|
Plagegeister aller Art und deren Bekämpfung: Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändernWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.02.2013, 18:19 | #1 |
| Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern Hallo habe mir da was eingefangen. Lässt sich nicht löschen beziehungsweise ändern per Regedit bzw. MalwareBytes bitte um eure Hilfe! MfG SiRo HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load C:\Users\SIRO-C~1\LOCALS~1\Temp\msszfa.exe HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Startup C:\Users\SiRo-CoOl\AppData\Roaming\Mining\Mining.exe (weiß nicht ob das ganz weg ist!) OTL Extras logfile Code:
ATTFilter OTL Extras logfile created on: 05.02.2013 18:04:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SiRo-CoOl\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,97 Gb Total Physical Memory | 12,17 Gb Available Physical Memory | 76,22% Memory free 15,97 Gb Paging File | 12,07 Gb Available in Paging File | 75,59% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,79 Gb Total Space | 74,80 Gb Free Space | 66,92% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 352,88 Gb Free Space | 37,88% Space Free | Partition Type: NTFS Drive E: | 310,41 Gb Total Space | 116,00 Gb Free Space | 37,37% Space Free | Partition Type: NTFS Drive F: | 310,50 Gb Total Space | 308,63 Gb Free Space | 99,40% Space Free | Partition Type: NTFS Drive I: | 1862,98 Gb Total Space | 1228,33 Gb Free Space | 65,93% Space Free | Partition Type: NTFS Computer Name: SION | User Name: SiRo-CoOl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-2267972725-1089021970-2960566764-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "f:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "f:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Enqueue] -- "F:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "F:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "f:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "f:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Enqueue] -- "F:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "F:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03DE8877-9C91-459E-B3EB-C816A3826B58}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{0820D4D3-478C-4508-958A-E422D7568CD0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0F2580EB-4250-428A-9C0C-32015F90E0D6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{15A58C8D-61AF-4760-A344-9D57EB8FC4C3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1CCAD4A5-B2E2-4C70-9D74-4DA776ACBFAE}" = rport=139 | protocol=6 | dir=out | app=system | "{231472F3-C36F-4215-89E2-431D5F17B16F}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{2857AF48-81FA-4B3F-9B35-C7CE60FED792}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{33CABACB-2A39-418D-B972-CF61D14BD936}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{365ED496-2238-4D6E-B10A-D22EBC8D1986}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{3B0F077A-283F-4A39-A36D-E336300BB3BA}" = rport=138 | protocol=17 | dir=out | app=system | "{3F3364AF-7D6D-4260-A742-91D839744664}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{4A74AEA5-D238-48FD-B7D2-A1559E73E506}" = rport=137 | protocol=17 | dir=out | app=system | "{597B81C3-E086-49D9-90CC-82EF1D31B17C}" = lport=2869 | protocol=6 | dir=in | app=system | "{74B0BFEB-78D5-4307-B470-625C64E931F6}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{77CA443E-821E-4427-82E1-1E2B7771C191}" = lport=137 | protocol=17 | dir=in | app=system | "{789CC276-1755-4132-90A1-ADF9B48B9548}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{7CCDDC5D-C246-4FEC-B620-6E4BB45019C3}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{7F9B30DF-255E-4CEF-B0DB-91D39AF86D43}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | "{802831E0-2620-4F21-A0B2-F6D632656780}" = lport=10243 | protocol=6 | dir=in | app=system | "{850ABFCF-128C-4326-BEC0-82E2416F2ED0}" = lport=139 | protocol=6 | dir=in | app=system | "{86389A9A-E9DC-4C02-B035-C026CEE4F266}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8B324B2D-215D-44F7-B7C4-1B451CECF15F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8E698EBB-7665-4639-B8CA-094EC0FE4C0B}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{8FE56E51-18B0-408D-8787-223A71ED2DBD}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | "{A7674991-9E83-4008-9C1D-9E6987E7856D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A7A4F9DF-2523-47CE-84E8-398FFB327207}" = rport=445 | protocol=6 | dir=out | app=system | "{AB6C4F58-A9EF-409B-865D-38AE175FD34C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C0F8970C-8AFC-4941-B9C3-EE9B19544C3D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C2D9688D-F32E-4AA3-BA21-65FBE5C830FF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CD05588B-220D-4CEA-B905-ED639642BE7F}" = lport=445 | protocol=6 | dir=in | app=system | "{D51E3BB9-BC9C-4DF5-B40A-68D0702B13E7}" = rport=10243 | protocol=6 | dir=out | app=system | "{DE3D1D43-9F4A-450F-9AD2-8349B5989C87}" = lport=138 | protocol=17 | dir=in | app=system | "{E9166D4B-1627-4162-B911-28965FE9E4A5}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{007AAFCB-9188-4096-9A96-68F7FADCE1F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{06B75DED-3B6F-40C8-A0A7-F81D135C16B3}" = protocol=17 | dir=in | app=c:\program files (x86)\sybase\sql anywhere 9\win32\dbsrv9.exe | "{09CFBE2B-BBA3-40EE-B6ED-AB0557CFAA9A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0AC9B203-90A4-4E37-8887-5E1FF2DAC224}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{0DFD60F7-9BED-4F49-B602-771F6334F83D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{101D51D8-8B3A-4079-9F41-0788C510C2C1}" = protocol=17 | dir=in | app=e:\origin games\battlefield 3\bf3.exe | "{110071DF-BE55-4BC8-9227-8DCCEB284B74}" = protocol=17 | dir=in | app=e:\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | "{128E3F45-26D0-4C9F-AA5F-CACECC835594}" = protocol=17 | dir=in | app=e:\origin games\battlefield 1942\bf1942.exe | "{133C65F5-B92B-439B-BD28-258AF0D23B49}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{142C5886-C8B8-46D2-8471-D30EB79F626B}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{155008C2-ECDC-4D59-9F1B-B6114A203928}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe | "{1A9493F0-2BCF-4841-8208-8E972B4E7BE5}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | "{205216A6-1169-400E-8449-0D3ECE53844B}" = protocol=6 | dir=in | app=e:\origin games\battlefield 1942\bf1942.exe | "{2064CC99-FBF1-4096-8847-B80B172801FB}" = protocol=6 | dir=out | app=system | "{211CB1A0-C092-45BA-B52B-2A23C021D636}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{27076EF9-26D0-45D5-B4E0-C0A5EC7482F6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{2AF1BAF4-AB45-46E7-B85E-2BB97420E470}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii.exe | "{2D126DEB-78EC-4B61-B193-0B5ECC3EEBF4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{2DD9DBAF-CB6A-4A60-95BC-4322BFBD7DF7}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\metro 2033\metro2033.exe | "{2F0F4A7D-E395-4832-9DB7-6B9FA0A25CCD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | "{306F08FF-3DBE-432A-A99C-82F97F68F063}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{33FA10BB-401B-4573-81DC-6D8AF59CC007}" = protocol=17 | dir=in | app=e:\maxpayne3\playmaxpayne3.exe | "{39D44E93-B3FB-4A03-933E-DFDC9892666C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3B84CC68-3EDB-4935-B093-43F51D558EEB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | "{3BC6E479-BABF-443E-8F6D-20D2FB4BB965}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3F705513-F4AA-4F9F-9399-5A2AC0C88A7E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{44C52794-E8E5-47A4-B80E-7342474A5D42}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{45111898-C0BB-4EDC-95C7-95D99B16A887}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{46E40DB6-ED8F-4B19-9D98-3000A710CBED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{470721D9-0B81-4480-8909-5F6E8A7C6F25}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{47390B5D-DCEE-4CF2-A2E3-BB389250419B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{477ADC69-B775-4CE7-ABA3-5D4622D40EDF}" = protocol=6 | dir=in | app=e:\steam\steam.exe | "{491DE640-569E-4D63-88E1-4D002CCB032D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{4E9370F4-B649-4F0C-8FA1-E68D098AA318}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | "{519C627A-CFF4-45DC-9893-29B4A0F7269E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5309254E-3E30-42D3-BBAD-8C9638F2C062}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\rage\rage.exe | "{59F57AFE-18CB-4765-A89C-BE7D159152D8}" = dir=in | app=c:\users\siro-cool\appdata\local\microsoft\skydrive\skydrive.exe | "{5EFA3847-2623-4A06-8579-D59E4B2C83C0}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{60E55A99-6054-4F27-A351-3905B42308B9}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{6ACD7ED9-F665-4C74-A192-F3C6D08AB38A}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii.exe | "{6AD9F96B-D052-468F-97C5-340C695F2FFC}" = protocol=6 | dir=in | app=f:\idevice manager\software4u.idevicemanager.exe | "{6BE28E6A-0E80-4080-B2C3-CC7938F35F22}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{6F8B792B-4782-4317-BAFA-FE5A0E57D1A9}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\metro 2033\metro2033.exe | "{7036A852-092D-42BD-AA17-57F896351993}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe | "{739964BC-1B57-4F2E-A93B-FC4E5FA9703F}" = protocol=17 | dir=in | app=d:\users\siro-cool\appdata\roaming\icqm\icq.exe | "{758F5B19-98CA-455C-AEAE-A32F72EBEAAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{776F41E4-7069-4A6A-B997-B9D7757EE4DC}" = protocol=6 | dir=in | app=e:\diablo iii\diablo iii.exe | "{81C39D1C-5C1E-4E19-AA6E-1B95E36B2D50}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{858EB46D-D065-49E2-84D1-F892DA7248CE}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\rage\rage.exe | "{88AF1DAD-9D29-4D1A-8497-DCC5BEBAFEE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{88C01CA1-6B95-4848-9ED9-6D5AB032A4A8}" = protocol=6 | dir=in | app=e:\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | "{890186C6-4BC6-4823-A62D-AD8D6AE98A3F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8B32019D-7ACA-4BF1-B9BD-1C7BAF7E45BC}" = protocol=6 | dir=in | app=e:\maxpayne3\playmaxpayne3.exe | "{8CA56819-ECA6-47C0-A5A4-050A456EDCAE}" = protocol=17 | dir=in | app=f:\idevice manager\software4u.idevicemanager.exe | "{8CC8C808-3609-47C6-947F-284558A25A58}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{8D4CB017-5CA8-4F09-BC4F-389079B7A357}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8EB724DE-5EA1-4218-8EE0-358D21DC7E50}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{8F49DE6C-0C4A-4D64-887E-15C71DB34933}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9523BA88-ACDD-42B4-A140-4FA03EA33ED6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{9B2F2585-D23C-49FC-8CA7-6FC08CA826B7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{9B657C54-33D7-480C-9B59-CD6FE55DD799}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{A590994B-047A-4369-9934-2CA25D04424D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A683330D-E6CB-4A74-B123-6D198AC950B1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{A7F146B2-E355-491B-A844-FC9076522039}" = protocol=17 | dir=in | app=e:\diablo iii\diablo iii.exe | "{A8E2CD23-189D-4B17-B998-B746A3DCC38B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{AAACC749-8747-48DB-91A4-D4AFF5EAA572}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{AB3E7E5F-C825-4B19-A735-6E174C799A44}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | "{B4C9C664-E8D4-438D-A1E8-98FC529A0572}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\asus mobilink\iphone simulator\pnsvc.exe | "{B824712B-4A41-4F5A-ACA4-AEF5AB66E2B4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | "{B9644F5E-4E8C-4803-B46C-C0D943CD253A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{BC6CCBA7-E442-4317-8046-42257F79EA22}" = protocol=6 | dir=in | app=c:\program files (x86)\sybase\sql anywhere 9\win32\dbsrv9.exe | "{BDB74E53-BDFB-40A8-916C-81CF1A4B0F81}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{C1918FA6-0464-4C63-A458-784E7CF74FF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C955907C-A9EB-43CC-9D90-E6CDD9D13C95}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{DB5B00B7-3CDB-43B6-83C2-DC65DD3AF2DB}" = protocol=6 | dir=in | app=d:\users\siro-cool\appdata\roaming\icqm\icq.exe | "{DDEB9370-C1FD-419D-B00C-7E1CEC8DEA7C}" = protocol=6 | dir=in | app=e:\origin games\battlefield 3\bf3.exe | "{E29610B3-BF25-47F6-B56C-5D8AA7288A8C}" = dir=in | app=f:\itunes\itunes.exe | "{E2F52681-3886-421D-A8D8-3A4907B511E1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{E30C774C-57F4-4ECE-AD42-B90C291A6BD9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{E752FB11-C6A4-4FF3-9D8B-344A68B29970}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EBF0EE27-6FB7-4356-95E7-C285DFD6B865}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FACD9BE2-D049-4EBB-AB33-C2367F504DC6}" = protocol=17 | dir=in | app=e:\steam\steam.exe | "{FE66744F-4303-40DA-B224-90970C7175AF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "TCP Query User{85F6303A-072F-4AB5-97CD-366C91CF800D}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe | "UDP Query User{F3EA2EEB-C7B3-4B6A-BEEF-760E938AE688}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64) "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit) "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64 "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64 "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4 "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-1000-0000000FF1CE}_Office14.SingleImage_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-1000-0000000FF1CE}_Office14.SingleImage_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-1000-0000000FF1CE}_Office14.SingleImage_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010 "{90140000-0043-0407-1000-0000000FF1CE}_Office14.SingleImage_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-1000-0000000FF1CE}_Office14.SingleImage_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64 "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit) "{D54ADF6B-2164-4394-AF70-2778422E9DD8}" = Intel(R) Network Connections 17.4.95.0 "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4 "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter "4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) "CCleaner" = CCleaner "CPUID CPU-Z_is1" = CPUID CPU-Z 1.61.3 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Office14.SingleImage" = Microsoft Office Home and Student 2010 "PROSetDX" = Intel(R) Network Connections 17.4.95.0 "sp6" = Logitech SetPoint 6.32 "TeamSpeak 3 Client" = TeamSpeak 3 Client "VLC media player" = VLC media player 2.0.5 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 8.0 Banner Remover 1.0 "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4 "{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR "{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3 "{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4 "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler "{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman) "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4 "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer "{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3DD8DC4E-B908-4CC6-9F42-ACEF950D8797}" = LightScribe Template Labeler "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT) "{3FF8E8A7-5BA8-4D9E-B976-B05B2B00B0AE}" = Microsoft Expression Web 4 "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update "{41910260-4532-4734-8181-3E8AFDBB05D7}" = EasyBoost "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit "{448DA1AD-D1CA-4967-8EFA-9482F31E7BFD}" = Lexware Datenbank plus 2012 "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4 "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4 "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs "{53646626-11D9-33C6-8BB1-472536192DC4}" = Google Talk Plugin "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{5588D686-D23B-4C9D-BDFA-2A7875CD3722}" = GIGABYTE OC_GURU II "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter "{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™ "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2 "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{6AB4E5CD-0062-48E8-96A3-E5B4486DFCB3}" = Lexware buchhalter 2013 "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6B54B1AE-EBCA-48BE-92AF-61D02118F093}" = Lexware online banking "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71972D00-4596-11E2-B6EA-B8AC6F97B88E}" = Google Earth Plug-in "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7FB64E72-9B0E-4460-A821-040C341E414A}" = ASUS Ai Charger "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{90538B62-F392-4DE1-B886-7B48123866E9}" = LightScribe System Software "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F6BFB0F-6B1F-4D1A-A9DA-42F6794C9188}" = Lexware Elster "{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo "{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA12545D-5EB8-4078-AFD9-8E8DC0AE3A76}" = GIGABYTE VGA @BIOS "{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch "{AC76BA86-1033-F400-7760-000000000004}_953" = Adobe Acrobat 9.5.3 - CPSID_83708 "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4 "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4 "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B5EDE97F-29A3-4A18-B9AE-CBE33DD2ED61}" = Tukui Update Utility "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack "{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4 "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{BE672587-331F-42F7-BC38-D59759311C75}" = Lexware reisekosten plus 2012 "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter "{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer "{D34A78EB-78F2-48ab-8CAE-5D4DC255A491}" = Lexware reisekosten plus 2012 "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F289D934-2224-473B-B57E-0040D2693F83}" = TAXMAN 2013 "{F8511A0F-D91D-4E3D-A59C-3CA8FB8EAFE8}" = MechWarrior Online "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs "{FBD7A67D-D700-4043-B54F-DD106D00F308}" = LameXP "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection "AnyDVD" = AnyDVD "Audacity_is1" = Audacity 2.0.3 "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber MP3-Plugin (64 bit) "Battlelog Web Plugins" = Battlelog Web Plugins "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "CrystalDiskInfo_is1" = CrystalDiskInfo 5.0.4 "Diablo III" = Diablo III "ESN Sonar-0.70.4" = ESN Sonar "Exact Audio Copy" = Exact Audio Copy 1.0beta3 "FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager "FileZilla Client" = FileZilla Client 3.6.0.2 "GOGPACKDUKE3D_is1" = Duke Nukem 3D "InstallShield_{41910260-4532-4734-8181-3E8AFDBB05D7}" = EasyBoost "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}" = GIGABYTE OC_GURU II "LAME_is1" = LAME v3.99.3 (for Windows) "MagniDriver" = marvell 91xx driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Max Payne 3 DLC" = Max Payne 3 DLC "Messenger Plus!" = Messenger Plus! "Messenger Plus! for Skype" = Messenger Plus! for Skype "Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de) "Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.52 "N360" = Norton 360 "Notepad++" = Notepad++ "Origin" = Origin "PS3 Media Server" = PS3 Media Server "PunkBusterSvc" = PunkBuster Services "RocketDock_is1" = RocketDock 1.3.5 "Rockstar Games Social Club" = Rockstar Games Social Club "StarCraft II" = StarCraft II "Steam App 43110" = Metro 2033 "Steam App 49520" = Borderlands 2 "Steam App 9200" = RAGE "TeamViewer 7" = TeamViewer 7 "Web_4.0.1460.0" = Microsoft Expression Web 4 "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials "World of Warcraft" = World of Warcraft "XnView Shell Extension_is1" = XnView Shell Extension 3.2.0 (64bits) "XnView_is1" = XnView 1.99.1 "xp-AntiSpy" = xp-AntiSpy 3.98-2 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2267972725-1089021970-2960566764-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{74d11f91-05cc-44f6-8e49-94fe7f33c79b}" = MechWarrior Online "101a9f93b8f0bb6f" = Curse Client "Google Chrome" = Google Chrome "ICQ" = ICQ 8.0 (build 5989, für aktuellen Benutzer) "Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de) "SkyDriveSetup.exe" = Microsoft SkyDrive "SOE-E:/PlanetSide 2 PSG" = gamelauncher-ps2-psg "soe-PlanetSide 2 PSG" = PlanetSide 2 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2267972725-1089021970-2960566764-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{74d11f91-05cc-44f6-8e49-94fe7f33c79b}" = MechWarrior Online "101a9f93b8f0bb6f" = Curse Client "Google Chrome" = Google Chrome "ICQ" = ICQ 8.0 (build 5989, für aktuellen Benutzer) "Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de) "SkyDriveSetup.exe" = Microsoft SkyDrive "SOE-E:/PlanetSide 2 PSG" = gamelauncher-ps2-psg "soe-PlanetSide 2 PSG" = PlanetSide 2 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 04.02.2013 13:14:05 | Computer Name = SION | Source = Bonjour Service | ID = 100 Description = ERROR: handle_resolve_request bad interfaceIndex 16 Error - 04.02.2013 15:29:45 | Computer Name = SION | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 04.02.2013 22:53:33 | Computer Name = SION | Source = Microsoft-Windows-WMI | ID = 10 Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error - 04.02.2013 23:00:39 | Computer Name = SION | Source = Microsoft-Windows-WMI | ID = 10 Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error - 05.02.2013 01:23:13 | Computer Name = SION | Source = Microsoft-Windows-WMI | ID = 10 Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error - 05.02.2013 01:48:42 | Computer Name = SION | Source = Microsoft-Windows-WMI | ID = 10 Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error - 05.02.2013 02:18:22 | Computer Name = SION | Source = Microsoft-Windows-WMI | ID = 10 Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error - 05.02.2013 07:16:17 | Computer Name = SION | Source = Microsoft-Windows-WMI | ID = 10 Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error - 05.02.2013 07:29:11 | Computer Name = SION | Source = Microsoft-Windows-WMI | ID = 10 Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error - 05.02.2013 07:46:15 | Computer Name = SION | Source = Microsoft-Windows-WMI | ID = 10 Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. Error - 05.02.2013 12:10:20 | Computer Name = SION | Source = Microsoft-Windows-WMI | ID = 10 Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden. [ System Events ] Error - 03.12.2012 10:24:17 | Computer Name = SION | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Uim_VIM Error - 03.12.2012 10:24:44 | Computer Name = SION | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 03.12.2012 13:51:23 | Computer Name = SION | Source = volmgr | ID = 262190 Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Error - 03.12.2012 13:51:32 | Computer Name = SION | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Uim_VIM Error - 03.12.2012 13:52:07 | Computer Name = SION | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 04.12.2012 02:04:02 | Computer Name = SION | Source = volmgr | ID = 262190 Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Error - 04.12.2012 02:04:12 | Computer Name = SION | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: Uim_VIM Error - 04.12.2012 02:04:31 | Computer Name = SION | Source = Service Control Manager | ID = 7000 Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 04.12.2012 03:48:44 | Computer Name = SION | Source = DCOM | ID = 10010 Description = Error - 04.12.2012 03:48:48 | Computer Name = SION | Source = Service Control Manager | ID = 7043 Description = Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. < End of report > |
05.02.2013, 18:20 | #2 |
| Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern OTL logfile
__________________Code:
ATTFilter OTL logfile created on: 05.02.2013 18:04:14 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SiRo-CoOl\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,97 Gb Total Physical Memory | 12,17 Gb Available Physical Memory | 76,22% Memory free 15,97 Gb Paging File | 12,07 Gb Available in Paging File | 75,59% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,79 Gb Total Space | 74,80 Gb Free Space | 66,92% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 352,88 Gb Free Space | 37,88% Space Free | Partition Type: NTFS Drive E: | 310,41 Gb Total Space | 116,00 Gb Free Space | 37,37% Space Free | Partition Type: NTFS Drive F: | 310,50 Gb Total Space | 308,63 Gb Free Space | 99,40% Space Free | Partition Type: NTFS Drive I: | 1862,98 Gb Total Space | 1228,33 Gb Free Space | 65,93% Space Free | Partition Type: NTFS Computer Name: SION | User Name: SiRo-CoOl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\SiRo-CoOl\Downloads\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\weegfw.exe (ArcSoft ) PRC - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe () PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.) PRC - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe () PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe () PRC - C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.) PRC - F:\RocketDock\RocketDock.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c4fa75aed82f50d4a7831755a0c4f7b2\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\521a6a2a0bdc82ad5f0ec5aecb6b8c82\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () MOD - C:\Program Files (x86)\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll () MOD - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMLib.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.2.1.22\wincfi39.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\Bluetooth Go!\BluetoothGo.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\AsNetlib.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\CpuFreq.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll () MOD - C:\Windows\SysWOW64\IccLibDll.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\asacpiEx.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\aaHMLib.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pngio.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\ImageHelper.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AssistFunc.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\aaHMLib.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll () MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll () MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.deu () MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsMultiLang.dll () MOD - F:\RocketDock\RocketDock.exe () MOD - F:\RocketDock\RocketDock.dll () ========== Services (SafeList) ========== SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation) SRV - (MsgPlusService) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe (Symantec Corporation) SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe () SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (Lexware_Datenbank_Plus) -- C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.) SRV - (DTSAudioService) -- C:\Programme\Realtek\Audio\HDA\DTSAudioService64.exe (DTS) SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe () SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symefa64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symds64.sys (Symantec Corporation) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symnets.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ironx64.sys (Symantec Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtspx64.sys (Symantec Corporation) DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon) DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider) DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon) DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.) DRV:64bit: - (mvs91xx) -- C:\Windows\SysNative\drivers\mvs91xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (mv91cons) -- C:\Windows\SysNative\drivers\mv91cons.sys (Marvell Semiconductor Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.) DRV:64bit: - (ICCWDT) -- C:\Windows\SysNative\drivers\ICCWDT.sys (Intel Corporation) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130205.003\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130205.003\eng64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130116.013\BHDrvx64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130202.001\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D 76 23 87 92 8B CD 01 [binary data] IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D 76 23 87 92 8B CD 01 [binary data] IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: guiconfig%40slosd.net:1.2.2 FF - prefs.js..extensions.enabledAddons: %7B097d3191-e6fa-4728-9826-b533d755359d%7D:0.7.18 FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.5 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.5 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4 FF - prefs.js..extensions.enabledAddons: %7B77d2ed30-4cd2-11e0-b8af-0800200c9a66%7D:5.5 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: F:\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: f:\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\SiRo-CoOl\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\SiRo-CoOl\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\SiRo-CoOl\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\SiRo-CoOl\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.02.05 17:10:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2012.11.28 01:34:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 07:25:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: F:\Mozilla Thunderbird\components [2013.01.28 15:31:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: F:\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 07:25:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: F:\Mozilla Thunderbird\components [2013.01.28 15:31:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: F:\Mozilla Thunderbird\plugins [2012.09.05 20:20:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\Extensions [2013.02.01 04:15:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\Firefox\Profiles\vhl1fqfy.default\extensions [2013.01.08 20:26:56 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\Firefox\Profiles\vhl1fqfy.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2013.02.01 04:15:57 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\Firefox\Profiles\vhl1fqfy.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2012.12.16 09:58:06 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\Firefox\Profiles\vhl1fqfy.default\extensions\ich@maltegoetz.de [2012.09.05 20:55:51 | 000,174,405 | ---- | M] () (No name found) -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\firefox\profiles\vhl1fqfy.default\extensions\guiconfig@slosd.net.xpi [2012.09.06 18:01:27 | 000,455,379 | ---- | M] () (No name found) -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\firefox\profiles\vhl1fqfy.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2013.01.30 21:00:53 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\firefox\profiles\vhl1fqfy.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.11.20 19:27:22 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\firefox\profiles\vhl1fqfy.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2013.01.26 14:12:42 | 000,002,376 | ---- | M] () -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\firefox\profiles\vhl1fqfy.default\searchplugins\icq.xml [2012.09.09 09:46:48 | 000,004,140 | ---- | M] () -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\firefox\profiles\vhl1fqfy.default\searchplugins\youtube.xml [2013.01.19 07:25:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.19 07:25:48 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.08.25 03:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 03:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.25 03:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 03:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 03:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 03:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Users\SiRo-CoOl\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - Extension: Angry Birds = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: YouTube = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: bloomind ct deepdark = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Extensions\djolekdiiojehgfggcjckachfgkkdmjd\1_0\ CHR - Extension: Bookmarks Menu = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmdedmghpoipeldijkdlcckdpempkdi\3.4.7_0\ CHR - Extension: AirMech = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdahlabpinmfcemhcbcfoijcpoalfgdn\15008_0\ CHR - Extension: Command & Conquer Tiberium Alliances = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe\1.0.8_0\ CHR - Extension: Google Maps = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\ CHR - Extension: Download = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccjoeeljedbmkidebclpoabijggpbdp\0.1.5_0\ CHR - Extension: Google Mail = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.09.10 23:58:02 | 000,001,405 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000..\Run: [ewfwfw] C:\ProgramData\weegfw.exe (ArcSoft ) O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000..\Run: [RocketDock] F:\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000..\Run: [xp-AntiSpy Profile Check] F:\xp-AntiSpy\xp-AntiSpy.exe (Tiger-IT.de) O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008..\Run: [ewfwfw] C:\ProgramData\weegfw.exe (ArcSoft ) O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008..\Run: [icq] C:\Users\UpdatusUser\AppData\Roaming\ICQM\icq.exe -CU File not found O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008..\Run: [RocketDock] F:\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008..\Run: [xp-AntiSpy Profile Check] F:\xp-AntiSpy\xp-AntiSpy.exe (Tiger-IT.de) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000..\RunOnce: [Uninstall C:\Users\SiRo-CoOl\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SiRo-CoOl\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000..\RunOnce: [Uninstall C:\Users\SiRo-CoOl\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SiRo-CoOl\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008..\RunOnce: [Uninstall C:\Users\SiRo-CoOl\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SiRo-CoOl\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008..\RunOnce: [Uninstall C:\Users\SiRo-CoOl\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SiRo-CoOl\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found F3:64bit: - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000 WinNT: Load - (C:\Users\SIRO-C~1\LOCALS~1\Temp\msszfa.exe) - File not found F3 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000 WinNT: Load - (C:\Users\SIRO-C~1\LOCALS~1\Temp\msszfa.exe) - File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3352656A-2115-47C1-A459-32839E5BDAEA}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{75485dd3-f781-11e1-9973-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{75485dd3-f781-11e1-9973-806e6f6e6963}\Shell\AutoRun\command - "" = H:\.\Bin\ASSETUP.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.05 17:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Max Spyware Detector [2013.02.05 17:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Max Secure [2013.02.05 17:38:29 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Local\Max Secure Software [2013.02.05 17:10:22 | 000,000,000 | R--D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.02.05 06:11:40 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\Malwarebytes [2013.02.05 06:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.05 06:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.05 06:11:27 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.05 06:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.05 05:03:44 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\Audacity [2013.02.05 05:03:16 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Local\Programs [2013.02.05 04:54:39 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\redsn0w [2013.02.05 04:48:58 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.05 04:48:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.05 04:48:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.05 04:48:56 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.05 04:48:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.02.04 23:21:33 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\Documents\DCSCMIN [2013.02.04 20:58:15 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\Local Settings [2013.02.04 18:09:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.02.04 18:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.02.04 18:09:39 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2013.02.04 18:09:39 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2013.02.04 18:09:39 | 005,096,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat [2013.02.04 18:09:39 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2013.02.04 18:09:39 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2013.02.04 18:09:39 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.02.04 18:09:39 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.02.04 18:09:39 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.02.04 18:09:39 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2013.02.04 18:09:39 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll [2013.02.04 18:09:39 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll [2013.02.04 18:09:39 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2013.02.04 18:09:39 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.02.04 18:09:39 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2013.02.04 18:09:39 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll [2013.02.04 18:09:39 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2013.02.04 18:09:39 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2013.02.04 18:09:39 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll [2013.02.04 18:09:39 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll [2013.02.04 18:09:39 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll [2013.02.04 18:09:39 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.02.04 18:09:39 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll [2013.02.04 18:09:39 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2013.02.04 18:09:39 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2013.02.04 18:09:39 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.02.04 18:09:39 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2013.02.04 18:09:39 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2013.02.04 18:09:39 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.02.04 18:09:39 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.02.04 18:09:39 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.02.04 18:09:39 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll [2013.02.04 18:09:39 | 000,220,776 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll [2013.02.04 18:09:39 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.02.04 18:09:39 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.02.04 18:09:39 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.02.04 18:09:39 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.02.04 18:09:39 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2013.02.04 18:09:39 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll [2013.02.04 18:09:39 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2013.02.04 18:09:39 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2013.02.04 18:09:39 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll [2013.02.04 18:09:39 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.02.04 18:09:39 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll [2013.02.04 18:09:39 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll [2013.02.04 18:09:39 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.02.04 18:09:39 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2013.02.04 18:09:39 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2013.02.04 18:09:39 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll [2013.02.04 18:09:39 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll [2013.02.04 18:09:38 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2013.02.04 18:09:38 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2013.02.04 18:09:38 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2013.02.04 18:09:38 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2013.02.04 18:09:38 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2013.02.04 18:09:38 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2013.02.04 18:09:38 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2013.02.04 18:09:38 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2013.02.04 18:09:38 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2013.02.04 18:09:38 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2013.02.04 18:09:38 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2013.02.04 18:09:38 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2013.02.03 10:01:15 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.02.03 09:44:28 | 035,753,472 | -H-- | C] (ArcSoft ) -- C:\ProgramData\weegfw.exe [2013.02.03 07:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft [2013.02.03 07:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft [2013.02.01 23:48:06 | 000,060,184 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\HECIx64.sys [2013.02.01 23:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2013.02.01 23:33:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab [2013.02.01 23:32:58 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\SystemRequirementsLab [2013.01.26 14:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ-Banner-Remover [2013.01.26 14:12:40 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ [2013.01.26 14:12:35 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\ICQM [2013.01.26 14:12:13 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\ICQ-Profile [2013.01.26 14:01:07 | 000,047,616 | -H-- | C] (Yuna Software) -- C:\msimg32.dll [2013.01.26 13:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus! for Skype [2013.01.26 13:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yuna Software [2013.01.26 13:16:46 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\Skype [2013.01.26 13:16:42 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.01.26 13:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.01.26 13:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.01.26 13:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.01.26 03:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.01.26 03:00:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 [2013.01.25 19:49:36 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Local\Netviewer [2013.01.25 18:45:43 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\Lexware [2013.01.25 18:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexware [2013.01.25 18:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DataDesign [2013.01.25 18:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SQL Anywhere 11 [2013.01.25 18:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SQL Anywhere 11 [2013.01.25 18:44:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sybase [2013.01.25 18:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware [2013.01.25 18:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\lexware [2013.01.25 18:41:00 | 001,929,216 | ---- | C] (Amyuni Technologies hxxp://www.amyuni.com) -- C:\Windows\SysWow64\cdintf250.dll [2013.01.25 18:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lexware [2013.01.25 18:37:19 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Local\Lexware [2013.01.20 14:15:02 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\gnupg [2013.01.20 13:55:01 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Local\LoRd_MuldeR [2013.01.20 13:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LameXP v4.06 [2013.01.20 09:24:15 | 000,000,000 | --SD | C] -- C:\Users\SiRo-CoOl\Documents\Meine Websites [2013.01.20 09:23:05 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2013.01.20 09:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression [2013.01.20 09:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2013.01.20 09:22:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Expression [2013.01.20 08:35:51 | 000,000,000 | -H-D | C] -- C:\archive_db [2013.01.19 07:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.14 20:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.01.14 20:24:52 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\qualys [2013.01.14 20:18:23 | 000,308,640 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.01.14 20:18:21 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.01.14 20:18:21 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.01.14 20:18:21 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.01.14 20:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.01.14 20:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.01.13 17:48:58 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll [2013.01.10 07:49:04 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.10 07:49:04 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.10 07:48:59 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.10 07:48:59 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.10 07:48:59 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.10 07:48:59 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.10 07:48:59 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.10 07:48:59 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.10 07:48:59 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.10 07:48:59 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.10 07:48:59 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.10 07:48:59 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.10 07:48:59 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.10 07:48:59 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.10 07:48:59 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.10 07:48:59 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.10 07:48:59 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.10 07:48:59 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.10 07:48:59 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.10 07:48:59 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.10 07:48:59 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.10 07:48:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.10 07:48:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.10 07:48:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.10 07:48:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.10 07:48:59 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.10 07:48:59 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.10 07:48:58 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.10 07:48:58 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.10 07:48:58 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.10 07:48:58 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.10 07:48:58 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.10 07:48:58 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.10 07:48:58 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.10 07:48:58 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.10 07:48:58 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.10 07:48:54 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.10 07:48:53 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.10 07:48:53 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.10 07:48:53 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.10 07:48:53 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.10 07:48:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.10 07:48:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.10 07:48:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.10 07:48:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.10 07:48:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.10 07:48:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.10 07:48:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.10 07:48:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.10 07:48:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.10 07:48:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.10 07:48:53 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.10 07:48:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.10 07:48:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.10 07:48:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.10 07:48:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.10 07:48:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.10 07:48:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.10 07:48:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.10 07:48:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.10 07:48:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.10 07:48:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.10 07:48:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.10 07:48:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.10 07:48:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.10 07:48:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.10 07:48:49 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.08 15:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.01.08 15:28:36 | 006,382,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2013.01.08 15:28:36 | 003,455,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2013.01.08 15:28:36 | 002,558,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2013.01.08 15:28:36 | 000,118,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2013.01.08 15:28:36 | 000,063,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2013.01.08 15:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.01.08 15:28:11 | 015,052,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2013.01.08 15:28:11 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll [2013.01.08 15:28:11 | 001,107,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2013.01.08 15:28:11 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2013.01.08 15:28:11 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.05 18:00:01 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2267972725-1089021970-2960566764-1000UA.job [2013.02.05 17:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.05 17:20:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.05 17:18:22 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.05 17:18:22 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.05 17:18:22 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.05 17:18:22 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.05 17:18:22 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.05 17:16:39 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.05 17:16:39 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.05 17:10:23 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.05 17:10:16 | 000,000,035 | -H-- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2013.02.05 17:09:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.05 06:10:56 | 000,007,596 | ---- | M] () -- C:\Users\SiRo-CoOl\AppData\Local\resmon.resmoncfg [2013.02.05 05:30:39 | 006,155,066 | ---- | M] () -- C:\Users\SiRo-CoOl\Desktop\SubSiRo Azad - Ghettobass.mp3 [2013.02.05 04:48:54 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.02.05 04:48:54 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.02.05 04:48:54 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.05 04:48:54 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.05 04:48:54 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.05 04:48:54 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.04 00:42:56 | 001,588,880 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\Cat.DB [2013.02.03 22:17:53 | 000,001,278 | ---- | M] () -- C:\Users\SiRo-CoOl\AppData\Roaming\Network Meter_Settings.ini [2013.02.03 16:14:41 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.03 16:14:41 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.03 10:00:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2267972725-1089021970-2960566764-1000Core.job [2013.02.02 17:19:01 | 035,753,472 | -H-- | M] (ArcSoft ) -- C:\ProgramData\weegfw.exe [2013.02.01 23:59:04 | 000,867,360 | ---- | M] () -- C:\Windows\PE_Rom.dll [2013.02.01 23:58:59 | 000,932,896 | ---- | M] () -- C:\Windows\PE_File.dll [2013.02.01 23:40:24 | 000,718,900 | ---- | M] () -- C:\Windows\ASUSBIOS.zip [2013.02.01 23:25:57 | 000,003,613 | ---- | M] () -- C:\Windows\MB.idx [2013.02.01 23:24:54 | 000,000,551 | ---- | M] () -- C:\Windows\Path.idx [2013.01.30 21:02:13 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.01.27 02:21:10 | 000,000,806 | ---- | M] () -- C:\Users\SiRo-CoOl\AppData\Roaming\Drives Meter_Settings.ini [2013.01.27 02:20:56 | 000,000,543 | ---- | M] () -- C:\Users\SiRo-CoOl\AppData\Roaming\All CPU MeterV3_Settings.ini [2013.01.26 06:52:16 | 002,977,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.25 18:45:14 | 000,000,135 | ---- | M] () -- C:\Windows\ODBC.INI [2013.01.24 15:18:03 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\VT20130115.021 [2013.01.22 21:08:23 | 000,000,019 | ---- | M] () -- C:\Windows\SysWow64\macAddr.lst [2013.01.20 14:12:31 | 000,001,260 | ---- | M] () -- C:\Users\SiRo-CoOl\Desktop\SubSiRo Party.lnk [2013.01.20 14:12:22 | 000,001,193 | ---- | M] () -- C:\Users\SiRo-CoOl\Desktop\Best.lnk [2013.01.20 08:18:47 | 000,000,282 | ---- | M] () -- C:\Users\SiRo-CoOl\AppData\Roaming\GPU MeterV2_Settings.ini [2013.01.14 20:18:20 | 001,081,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013.01.14 20:18:20 | 000,960,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013.01.14 20:18:20 | 000,308,640 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013.01.14 20:18:20 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013.01.14 20:18:20 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013.01.14 20:18:20 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013.01.10 08:50:17 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.10 08:46:06 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\isolate.ini [2013.01.09 08:35:08 | 000,050,986 | ---- | M] () -- C:\Users\SiRo-CoOl\Desktop\new_skoda_octavia_rs_mk3_2014_blue.jpg [2013.01.09 00:21:16 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.09 00:21:16 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.05 05:30:32 | 006,155,066 | ---- | C] () -- C:\Users\SiRo-CoOl\Desktop\SubSiRo Azad - Ghettobass.mp3 [2013.02.05 05:03:40 | 000,000,553 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2013.02.04 18:09:39 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.02.01 23:39:45 | 000,718,900 | ---- | C] () -- C:\Windows\ASUSBIOS.zip [2013.02.01 23:21:51 | 000,003,613 | ---- | C] () -- C:\Windows\MB.idx [2013.01.25 18:45:14 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2013.01.22 21:08:23 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\macAddr.lst [2013.01.20 14:12:31 | 000,001,260 | ---- | C] () -- C:\Users\SiRo-CoOl\Desktop\SubSiRo Party.lnk [2013.01.20 14:12:22 | 000,001,193 | ---- | C] () -- C:\Users\SiRo-CoOl\Desktop\Best.lnk [2013.01.09 08:35:07 | 000,050,986 | ---- | C] () -- C:\Users\SiRo-CoOl\Desktop\new_skoda_octavia_rs_mk3_2014_blue.jpg [2013.01.08 15:28:36 | 002,923,201 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2012.10.08 11:07:41 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.10.07 12:23:10 | 000,207,488 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2012.10.07 12:23:08 | 000,138,368 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2012.10.07 12:23:08 | 000,074,368 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2012.10.07 12:23:06 | 000,318,592 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2012.10.06 11:48:06 | 000,932,896 | ---- | C] () -- C:\Windows\PE_File.dll [2012.10.06 11:43:23 | 000,867,360 | ---- | C] () -- C:\Windows\PE_Rom.dll [2012.09.11 10:40:03 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.09.07 16:12:10 | 000,007,596 | ---- | C] () -- C:\Users\SiRo-CoOl\AppData\Local\resmon.resmoncfg [2012.09.07 11:06:51 | 000,000,543 | ---- | C] () -- C:\Users\SiRo-CoOl\AppData\Roaming\All CPU MeterV3_Settings.ini [2012.09.07 10:53:34 | 000,000,806 | ---- | C] () -- C:\Users\SiRo-CoOl\AppData\Roaming\Drives Meter_Settings.ini [2012.09.07 10:51:37 | 000,001,278 | ---- | C] () -- C:\Users\SiRo-CoOl\AppData\Roaming\Network Meter_Settings.ini [2012.09.07 10:50:57 | 000,000,282 | ---- | C] () -- C:\Users\SiRo-CoOl\AppData\Roaming\GPU MeterV2_Settings.ini [2012.09.07 10:48:05 | 000,000,241 | ---- | C] () -- C:\Users\SiRo-CoOl\AppData\Roaming\GPU Meter_Settings.ini [2012.09.07 04:24:04 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\IccLibDll.dll [2012.09.06 15:14:18 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.09.06 15:14:14 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.09.05 19:26:41 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.09.05 19:26:40 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012.09.05 19:02:36 | 000,034,482 | ---- | C] () -- C:\Windows\Ascd_log.ini [2012.09.05 19:01:03 | 000,030,765 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2012.09.05 18:55:46 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.05 05:31:45 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\Audacity [2012.09.08 20:45:53 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\Canneverbe Limited [2013.02.03 10:01:15 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.10.03 10:00:26 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\EAC [2012.12.29 11:23:15 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\FileZilla [2013.01.20 14:15:02 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\gnupg [2013.01.26 14:13:21 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\ICQ-Profile [2013.01.28 15:12:12 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\ICQM [2012.09.07 16:29:01 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\Leadertech [2013.01.25 18:45:43 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\Lexware [2012.10.21 12:27:41 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\Mp3tag [2013.02.05 17:53:05 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\Notepad++ [2012.12.03 21:46:29 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\Origin [2013.01.14 20:24:52 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\qualys [2013.02.05 04:54:39 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\redsn0w [2012.10.08 11:08:15 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\Software4u [2012.09.15 13:22:21 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\Thunderbird [2012.12.24 01:04:28 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\TS3Client [2012.09.15 14:11:33 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\ts3overlay [2012.12.24 01:04:26 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\ts3overlay_hook_win64 [2012.09.07 16:29:05 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\Windows Live Writer [2012.09.09 12:23:49 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\XnView ========== Purity Check ========== < End of report > Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.05.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 SiRo-CoOl :: SION [Administrator] Schutz: Aktiviert 05.02.2013 06:12:58 mbam-log-2013-02-05 (06-12-58).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|I:\|) Aktivierte Suchlaufeinstellungen: Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Speicher | P2P Durchsuchte Objekte: 37905 Laufzeit: 26 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Startup (Backdoor.Bot) -> Daten: C:\Users\SiRo-CoOl\AppData\Roaming\Mining\Mining.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Backdoor.Fynloski) -> Bösartig: (C:\Users\SIRO-C~1\LOCALS~1\Temp\msszfa.exe) Gut: () -> Löschen bei Neustart. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\SiRo-CoOl\AppData\Roaming\Mining\Mining.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\SiRo-CoOl\Local Settings\Temp\msszfa.exe (Backdoor.Fynloski) -> Löschen bei Neustart. (Ende) |
05.02.2013, 20:49 | #3 |
/// Helfer-Team | Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändernDie Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL F3:64bit: - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000 WinNT: Load - (C:\Users\SIRO-C~1\LocalS~1\Temp\msszfa.exe) - File not found F3 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000 WinNT: Load - (C:\Users\SIRO-C~1\LocalS~1\Temp\msszfa.exe) - File not found [2013.02.03 09:44:28 | 035,753,472 | -H-- | C] (ArcSoft ) -- C:\ProgramData\weegfw.exe :Files C:\ProgramData\*.exe C:\ProgramData\*.dll C:\ProgramData\*.tmp C:\ProgramData\TEMP C:\Users\SiRo-CoOl\*.tmp C:\Users\SiRo-CoOl\AppData\Local\Temp\*.exe C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache ipconfig /flushdns /c :Commands [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ |
05.02.2013, 20:53 | #4 |
| Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern Malwarebytes Anti-Rootkit konnte es entfernen! Hatte leider die ganzen Dateien schon gelöscht sonst hätte ich Sie weitergegeben. Muss aber sagen wirklich Auswirkungen am System selbst habe ich nicht feststellen können. PS: Wenn in dem File oben noch irgend was ungewöhnliches ist wäre ich dankbar für ne Info. Die einzige Datei wo ich nicht zuordnen kann ist "weegfw.exe" 34 MB groß unter C:\ProgramData hatte auch nen Autostarteintrag mit ewfwfw Wer weiß was das ist darf mir das gerne mitteilen! |
05.02.2013, 21:02 | #5 |
/// Helfer-Team | Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern Wo sind die Logfiles? |
05.02.2013, 21:02 | #6 |
| Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändernCode:
ATTFilter All processes killed ========== OTL ========== 64bit-Registry value HKEY_USERS\S-1-5-21-2267972725-1089021970-2960566764-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load not found. Registry value HKEY_USERS\S-1-5-21-2267972725-1089021970-2960566764-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load not found. C:\ProgramData\weegfw.exe moved successfully. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\*.dll not found. File\Folder C:\ProgramData\*.tmp not found. File\Folder C:\ProgramData\TEMP not found. File\Folder C:\Users\SiRo-CoOl\*.tmp not found. File\Folder C:\Users\SiRo-CoOl\AppData\Local\Temp\*.exe not found. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully. C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\SiRo-CoOl\Desktop\cmd.bat deleted successfully. C:\Users\SiRo-CoOl\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 402 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 58264 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: SiRo-CoOl ->Temp folder emptied: 1129052 bytes ->Temporary Internet Files folder emptied: 3047558 bytes ->FireFox cache emptied: 70855377 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 59009 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1244133 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 612338 bytes Total Files Cleaned = 73,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02052013_205820 Files\Folders moved on Reboot... C:\Users\SiRo-CoOl\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\asat0000.tmp scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1017 www.malwarebytes.org Database version: v2013.02.05.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 SiRo-CoOl :: SION [administrator] 05.02.2013 21:06:31 mbar-log-2013-02-05 (21-06-31).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 32593 Time elapsed: 2 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v2.111 - Datei am 05/02/2013 um 21:10:28 erstellt # Aktualisiert am 05/02/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : SiRo-CoOl - SION # Bootmodus : Normal # Ausgeführt unter : C:\Users\SiRo-CoOl\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v18.0.1 (de) Datei : C:\Users\SiRo-CoOl\AppData\Roaming\Mozilla\Firefox\Profiles\vhl1fqfy.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v24.0.1312.57 Datei : C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [1011 octets] - [05/02/2013 21:08:31] AdwCleaner[S1].txt - [946 octets] - [05/02/2013 21:10:28] ########## EOF - C:\AdwCleaner[S1].txt - [1005 octets] ########## Wenn du noch was brauchst sag bescheid hab mich schon auf ne Neuinstallation eingestellt! Geändert von SubSiro (05.02.2013 um 21:14 Uhr) |
07.02.2013, 00:23 | #7 |
/// Helfer-Team | Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern |
07.02.2013, 06:11 | #8 |
| Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern Absichern! Neuaufsetzen nur im Notfall das letzte mal is noch garnet lang her! |
07.02.2013, 18:15 | #9 |
/// Helfer-Team | Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. danach: ESET Online Scanner
danach: Downloade Dir bitte SecurityCheck und:
|
07.02.2013, 19:27 | #10 |
| Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern Der aswMBR.exe Scan bricht immer an gleicher stelle ab! |
07.02.2013, 19:40 | #11 |
| Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändernCode:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-02-07 19:32:16 ----------------------------- 19:32:16.994 OS Version: Windows x64 5.1.2600 Service Pack 2 19:32:16.994 Number of processors: 8 586 0x2A07 19:32:16.994 ComputerName: SION UserName: 19:32:17.099 Initialize success 19:32:21.999 AVAST engine defs: 13020700 19:32:26.649 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 19:32:26.654 Disk 0 Vendor: OCZ-VERT 2.22 Size: 114473MB BusType: 3 19:32:26.654 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007e 19:32:26.654 Disk 1 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 11 19:32:26.654 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000007f 19:32:26.659 Disk 2 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 11 19:32:26.664 Disk 0 MBR read successfully 19:32:26.664 Disk 0 MBR scan 19:32:26.669 Disk 0 Windows 7 default MBR code 19:32:26.669 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 114471 MB offset 2048 19:32:26.684 Disk 0 scanning C:\Windows\system32\drivers 19:32:30.290 Service scanning 19:32:36.945 Modules scanning 19:32:36.945 Disk 0 trace - called modules: 19:32:36.950 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 19:32:36.955 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d09a790] 19:32:36.955 3 CLASSPNP.SYS[fffff8800205143f] -> nt!IofCallDriver -> [0xfffffa800cd6b6d0] 19:32:36.955 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800cd70050] 19:32:37.065 AVAST engine scan C:\Windows 19:32:37.585 AVAST engine scan C:\Windows\system32 19:33:34.610 AVAST engine scan C:\Windows\system32\drivers 19:33:38.115 AVAST engine scan C:\Users\SiRo-CoOl 19:33:38.190 AVAST engine scan C:\ProgramData 19:35:30.354 Scan finished successfully 19:35:52.159 Disk 0 MBR has been saved successfully to "C:\Users\SiRo-CoOl\Desktop\MBR.dat" 19:35:52.164 The log file has been saved successfully to "C:\Users\SiRo-CoOl\Desktop\aswMBR.txt" aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-02-07 19:36:26 ----------------------------- 19:36:26.421 OS Version: Windows x64 5.1.2600 Service Pack 2 19:36:26.421 Number of processors: 8 586 0x2A07 19:36:26.421 ComputerName: SION UserName: 19:36:26.591 Initialize success 19:36:31.481 AVAST engine defs: 13020700 19:36:35.561 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 19:36:35.566 Disk 0 Vendor: OCZ-VERT 2.22 Size: 114473MB BusType: 3 19:36:35.566 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007e 19:36:35.566 Disk 1 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 11 19:36:35.566 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000007f 19:36:35.566 Disk 2 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 11 19:36:35.576 Disk 0 MBR read successfully 19:36:35.576 Disk 0 MBR scan 19:36:35.581 Disk 0 Windows 7 default MBR code 19:36:35.586 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 114471 MB offset 2048 19:36:35.606 Disk 0 scanning C:\Windows\system32\drivers 19:36:39.396 Service scanning 19:36:46.037 Modules scanning 19:36:46.037 Disk 0 trace - called modules: 19:36:46.042 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 19:36:46.042 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d09a790] 19:36:46.047 3 CLASSPNP.SYS[fffff8800205143f] -> nt!IofCallDriver -> [0xfffffa800cd6b6d0] 19:36:46.047 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800cd70050] 19:36:46.212 AVAST engine scan C:\Windows 19:36:47.172 AVAST engine scan C:\Windows\system32 19:37:46.898 AVAST engine scan C:\Windows\system32\drivers 19:37:50.523 AVAST engine scan C:\Users\SiRo-CoOl 19:37:50.608 AVAST engine scan C:\ProgramData 19:39:08.095 Scan finished successfully 19:39:17.901 Disk 0 MBR has been saved successfully to "C:\Users\SiRo-CoOl\Desktop\MBR.dat" 19:39:17.901 The log file has been saved successfully to "C:\Users\SiRo-CoOl\Desktop\aswMBR.txt" |
08.02.2013, 02:16 | #12 |
/// Helfer-Team | Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern ESET und SecurityCheck? |
08.02.2013, 05:20 | #13 |
| Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändernCode:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6889 # api_version=3.0.2 # EOSSerial=8eb40fb9416d65469c55a02e1c5c0290 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-07 11:27:46 # local_time=2013-02-08 12:27:46 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=3592 16777213 100 91 843445 110942162 0 0 # compatibility_mode=5893 16776574 100 94 13407628 111909516 0 0 # scanned=456367 # found=3 # cleaned=0 # scan_time=17027 I:\Eigene Dateien\Eigene Dateien Neo\Programme\Tool Disc\VLC Media Player 1.1.5.exe Win32/StartPage.OIE trojan CF4B73974C6EFD3E573A287F2AC8E3F162A0699A I I:\Eigene Dateien\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\1a5a1822-78c570d6 a variant of Java/TrojanDownloader.Agent.NDK trojan 6E5709994BC295BD5D4D192417F7EEC80382E61C I I:\Eigene Dateien\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1fe6b2f-2130ec9c a variant of Java/Exploit.CVE-2012-4681.AA trojan FF9170778A4FC3B3ED4D4352E0F6E11AAF223109 I Code:
ATTFilter Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Norton 360 Online WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` xp-AntiSpy 3.98-2 Java 7 Update 13 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader XI Mozilla Firefox (18.0.2) Mozilla Thunderbird 15.0.1 Thunderbird out of Date! Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Geändert von SubSiro (08.02.2013 um 05:26 Uhr) |
08.02.2013, 13:15 | #14 |
/// Helfer-Team | Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern Aktualisiere: Thunderbird: Thunderbird - Download - Filepony Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
|
08.02.2013, 14:09 | #15 |
| Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 18.0 ist aktuell Flash (11,5,502,146) ist aktuell. Java ist nicht Installiert oder nicht aktiviert. Adobe Reader 11,0,1,36 ist aktuell. Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.6.2 (02.02.2013:2) OS: Windows 7 Home Premium x64 Ran by SiRo-CoOl on 08.02.2013 at 14:14:57,86 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\SiRo-CoOl\AppData\Roaming\software4u" ~~~ FireFox Emptied folder: C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\firefox\profiles\vhl1fqfy.default\minidumps [17 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 08.02.2013 at 14:23:16,59 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
Themen zu Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern |
0x80041003, 7-zip, adobe, adobe after effects, adobe reader xi, audacity, audiograbber, backdoor.bot, backdoor.fynloski, battle.net, bonjour, cpu-z, crystaldiskinfo, curse, error, excel, flash player, format, gruppe, install.exe, mozilla, msvcrt, nvidia update, origin, problem, pum.hijack.cmdprompt, registry, richtlinie, security, server, software, svchost.exe, tcp, teamspeak, third party, tr/atraps.gen2, udp, usb, windows, ändern |