV=IEOB12
-\\ Mozilla Firefox v18.0.1 (de)
-\\ Google Chrome v [Version kann nicht ermittelt werden]
*************************
AdwCleaner[R2].txt - [4345 octets] - [24/01/2013 11:51:57]
########## EOF - C:\AdwCleaner[R2].txt - [4405 octets] ##########
|
|
24.01.2013, 12:11
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Dateiobjekte in der Registry adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.01.2013, 16:32
| #13 |
| | Infizierte Dateiobjekte in der Registry ok. hier adwcleaner logfile: Code:
ATTFilter # AdwCleaner v2.107 - Datei am 24/01/2013 um 16:26:38 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Jasmina - NICOJAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Jasmina.NICOJAS-PC\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\ProgramData\blekko toolbars
Ordner Gelöscht : C:\ProgramData\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2413}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481020&SSPV=IEOB12 --> hxxp://www.google.com
-\\ Mozilla Firefox v18.0.1 (de)
-\\ Google Chrome v [Version kann nicht ermittelt werden]
*************************
AdwCleaner[S2].txt - [3695 octets] - [24/01/2013 16:26:38]
########## EOF - C:\AdwCleaner[S2].txt - [3755 octets] ##########
|
|
24.01.2013, 16:48
| #14 |
| | Infizierte Dateiobjekte in der Registry die otl logs: Code:
ATTFilter OTL logfile created on: 24.01.2013 16:36:14 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jasmina.NICOJAS-PC\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 47,49% Memory free 7,79 Gb Paging File | 5,51 Gb Available in Paging File | 70,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 265,66 Gb Total Space | 80,18 Gb Free Space | 30,18% Space Free | Partition Type: NTFS Drive D: | 200,00 Gb Total Space | 199,73 Gb Free Space | 99,87% Space Free | Partition Type: NTFS Computer Name: NICOJAS-PC | User Name: Jasmina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jasmina.NICOJAS-PC\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe () PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () PRC - D:\Tobit Radio.fx\Server\rfx-server.exe () PRC - C:\Windows\tray\wintmr.exe (Salfeld Computer) PRC - C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer) PRC - C:\Windows\SysWOW64\ccsync.exe (Salfeld Computer) PRC - C:\Windows\SysWOW64\cchservice.exe (Salfeld Computer) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll () MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company) SRV - (Kodak AiO Status Monitor Service) -- C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Eastman Kodak Company) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Radio.fx) -- D:\Tobit Radio.fx\Server\rfx-server.exe () SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (ksupmgr) -- C:\Windows\SysWOW64\ksupmgr.exe (Salfeld Computer) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (HPub4DE3) -- C:\Windows\SysNative\drivers\HPub4DE3.sys (TPMX Electronics Ltd.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (HPMo4DE3) -- C:\Windows\SysNative\drivers\HPMo4DE3.sys (TPMX Electronics Ltd.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia) DRV:64bit: - (AVer7231_x64) -- C:\Windows\SysNative\drivers\AVer7231_x64.sys (AVerMedia TECHNOLOGIES, Inc.) DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 71 C1 6B 32 28 28 CD 01 [binary data] IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - No CLSID value found IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\..\SearchScopes\{DA35B54C-95B6-458E-9DF6-049E661E9F57}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=NCH2&o=APN10013&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ACC&apn_dtid=^YYYYYY^YY^DE&apn_uid=419c7e26-339c-4d26-a298-3fa1e007def9&apn_sauid=00B8BEDE-E5ED-4356-9B52-D9ED2B658C14 IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1835506289-3229931497-3952218681-1005\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..CT2269050.browser.search.defaultthis.engineName: true FF - prefs.js..CT2481020.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ashampoo DE Customized Web Search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: %7B34712C68-7391-4c47-94F3-8F88D49AD632%7D:1.3.0 FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.94.0 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?barid={FCC484FC-37F0-11E2-A636-BC77376D1A7C}&src=2&crg=3.09010003&q=" FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@parallelgraphics.com/Cortona: C:\Program Files (x86)\Common Files\ParallelGraphics\Cortona\npcortona.dll (ParallelGraphics) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\PDF Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012.12.22 10:27:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.21 12:13:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.24 10:58:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.09 15:07:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.01.24 10:58:35 | 000,000,000 | ---D | M] [2012.05.20 09:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\Extensions [2013.01.14 08:34:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\Firefox\Profiles\zd0m12fn.default\extensions [2013.01.14 08:34:21 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\Firefox\Profiles\zd0m12fn.default\extensions\2020Player_IKEA@2020Technologies.com [2012.11.08 11:39:07 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\Firefox\Profiles\zd0m12fn.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012.02.25 12:43:49 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\firefox\profiles\zd0m12fn.default\extensions\personas@christopher.beard.xpi [2012.12.12 11:21:18 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\firefox\profiles\zd0m12fn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.09.26 15:56:22 | 000,002,343 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\firefox\profiles\zd0m12fn.default\searchplugins\askcom.xml [2012.11.01 14:48:38 | 000,000,915 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\firefox\profiles\zd0m12fn.default\searchplugins\conduit.xml [2012.09.27 10:04:27 | 000,001,028 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\firefox\profiles\zd0m12fn.default\searchplugins\dvdvideosofttb-customized-web-search.xml [2012.05.16 20:15:43 | 000,002,515 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\mozilla\firefox\profiles\zd0m12fn.default\searchplugins\Search_Results.xml [2013.01.19 12:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.01.19 12:34:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.12.22 10:27:36 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT [2013.01.19 12:34:37 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.12.22 10:27:18 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - homepage: hxxp://www.google.com/ CHR - Extension: YouTube = C:\Users\Jasmina.NICOJAS-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Jasmina.NICOJAS-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Jasmina.NICOJAS-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Google Mail = C:\Users\Jasmina.NICOJAS-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer) O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe File not found O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\update\realsched.exe (RealNetworks, Inc.) O4 - HKU\.DEFAULT..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKU\S-1-5-18..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) O4 - HKU\S-1-5-18..\RunOnce: [KodakHomeCenter] C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe (Eastman Kodak Company) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Jasmina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Nico.NICOJAS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Nico.NICOJAS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Nico.NICOJAS-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1 O7 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0 O7 - HKU\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FE6BAC3-E33E-46EB-8477-B5A8961B8F76}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.24 11:04:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer [2013.01.24 11:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Viewer [2013.01.24 10:57:31 | 019,443,001 | ---- | C] (Tracker Software Products Ltd ) -- C:\Program Files\PDFXVwer.exe [2013.01.24 10:14:49 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Jasmina.NICOJAS-PC\Desktop\revosetup194.exe [2013.01.23 21:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dienstprogramme [2013.01.23 21:03:36 | 000,000,000 | ---D | C] -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Malwarebytes Anti-Rootkit BETA [2013.01.23 15:51:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jasmina.NICOJAS-PC\Desktop\OTL.exe [2013.01.23 14:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2013.01.23 14:14:20 | 003,137,416 | ---- | C] (Secunia) -- C:\Program Files\PSISetup6001.exe [2013.01.23 07:43:56 | 000,000,000 | ---D | C] -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Lernen Nico [2013.01.21 12:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2013.01.20 17:37:17 | 000,000,000 | ---D | C] -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Antivirus Logs etc [2013.01.19 16:22:17 | 004,178,040 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup326.exe [2013.01.19 16:16:26 | 000,000,000 | ---D | C] -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\Avira [2013.01.19 16:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.01.19 16:12:28 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.01.19 16:12:28 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.01.19 16:12:28 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.01.19 16:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.01.19 16:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.01.19 12:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.18 09:13:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.18 09:13:07 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.18 09:13:07 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.16 16:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Definitions [2013.01.16 16:42:12 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.01.15 12:06:17 | 000,000,000 | ---D | C] -- C:\Users\Jasmina.NICOJAS-PC\Desktop\France [2013.01.14 08:43:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\20-20 Technologies [2013.01.10 08:31:56 | 020,151,664 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 18.0.exe [2013.01.09 15:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.01.09 06:39:45 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.09 06:39:45 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.09 06:39:33 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.09 06:39:31 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.09 06:39:20 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.09 06:39:20 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.09 06:39:20 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.09 06:39:20 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.09 06:39:20 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.09 06:39:20 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.09 06:39:20 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.09 06:39:20 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.09 06:39:20 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.09 06:39:20 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.09 06:39:20 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.09 06:39:20 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.09 06:39:20 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.09 06:39:20 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.09 06:39:20 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.09 06:39:20 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.09 06:39:20 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.09 06:39:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.09 06:39:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.09 06:39:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.09 06:39:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.09 06:39:20 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.09 06:39:20 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.09 06:39:19 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.09 06:39:19 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.09 06:39:18 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.09 06:39:18 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.09 06:39:18 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.09 06:39:18 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.09 06:39:18 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.09 06:39:18 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.09 06:39:18 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.09 06:38:46 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.09 06:38:46 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.09 06:38:45 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.09 06:38:45 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.09 06:38:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.09 06:38:45 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.09 06:38:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.09 06:38:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.09 06:38:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.09 06:38:45 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.09 06:38:45 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.09 06:38:45 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.09 06:38:45 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.09 06:38:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 06:38:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.09 06:38:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.09 06:38:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 06:38:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 06:38:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 06:38:44 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.09 06:38:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.09 06:38:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 06:38:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.09 06:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.09 06:38:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.09 06:38:16 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.06 11:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak [2013.01.06 11:43:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\kodak [2013.01.06 11:42:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2013.01.06 11:35:42 | 010,000,984 | ---- | C] (Eastman Kodak Company) -- C:\Program Files\aio_install.exe [2013.01.04 08:37:05 | 000,000,000 | ---D | C] -- C:\Users\Jasmina.NICOJAS-PC\AppData\Local\Programs [2012.12.22 10:27:43 | 000,016,384 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\wmdmhelper.dll [2012.12.22 10:27:42 | 001,115,376 | ---- | C] (Gracenote) -- C:\Program Files\cddbmusicid.dll [2012.12.22 10:27:42 | 000,943,344 | ---- | C] (Gracenote) -- C:\Program Files\cddblink.dll [2012.12.22 10:27:42 | 000,641,536 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjbres.dll [2012.12.22 10:27:42 | 000,370,176 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjdlg.dll [2012.12.22 10:27:42 | 000,139,264 | ---- | C] (Inner Media, Inc.) -- C:\Program Files\dunzip32.dll [2012.12.22 10:27:42 | 000,045,568 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\ierjplug.dll [2012.12.22 10:27:42 | 000,031,232 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjprog.dll [2012.12.22 10:27:42 | 000,008,704 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\fixrjb.exe [2012.12.22 10:27:41 | 002,041,072 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\cddbcontrol.dll [2012.12.22 10:27:41 | 000,073,216 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tsasdk.dll [2012.12.22 10:27:41 | 000,044,544 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\mmcdda32.dll [2012.12.22 10:27:41 | 000,022,528 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tnetdtct.dll [2012.12.22 10:27:40 | 009,159,680 | ---- | C] (MediaArea.net) -- C:\Program Files\mediainfo.dll [2012.12.22 10:27:40 | 000,389,272 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realcleaner.exe [2012.12.22 10:27:40 | 000,056,320 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpwa3260.dll [2012.12.22 10:27:40 | 000,048,640 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tpasdk.dll [2012.12.22 10:27:40 | 000,044,736 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshellsearch.dll [2012.12.22 10:27:31 | 000,383,640 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realconverter.exe [2012.12.22 10:27:31 | 000,354,968 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\convert.exe [2012.12.22 10:27:23 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll [2012.12.22 10:27:23 | 000,390,384 | ---- | C] (MainConcept GmbH) -- C:\Program Files\mc_enc_mp4v.dll [2012.12.22 10:27:23 | 000,389,272 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realtrimmer.exe [2012.12.22 10:27:23 | 000,136,336 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realshare.exe [2012.12.22 10:27:23 | 000,115,200 | ---- | C] (RealPlayer) -- C:\Program Files\rpshellextension.dll [2012.12.22 10:27:23 | 000,069,632 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjwmapln.dll [2012.12.22 10:27:22 | 000,047,616 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpau3260.dll [2012.12.22 10:27:18 | 000,030,368 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rndevicedbbuilder.exe [2012.12.22 10:27:17 | 000,112,824 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rdsf3260.dll [2012.12.22 10:27:17 | 000,087,552 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\hxaudiodevicehook.dll [2012.12.22 10:27:17 | 000,086,016 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpplugprot.dll [2012.12.22 10:27:17 | 000,070,840 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshell.dll [2012.12.22 10:27:17 | 000,017,080 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rphelperapp.exe [2012.12.22 10:27:17 | 000,009,216 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realjbox.exe [2012.12.22 10:27:16 | 000,500,888 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realplay.exe [2012.12.22 08:43:14 | 000,766,272 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RealPlayer16_de.exe [2012.11.22 09:36:25 | 019,650,144 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 17.0.exe [2012.11.22 09:35:36 | 019,231,504 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 17.0.exe [2012.11.13 13:41:41 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.65.0.1400.exe [2012.11.13 11:16:01 | 000,895,464 | ---- | C] (Oracle Corporation) -- C:\Program Files (x86)\jxpiinstall.exe [2012.11.13 10:15:40 | 018,090,960 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 16.0.2.exe [2012.11.13 10:11:21 | 018,580,512 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 16.0.2.exe [2012.11.02 13:40:21 | 000,955,488 | ---- | C] (NCH Software) -- C:\Program Files\wpsetup-5.18.exe [2012.11.01 14:39:24 | 009,814,632 | ---- | C] (Ashampoo GmbH & Co. KG ) -- C:\Program Files\ashampoo_burning_studio_6_free_6.81_3639.exe [2012.10.15 15:25:45 | 005,922,048 | ---- | C] (ManiacTools.com ) -- C:\Program Files\m4a-to-mp3-70converter.exe [2012.09.20 06:45:49 | 008,782,120 | ---- | C] (Tobit.Software) -- C:\Program Files\radiorecorder-setup.exe [2012.09.11 12:51:11 | 014,894,636 | ---- | C] (Gougelet Pierre-e ) -- C:\Program Files\XnView1991-win-full-de.exe [2012.09.07 06:33:50 | 017,653,976 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 15.0.1.exe [2012.08.30 06:12:27 | 018,365,488 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 15.0.exe [2012.08.30 06:10:52 | 017,655,464 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 15.0.exe [2012.08.25 14:15:13 | 076,021,168 | ---- | C] (The GIMP Team ) -- C:\Program Files\gimp-2.8.2-setup.exe [2012.08.12 12:22:26 | 018,503,824 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 14.0.exe [2012.06.12 06:31:47 | 013,107,424 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Full.exe [2012.06.12 06:09:52 | 018,362,696 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 13.0.exe [2012.06.11 18:11:49 | 017,301,984 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\AdobeAIRInstaller.exe [2012.06.11 17:27:14 | 016,418,456 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 13.0.exe [2012.05.19 22:53:40 | 001,292,648 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web_15.4.3555.exe [2012.05.15 12:30:33 | 040,437,664 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe [2012.05.02 06:57:45 | 016,179,464 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 12.0.exe [2012.04.30 17:46:07 | 017,449,712 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 12.0.1.exe [2012.04.05 09:20:03 | 026,534,080 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Program Files (x86)\FreeAudioCDBurner.exe [2012.04.02 12:04:59 | 027,672,000 | ---- | C] (DVDVideoSoft Ltd. ) -- C:\Program Files (x86)\FreeYouTubeToiPodConverter_3.10.17.exe [2012.02.25 09:42:27 | 006,674,008 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files (x86)\Shockwave_Installer_Slim.exe [2012.02.25 09:40:38 | 039,401,336 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\QuickTimeInstaller.exe [2012.02.25 09:39:34 | 028,038,592 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealPlayer1502_de.exe [2012.02.24 10:16:36 | 000,763,408 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleEarthSetup.exe [2008.04.11 09:09:24 | 000,093,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1049.dll [2008.04.11 07:03:48 | 000,562,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.exe [2008.04.11 07:03:48 | 000,097,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1036.dll [2008.04.11 07:03:48 | 000,096,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.3082.dll [2008.04.11 07:03:48 | 000,096,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1031.dll [2008.04.11 07:03:48 | 000,095,248 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1040.dll [2008.04.11 07:03:48 | 000,091,152 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1033.dll [2008.04.11 07:03:48 | 000,081,424 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1041.dll [2008.04.11 07:03:48 | 000,079,888 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1042.dll [2008.04.11 07:03:48 | 000,076,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.1028.dll [2008.04.11 07:03:48 | 000,075,792 | ---- | C] (Microsoft Corporation) -- C:\Program Files\install.res.2052.dll [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.24 16:36:28 | 000,001,226 | ---- | M] () -- C:\Windows\SysWow64\excltmp~.dat [2013.01.24 16:29:02 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.24 16:27:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.24 16:27:49 | 3137,994,752 | -HS- | M] () -- C:\hiberfil.sys [2013.01.24 16:27:10 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.24 16:27:10 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.24 16:27:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.24 11:58:04 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.24 11:49:17 | 000,574,315 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\adwcleaner.exe [2013.01.24 10:58:04 | 019,443,001 | ---- | M] (Tracker Software Products Ltd ) -- C:\Program Files\PDFXVwer.exe [2013.01.24 10:53:01 | 000,000,537 | ---- | M] () -- C:\Windows\wininit.ini [2013.01.24 10:14:52 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Jasmina.NICOJAS-PC\Desktop\revosetup194.exe [2013.01.24 09:53:56 | 000,002,767 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Local\recently-used.xbel [2013.01.24 09:23:00 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1835506289-3229931497-3952218681-1004UA.job [2013.01.23 16:57:09 | 000,000,419 | ---- | M] () -- C:\NET.INI [2013.01.23 15:52:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jasmina.NICOJAS-PC\Desktop\OTL.exe [2013.01.23 14:20:55 | 000,001,089 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.01.23 14:14:26 | 003,137,416 | ---- | M] (Secunia) -- C:\Program Files\PSISetup6001.exe [2013.01.23 12:30:05 | 000,011,582 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Elternsprechtag Jan 2013.odt [2013.01.23 12:23:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1835506289-3229931497-3952218681-1004Core.job [2013.01.22 16:01:13 | 000,013,934 | ---- | M] () -- C:\Windows\SysWow64\cchservice.err [2013.01.21 14:58:54 | 000,009,086 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Zu bezahlen.odt [2013.01.21 14:52:29 | 000,008,371 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Deutscher Bauernverband Praktikum.odt [2013.01.21 12:14:10 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.01.19 16:22:18 | 004,178,040 | ---- | M] (Piriform Ltd) -- C:\Program Files\ccsetup326.exe [2013.01.19 16:04:21 | 105,661,272 | ---- | M] () -- C:\Program Files\avira_free_antivirus_de.exe [2013.01.19 15:32:44 | 000,016,227 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Tabelle Test.odt [2013.01.19 12:24:55 | 000,012,793 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Documents\Imperativ Übung Sätze 2.odt [2013.01.19 12:24:25 | 000,013,615 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Documents\Imperativ Übung Verben 2.odt [2013.01.19 12:23:47 | 000,016,176 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Documents\Imperativ Übung Sätze-Lösungen 2.odt [2013.01.12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.10 08:33:13 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.10 08:32:39 | 020,151,664 | ---- | M] (Mozilla) -- C:\Program Files\Firefox Setup 18.0.exe [2013.01.10 08:29:37 | 017,301,984 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\AdobeAIRInstaller.exe [2013.01.09 16:27:29 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.09 16:27:29 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.09 12:09:59 | 000,424,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.09 12:01:30 | 001,520,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.09 12:01:30 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.09 12:01:30 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.09 12:01:30 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.09 12:01:30 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.08 12:15:31 | 000,008,726 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\HPG 19-02-2013.odt [2013.01.06 11:51:05 | 000,008,465 | ---- | M] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\trude.odt [2013.01.06 11:35:52 | 010,000,984 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\aio_install.exe [2013.01.04 08:37:26 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.24 11:49:11 | 000,574,315 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\adwcleaner.exe [2013.01.24 09:53:56 | 000,002,767 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Local\recently-used.xbel [2013.01.23 21:06:22 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip.lnk [2013.01.23 14:20:55 | 000,001,089 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.01.23 14:20:55 | 000,001,052 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013.01.21 14:50:03 | 000,008,371 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Deutscher Bauernverband Praktikum.odt [2013.01.21 10:02:14 | 000,000,537 | ---- | C] () -- C:\Windows\wininit.ini [2013.01.20 10:27:08 | 000,013,934 | ---- | C] () -- C:\Windows\SysWow64\cchservice.err [2013.01.19 14:19:29 | 000,016,227 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Tabelle Test.odt [2013.01.19 12:24:53 | 000,012,793 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Documents\Imperativ Übung Sätze 2.odt [2013.01.19 12:24:23 | 000,013,615 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Documents\Imperativ Übung Verben 2.odt [2013.01.19 12:19:06 | 000,016,176 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Documents\Imperativ Übung Sätze-Lösungen 2.odt [2013.01.16 14:56:19 | 000,011,582 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Elternsprechtag Jan 2013.odt [2013.01.13 17:50:56 | 000,009,086 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\Zu bezahlen.odt [2013.01.07 10:22:14 | 000,008,726 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\HPG 19-02-2013.odt [2012.12.30 12:54:17 | 000,008,465 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\Desktop\trude.odt [2012.12.22 10:27:42 | 000,002,851 | ---- | C] () -- C:\Program Files\cdroms.cfg [2012.12.22 10:27:40 | 000,119,808 | ---- | C] () -- C:\Program Files\waiting.avi [2012.12.22 10:27:40 | 000,067,473 | ---- | C] () -- C:\Program Files\realplay.chm [2012.12.22 10:27:40 | 000,027,278 | ---- | C] () -- C:\Program Files\frw.bmp [2012.12.22 10:27:40 | 000,016,296 | ---- | C] () -- C:\Program Files\realtfon.fon [2012.12.22 10:27:31 | 000,476,724 | ---- | C] () -- C:\Program Files\converter.vs [2012.12.22 10:27:23 | 000,045,428 | ---- | C] () -- C:\Program Files\sharemedia.vs [2012.12.22 10:27:23 | 000,001,209 | ---- | C] () -- C:\Program Files\flvplay.swf [2012.12.22 10:27:22 | 000,033,157 | ---- | C] () -- C:\Program Files\RealNetworks License.html [2012.12.22 10:27:22 | 000,033,157 | ---- | C] () -- C:\Program Files\playrlic.html [2012.12.22 10:27:21 | 001,109,306 | ---- | C] () -- C:\Program Files\normal.vs [2012.12.22 10:27:21 | 000,061,495 | ---- | C] () -- C:\Program Files\ssimages.vs [2012.12.22 10:27:21 | 000,000,480 | ---- | C] () -- C:\Program Files\keys.dat [2012.12.22 10:27:17 | 000,001,161 | ---- | C] () -- C:\Program Files\autoplaylist.dat [2012.12.22 10:27:17 | 000,000,043 | ---- | C] () -- C:\Program Files\strs23.dat [2012.12.22 10:27:17 | 000,000,013 | ---- | C] () -- C:\Program Files\strs26.dat [2012.12.22 10:27:16 | 000,427,405 | ---- | C] () -- C:\Program Files\calibrate.rv [2012.12.22 10:27:16 | 000,017,846 | ---- | C] () -- C:\Program Files\videotest.rm [2012.12.22 10:27:16 | 000,000,221 | ---- | C] () -- C:\Program Files\subscription.rnx [2012.12.22 10:27:16 | 000,000,177 | ---- | C] () -- C:\Program Files\freeoffers.rnx [2012.12.15 13:46:18 | 022,916,830 | ---- | C] () -- C:\Program Files\vlc-2.0.5-win32.exe [2012.12.15 13:06:25 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2012.09.27 10:19:36 | 000,013,824 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.20 06:46:53 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll [2012.08.29 08:03:59 | 000,160,350 | ---- | C] () -- C:\Program Files\JavaRa.zip [2012.08.29 07:42:01 | 009,672,192 | ---- | C] () -- C:\Program Files\Adobe_Flash_Player_AX_11.4.402.265_SPS.exe [2012.08.29 07:41:24 | 015,567,360 | ---- | C] () -- C:\Program Files\Adobe_AIR_3.4.0.2540_SPS.exe [2012.08.27 10:09:16 | 152,249,762 | ---- | C] () -- C:\Program Files\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe [2012.08.15 11:05:18 | 009,697,792 | ---- | C] () -- C:\Program Files\ShockwavePlayer_11.6.6.636_SPS.exe [2012.07.15 09:39:36 | 022,657,136 | ---- | C] () -- C:\Program Files\vlc-2.0.2-win32.exe [2012.06.27 07:54:46 | 009,679,360 | ---- | C] () -- C:\Program Files\Shockwaveplayer_11.6.4.634.exe [2012.06.17 18:54:57 | 000,000,271 | ---- | C] () -- C:\Users\Jasmina.NICOJAS-PC\AppData\Roaming\burnaware.ini [2012.06.12 06:48:02 | 007,656,960 | ---- | C] () -- C:\Program Files\cortona3d.msi [2012.06.12 06:05:13 | 000,441,829 | ---- | C] () -- C:\Program Files\ade-tb-13.0.c.xpi [2012.06.11 08:53:53 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.05.29 09:37:28 | 151,893,470 | ---- | C] () -- C:\Program Files\Apache_OpenOffice_incubating_3.4.0_Win_x86_install_de.exe [2012.05.23 17:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.05.23 17:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.05.23 17:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.05.23 17:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.05.22 06:51:22 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.05.19 14:32:36 | 000,278,643 | ---- | C] () -- C:\Program Files\fast_video_download-4.1.6-fx.zip [2012.05.19 14:22:36 | 196,941,888 | ---- | C] () -- C:\Program Files\ALDI Bestellsoftware Setup.exe [2012.05.11 07:57:44 | 029,272,056 | ---- | C] () -- C:\Program Files\SaalDesignSoftware2.9.2.exe [2012.05.05 16:00:03 | 004,998,707 | ---- | C] () -- C:\Program Files\flvplayer_setup20_25.exe [2012.03.27 12:48:40 | 000,253,952 | ---- | C] () -- C:\Program Files\OOo_3.3.9567.500.exe [2012.02.25 09:57:51 | 000,155,536 | ---- | C] () -- C:\Windows\SysWow64\dllcinx.exe [2012.02.25 09:57:49 | 000,000,626 | ---- | C] () -- C:\Windows\SysWow64\nochook.ini [2012.02.25 09:38:55 | 004,998,707 | ---- | C] () -- C:\Program Files (x86)\flvplayer_setup20_25.exe [2012.02.24 16:59:09 | 000,001,226 | ---- | C] () -- C:\Windows\SysWow64\excltmp~.dat [2012.02.24 16:58:29 | 000,000,140 | -H-- | C] () -- C:\Windows\SysWow64\ctlsw.ini [2012.02.24 16:58:29 | 000,000,091 | ---- | C] () -- C:\Windows\SysWow64\SWCTL.DLL [2012.02.24 11:05:44 | 018,980,864 | ---- | C] () -- C:\Program Files\SkypeSetup_5.8.0.156.msi [2012.02.24 10:48:18 | 031,870,976 | ---- | C] () -- C:\Program Files\PXCViewer_x6425201.msi [2012.02.24 10:47:54 | 001,376,768 | ---- | C] () -- C:\Program Files\7z920-x64.msi [2012.02.24 10:35:22 | 105,661,272 | ---- | C] () -- C:\Program Files\avira_free_antivirus_de.exe [2012.02.24 10:15:24 | 168,166,968 | ---- | C] () -- C:\Program Files\OOo_3.3.0_Win_x86_install-wJRE_de.exe [2012.02.22 08:07:19 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.11.30 01:26:12 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.11.30 01:26:09 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.11.30 01:26:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_6B071461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_5B011461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_3B011461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A031461_ca.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A031461_aa.bin [2011.11.30 01:23:23 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_1C011461_61.bin [2011.11.30 01:23:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin [2011.11.30 01:23:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin [2011.11.30 01:23:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin [2011.11.30 01:23:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin [2011.11.30 01:23:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin [2011.11.30 01:23:23 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin [2011.11.30 01:23:23 | 000,000,436 | ---- | C] () -- C:\Windows\11317231_1C0F1461_41.bin [2011.11.30 01:23:23 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin [2011.11.30 01:23:23 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_3B0f1461_ca.bin [2011.11.30 01:23:23 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin [2011.11.30 01:23:23 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin [2011.11.30 01:23:23 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin [2011.11.30 01:23:23 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B011461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin [2011.11.30 01:23:22 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin [2011.11.30 01:23:22 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin [2011.11.30 01:23:22 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin [2011.11.30 01:23:22 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin [2011.11.30 01:23:22 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_0B001461_aa.bin [2011.11.30 01:23:22 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin [2008.04.11 09:11:40 | 000,233,472 | ---- | C] () -- C:\Program Files\VC_RED.MSI [2008.04.11 09:09:38 | 003,797,292 | ---- | C] () -- C:\Program Files\VC_RED.cab [2008.04.11 09:07:18 | 000,005,686 | ---- | C] () -- C:\Program Files\vcredist.bmp [2008.04.11 09:07:18 | 000,001,110 | ---- | C] () -- C:\Program Files\globdata.ini [2008.04.11 09:07:18 | 000,000,843 | ---- | C] () -- C:\Program Files\install.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 24.01.2013 16:36:14 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jasmina.NICOJAS-PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 47,49% Memory free
7,79 Gb Paging File | 5,51 Gb Available in Paging File | 70,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 265,66 Gb Total Space | 80,18 Gb Free Space | 30,18% Space Free | Partition Type: NTFS
Drive D: | 200,00 Gb Total Space | 199,73 Gb Free Space | 99,87% Space Free | Partition Type: NTFS
Computer Name: NICOJAS-PC | User Name: Jasmina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
"DisableConfig" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
"DisableConfig" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B9EF93-80A8-4845-BBEA-E57E652BBCAF}" = rport=445 | protocol=6 | dir=out | app=system |
"{06E9E081-AF16-48F3-A65C-45D38EFFFDC6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13482F04-C479-4714-A5ED-39793B8AAE1D}" = rport=139 | protocol=6 | dir=out | app=system |
"{13E37376-E86C-4019-A725-370DBA1C472E}" = rport=138 | protocol=17 | dir=out | app=system |
"{19ABAAFE-5469-4D69-ADA2-4699E51AAFCF}" = lport=445 | protocol=6 | dir=in | app=system |
"{22BA7DA7-E3C4-47BD-BD6A-B114541112F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2AA89C74-81DA-40D8-903C-81F5681F1A55}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{34E72618-0DA7-47D5-A7A0-F15510D9E758}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{482FEDE2-F7D7-4FCF-BC03-256AAC6974E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49716C09-3F9C-404E-B180-E4081D0BBDC8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4A808828-8225-46D2-87EC-5E577FAB1B3A}" = lport=139 | protocol=6 | dir=in | app=system |
"{6EEE79D5-2A03-486E-9097-D0C7BAD265DF}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{99CBA5AC-9892-45B9-8760-B588F1E908B0}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{A2DF74D5-A568-4A13-A040-D2D95D6C75DE}" = rport=137 | protocol=17 | dir=out | app=system |
"{A3589360-384E-4156-A3A9-B670DC44F140}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{ADCF185E-AB3F-49C7-B4C6-6FEECB08A98F}" = lport=137 | protocol=17 | dir=in | app=system |
"{D9814FB7-C5B3-41F3-913D-6FC368B5C6E6}" = lport=138 | protocol=17 | dir=in | app=system |
"{F82628F2-3F45-4F25-BAAA-14803BF0F409}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DE7700-6E5A-4350-9F44-2A7432769CCB}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{02F141FE-498D-4574-A66D-58E2561D793C}" = protocol=17 | dir=in | app=c:\program files (x86)\2k sports\nba 2k13\nba2k13.exe |
"{126782C9-2354-44F3-8F23-A92D102A4E93}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{2F2EB0A3-4B90-4E33-8C0C-80A6A9C83A72}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{2F5BDC80-D4CF-46DA-BFFF-FB1A05C2693B}" = protocol=17 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe |
"{300ACAB8-ACF5-4FC8-A2ED-1BF12C2151CD}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{36C3CA04-80CA-4D39-B6C5-AF220F844087}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{3AB28388-7EB4-46AA-8C6D-806B6571D56D}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{3B630698-B25B-41DF-8EF9-E2B396B0B083}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{3CAEF7AF-5FBE-4237-9D6F-D6C0A7991314}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{3E609762-8618-4993-A50C-77D22F878630}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{43CBC248-7E0B-477C-8DB0-449AE476C7D5}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{45B64134-8F9D-49F1-8940-F8D85BA68411}" = protocol=6 | dir=in | app=c:\program files (x86)\2k sports\nba 2k13\nba2k13.exe |
"{461D9763-7840-401C-8EA8-A9016EAFB6A0}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{4B4AC4D5-F226-4ED8-91F7-5BF8E74E2912}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{4D4EFD79-8431-489B-ACBF-22842823D940}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5CE13E4F-212C-42A3-98D7-C10DCBBAEAB8}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{6286D4F7-67FF-4293-AA87-AC04E642A996}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{673EE027-9D91-408D-8E7F-F9EAE8AA5195}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\firmware\kodakaioupdater.exe |
"{7FBC02D6-A43E-46B5-B55E-F878996E72CA}" = protocol=6 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"{80514CFD-8048-4C14-B844-9891D4854D21}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{83AF232F-8E60-4AE4-91F3-177AADA4C95D}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{86B3BA1A-EB42-41EB-8BE5-ED2F3CCD803F}" = protocol=17 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe |
"{8A47FCBE-4950-4015-8D01-2C2AC9895ED7}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{8A76F869-12AA-4BBE-8D9F-B97FFECBF30E}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\aiohomecenter.exe |
"{91EB51CE-59DF-48E1-BAF4-52E98B8F4352}" = protocol=17 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe |
"{97EB7143-70C5-495B-B9AF-62423A6EB4CC}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{9B906E24-8273-4393-AA06-F8A6FDA9FFC3}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{9E64C8F7-38F7-4211-9F24-27502D9F9377}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{A2834B87-C86E-4D08-90B2-DA67BCA1716B}" = protocol=6 | dir=in | app=c:\program files (x86)\cyanide\gamecenter\gamecenter.exe |
"{A301FAD5-5412-4D17-BFE7-FECBF23E370B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A7F89437-5CF4-4291-AC2D-3A780F3ABEE7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BD7E8F19-BBB9-4C22-A1A9-13145F003618}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BE688A9C-1735-4E3E-A89C-BC83633D49E9}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{BF64C12D-723D-4411-A3FB-77E0F02E6A4A}" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\aio\center\kodak.statistics.exe |
"{C290BE6A-1286-4F6B-8429-B0EC7335FEE4}" = protocol=6 | dir=in | app=d:\tobit radio.fx\server\rfx-server.exe |
"{C8790961-8656-4860-9076-A2D6623D10E5}" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\aio\center\networkprinterdiscovery.exe |
"{CC860D3A-C81A-4786-878A-4D6E17556474}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{CD406032-BF04-4303-912E-D7130F577CF8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CD7240F0-B94F-46EF-926F-AAE573567F82}" = protocol=6 | dir=in | app=d:\tobit radio.fx\client\rfx-client.exe |
"{DC484A61-D39E-484F-ABAC-79D0B001A970}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{E590CA35-BF4B-43AB-AD11-E1DFA3E5E85F}" = dir=in | app=c:\program files (x86)\dell stage\videostage\videostage.exe |
"{EB9E90E3-6809-4C85-8486-954384E4415E}" = protocol=17 | dir=in | app=c:\programdata\kodak\installer\setup.exe |
"TCP Query User{2C129A0F-15ED-4EB5-B1D1-52762861834F}C:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{415EE727-2686-4681-A0CC-B633456BC9A1}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{44F9B41D-F81E-4237-B65C-495E923A0A91}C:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{56412238-720A-46B5-A739-61A80F922067}C:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe |
"TCP Query User{9B9701E4-29D1-4FF2-979C-8597475BDD6F}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{D1677699-5DF9-4125-9F3C-4687B71E4538}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{E0CFE6E6-8D1F-4EA9-8CB2-172678AAC4F5}C:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe |
"UDP Query User{01DE79D1-8DE7-4447-ADB8-56C8B3C7497B}C:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{2F8A7DF9-1087-41D1-8A2C-9992D60A33F1}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{40F012E4-AE29-44CC-BD71-803C69499479}C:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe |
"UDP Query User{5DEF9C85-2CF8-4430-B799-143CCE815566}C:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\nico.nicojas-pc\appdata\roaming\spotify\spotify.exe |
"UDP Query User{7D3AE024-0E92-4F74-A165-5F405D7115A1}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{BA636B01-B9F1-4665-9285-7B080D1B5368}C:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\nico.nicojas-pc\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{FC56FE20-5872-4926-A640-6CA999CC5F9B}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D98F04D-11A1-4B64-A406-43292B9EEE90}" = Dell PhotoStage
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E90B7F4-1817-4405-B4A5-E4EA5EC0E2B3}" = Dell MusicStage
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet-TV für Windows Media Center
"{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D96B6543-A0C0-4351-AF96-73DEF1DD6820}" = NBA 2K13
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DEACDFFA-D424-416F-B849-FA282F55B2CE}" = Cortona3D Viewer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK All-in-One Software
"{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}" = Dell Stage
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALDI Bestellsoftware" = ALDI Bestellsoftware 4.12.1
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.81
"Avira AntiVir Desktop" = Avira Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"ExpressBurn" = Express Burn
"ExpressRip" = Express Rip
"ExpressZip" = Express Zip
"FLV Player" = FLV Player 2.0 (build 25)
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.10.32.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Kindersicherung_is1" = Kindersicherung 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MixPad" = MixPad Audiodatei-Mixer
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PrintProjects" = PrintProjects
"RealPlayer 16.0" = RealPlayer
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"Tobit Radio.fx Server 1" = WDR RadioRecorder
"Video Converter" = Video Converter
"VLC media player" = VLC media player 2.0.5
"WavePad" = WavePad Audiobearbeitungs-Software
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1835506289-3229931497-3952218681-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.10.2012 06:21:15 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 439
Description = Windows (2888) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 24.10.2012 06:24:30 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 490
Description = Windows (2888) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 24.10.2012 06:24:30 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 439
Description = Windows (2888) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 24.10.2012 06:26:43 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 490
Description = Windows (2888) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 24.10.2012 06:26:43 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 439
Description = Windows (2888) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 24.10.2012 06:26:53 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 490
Description = Windows (2888) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 24.10.2012 06:26:53 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 439
Description = Windows (2888) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 24.10.2012 06:27:03 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 490
Description = Windows (2888) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 24.10.2012 06:27:03 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 439
Description = Windows (2888) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
Error - 24.10.2012 06:44:26 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 490
Description = Windows (2888) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 24.10.2012 06:44:26 | Computer Name = NicoJas-Pc | Source = ESENT | ID = 439
Description = Windows (2888) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk
konnte nicht geschrieben werden. Fehler -1032.
[ Media Center Events ]
Error - 20.03.2012 15:11:39 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 20:11:34 - Fehler beim Herstellen der Internetverbindung. 20:11:34
- Serververbindung konnte nicht hergestellt werden..
Error - 20.03.2012 16:11:42 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 21:11:42 - Fehler beim Herstellen der Internetverbindung. 21:11:42
- Serververbindung konnte nicht hergestellt werden..
Error - 20.03.2012 16:11:51 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 21:11:47 - Fehler beim Herstellen der Internetverbindung. 21:11:47
- Serververbindung konnte nicht hergestellt werden..
Error - 05.05.2012 14:52:38 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 20:44:58 - EpgListing.enc konnte nicht abgerufen werden (Fehler: HTTP-Status
404: Die angeforderte URL ist auf diesem Server nicht vorhanden. )
Error - 22.05.2012 14:13:50 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 20:13:50 - Fehler beim Herstellen der Internetverbindung. 20:13:50
- Serververbindung konnte nicht hergestellt werden..
Error - 22.05.2012 14:14:07 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 20:13:55 - Fehler beim Herstellen der Internetverbindung. 20:13:55
- Serververbindung konnte nicht hergestellt werden..
Error - 13.07.2012 14:26:21 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 20:26:21 - Fehler beim Herstellen der Internetverbindung. 20:26:21
- Serververbindung konnte nicht hergestellt werden..
Error - 13.07.2012 14:26:39 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 20:26:27 - Fehler beim Herstellen der Internetverbindung. 20:26:27
- Serververbindung konnte nicht hergestellt werden..
Error - 24.08.2012 15:46:57 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 21:46:57 - Fehler beim Herstellen der Internetverbindung. 21:46:57
- Serververbindung konnte nicht hergestellt werden..
Error - 24.08.2012 15:47:42 | Computer Name = NicoJas-Pc | Source = MCUpdate | ID = 0
Description = 21:47:11 - Fehler beim Herstellen der Internetverbindung. 21:47:11
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 24.01.2013 02:20:57 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 24.01.2013 02:21:31 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 24.01.2013 05:23:15 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 24.01.2013 05:23:48 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 24.01.2013 06:59:46 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 24.01.2013 07:00:14 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 24.01.2013 11:21:45 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 24.01.2013 11:21:57 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
Error - 24.01.2013 11:27:53 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 24.01.2013 11:29:49 | Computer Name = NicoJas-Pc | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SBRE
< End of report >
|
|
24.01.2013, 16:54
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Infizierte Dateiobjekte in der Registry Hm, da ist immer noch Toolbar-Müll drin Bitte mal den aktuellen adwCleaner runterladen, also die alte adwcleaner löschen und neu runterladen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Infizierte Dateiobjekte in der Registry |
| ad-aware, aktion, anhang, avira, bösartig, ergebnisse, folge, folgendes, funktionier, gefunde, hoffe, infizierte, liste, logfile, meldung, microsoft, programme, registrierung, registry, scan, software, weiterhelfen, win32/sweetim.c, windows, windows.tool.disabled |
Linear-Darstellung
