|
Log-Analyse und Auswertung: Skype / Avast IP Block durch MalwarebytesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.03.2013, 15:53 | #1 |
| Skype / Avast IP Block durch Malwarebytes Hallo Leute, jetzt habe ich auch noch ein Problem auf meinem eigenen PC. MalwareBytes blockt abundzu ausgehende IP-Adressen von Skype und Avast. Komischerweise bei beiden auch noch die selbe. Natürlich sind alle Programme aktuell, auch im Firefox alle Plugins. Avast und MBW finden keine verdächtigen Dateien beim FullScan. Sonst gibt es keine Symptome auf einen Virus, ist es doch nur ein Fehlalarm? Skype baut ja anscheinend normalerweise Verbindungen zu anderen Nutzer auf, mehr konnte ich nach langem Suchen auch nicht herausfinden. Auch über die IP-Adressen konnte ich nichts herausfinden. Skype und Avast habe ich auch direkt von der Herstellerseite heruntergeladen. MWB Log: 26.02.2013 Code:
ATTFilter 2013/02/26 18:12:47 +0100 MESSAGE Starting protection 2013/02/26 18:12:47 +0100 MESSAGE Protection started successfully 2013/02/26 18:12:47 +0100 MESSAGE Starting IP protection 2013/02/26 18:12:53 +0100 MESSAGE IP Protection started successfully 2013/02/26 18:28:15 +0100 MESSAGE Executing scheduled update: Daily 2013/02/26 18:28:28 +0100 MESSAGE Scheduled update executed successfully: database updated from version v2013.02.24.02 to version v2013.02.26.08 2013/02/26 18:28:28 +0100 MESSAGE Starting database refresh 2013/02/26 18:28:28 +0100 MESSAGE Stopping IP protection 2013/02/26 18:28:29 +0100 MESSAGE IP Protection stopped successfully 2013/02/26 18:28:30 +0100 MESSAGE Database refreshed successfully 2013/02/26 18:28:30 +0100 MESSAGE Starting IP protection 2013/02/26 18:28:34 +0100 MESSAGE IP Protection started successfully 2013/02/26 19:58:25 +0100 IP-BLOCK 109.230.220.136 (Type: outgoing, Port: 53309, Process: skype.exe) 2013/02/26 19:58:25 +0100 IP-BLOCK 109.230.220.136 (Type: outgoing, Port: 53311, Process: skype.exe) 2013/02/26 19:58:25 +0100 IP-BLOCK 109.230.220.136 (Type: outgoing, Port: 53312, Process: skype.exe) 2013/02/26 19:58:25 +0100 IP-BLOCK 109.230.220.136 (Type: outgoing, Port: 53314, Process: avastsvc.exe) Code:
ATTFilter 2013/03/01 17:05:11 +0100 MESSAGE Starting protection 2013/03/01 17:05:11 +0100 MESSAGE Protection started successfully 2013/03/01 17:05:11 +0100 MESSAGE Starting IP protection 2013/03/01 17:05:19 +0100 MESSAGE IP Protection started successfully 2013/03/01 17:16:31 +0100 MESSAGE Executing scheduled update: Daily 2013/03/01 17:16:40 +0100 MESSAGE Scheduled update executed successfully: database updated from version v2013.02.28.08 to version v2013.03.01.07 2013/03/01 17:16:40 +0100 MESSAGE Starting database refresh 2013/03/01 17:16:40 +0100 MESSAGE Stopping IP protection 2013/03/01 17:16:41 +0100 MESSAGE IP Protection stopped successfully 2013/03/01 17:16:42 +0100 MESSAGE Database refreshed successfully 2013/03/01 17:16:42 +0100 MESSAGE Starting IP protection 2013/03/01 17:16:47 +0100 MESSAGE IP Protection started successfully Code:
ATTFilter 2013/03/02 14:38:40 +0100 IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 49977, Process: avastsvc.exe) 2013/03/02 14:38:40 +0100 IP-BLOCK 91.205.41.227 (Type: outgoing, Port: 49978, Process: avastsvc.exe) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 18:54 on 04/03/2013 Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter OTL logfile created on: 04.03.2013 18:56:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,96 Gb Total Physical Memory | 13,59 Gb Available Physical Memory | 85,15% Memory free 31,92 Gb Paging File | 29,16 Gb Available in Paging File | 91,35% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,62 Gb Total Space | 18,61 Gb Free Space | 31,21% Space Free | Partition Type: NTFS Drive D: | 465,66 Gb Total Space | 355,50 Gb Free Space | 76,34% Space Free | Partition Type: NTFS Computer Name: | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.04 18:55:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe PRC - [2013.02.28 09:36:01 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2013.02.28 09:36:01 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2013.02.28 09:35:59 | 000,136,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe PRC - [2013.02.25 07:39:34 | 001,602,984 | ---- | M] (Valve Corporation) -- D:\Games\Steam\steam.exe PRC - [2013.02.15 02:07:50 | 029,428,904 | ---- | M] (Dropbox, Inc.) -- C:\Users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.11.29 01:10:08 | 000,661,304 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe PRC - [2011.05.24 20:54:46 | 001,426,048 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe PRC - [2011.05.10 10:52:18 | 001,101,440 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe PRC - [2011.04.18 17:46:48 | 001,216,640 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe PRC - [2011.04.13 15:15:22 | 001,116,800 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe PRC - [2010.12.02 03:15:14 | 000,915,584 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe PRC - [2010.11.26 21:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe PRC - [2010.11.08 15:09:00 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe PRC - [2010.11.03 10:30:14 | 000,918,144 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe PRC - [2010.10.21 10:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe PRC - [2010.09.24 21:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe ========== Modules (No Company Name) ========== MOD - [2013.02.27 22:04:55 | 014,718,320 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll MOD - [2013.02.25 07:39:32 | 000,988,584 | ---- | M] () -- D:\Games\Steam\bin\chromehtml.dll MOD - [2013.02.19 11:48:10 | 020,340,648 | ---- | M] () -- D:\Games\Steam\bin\libcef.dll MOD - [2012.12.18 18:28:50 | 000,647,168 | ---- | M] () -- D:\Games\Steam\sdl.dll MOD - [2012.12.11 09:51:10 | 001,100,800 | ---- | M] () -- D:\Games\Steam\bin\avcodec-53.dll MOD - [2012.12.11 09:51:10 | 000,192,000 | ---- | M] () -- D:\Games\Steam\bin\avformat-53.dll MOD - [2012.12.11 09:51:10 | 000,124,416 | ---- | M] () -- D:\Games\Steam\bin\avutil-51.dll MOD - [2011.05.20 09:12:18 | 000,881,152 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll MOD - [2011.05.16 17:35:56 | 000,965,632 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll MOD - [2011.04.07 17:33:18 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll MOD - [2011.03.11 19:53:12 | 001,257,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll MOD - [2011.03.09 14:55:24 | 001,036,800 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll MOD - [2011.03.04 09:33:44 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll MOD - [2011.02.24 10:19:36 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll MOD - [2011.02.09 09:02:28 | 000,873,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll MOD - [2011.01.07 16:39:36 | 001,246,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll MOD - [2011.01.06 10:38:48 | 001,027,072 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll MOD - [2010.08.23 03:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMLib.dll MOD - [2010.08.06 18:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll MOD - [2010.08.06 18:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll MOD - [2010.06.21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll MOD - [2010.06.21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll MOD - [2009.08.12 20:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll MOD - [2009.05.21 10:14:14 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 20:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.12.19 15:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.02.28 09:36:01 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013.02.28 09:35:59 | 000,136,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV - [2013.02.27 22:04:55 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.16 01:34:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.12.02 03:15:14 | 000,915,584 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc) SRV - [2010.11.03 10:30:14 | 000,918,144 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc) SRV - [2010.10.21 10:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.28 09:36:34 | 000,177,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013.02.28 09:36:34 | 000,068,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013.02.28 09:36:33 | 001,025,880 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013.02.28 09:36:33 | 000,377,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013.02.28 09:36:33 | 000,071,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013.02.28 09:36:33 | 000,065,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013.02.28 09:36:32 | 000,263,168 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2) DRV:64bit: - [2013.02.28 09:36:32 | 000,080,888 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013.02.28 09:36:32 | 000,022,664 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:64bit: - [2013.02.28 09:36:31 | 000,127,208 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW) DRV:64bit: - [2013.02.28 09:36:31 | 000,033,472 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.12.19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 20:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.11.06 12:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.10.02 23:26:46 | 000,066,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV:64bit: - [2012.10.02 23:26:46 | 000,043,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSUsbFilt.sys -- (LGSUsbFilt) DRV:64bit: - [2012.09.21 10:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.02 07:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.18 13:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS) DRV:64bit: - [2011.03.18 13:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 06:46:20 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2011.03.04 06:46:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2011.02.24 10:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.02.24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010.12.16 05:06:46 | 000,047,232 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010.11.25 04:27:42 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.08 14:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus) DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2013.02.23 14:28:25 | 000,120,320 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SSHDRV65.sys -- (SSHDRV65) DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.03.10 17:40:10 | 000,007,424 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\LcdStudio\SED133x.sys -- (SED133x) DRV - [2008.03.10 17:40:10 | 000,006,400 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\LcdStudio\T6963c.sys -- (T6963C) DRV - [2008.03.10 17:40:10 | 000,005,120 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\LcdStudio\LC7981.sys -- (LC7981) DRV - [2008.03.10 17:40:10 | 000,003,968 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\LcdStudio\n3900.sys -- (n3900) DRV - [2008.03.10 17:40:08 | 000,003,712 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files (x86)\LcdStudio\ks0108.sys -- (KS0108) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4135101104-1104647458-3948773054-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4135101104-1104647458-3948773054-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-4135101104-1104647458-3948773054-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF FE 33 C4 50 11 CE 01 [binary data] IE - HKU\S-1-5-21-4135101104-1104647458-3948773054-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4135101104-1104647458-3948773054-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4135101104-1104647458-3948773054-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.6 FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.3 FF - prefs.js..extensions.enabledAddons: %7B5D3F3872-91E9-4d59-AD9F-AA174A3145DD%7D:4.00.33 FF - prefs.js..extensions.enabledAddons: %7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2013.01.16 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1482 FF - prefs.js..extensions.enabledAddons: personas%40*topher.beard:1.6.3 FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.02.28 23:18:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}: C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2013.02.23 15:48:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2013.02.24 17:30:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.23 00:08:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.24 17:22:06 | 000,000,000 | ---D | M] [2013.02.23 00:08:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions [2013.03.03 12:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xnwjda24.default\extensions [2013.02.23 00:58:40 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xnwjda24.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2013.02.23 00:58:42 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\xnwjda24.default\extensions\foxmarks@kei.com [2013.03.03 12:05:59 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\mozilla\firefox\profiles\xnwjda24.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.03.02 00:28:07 | 000,343,105 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\mozilla\firefox\profiles\xnwjda24.default\extensions\personas@*topher.beard.xpi [2013.02.23 00:26:32 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\mozilla\firefox\profiles\xnwjda24.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.23 00:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.28 23:18:52 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2013.02.23 15:48:16 | 000,000,000 | ---D | M] (Logitech Flow Scroll) -- C:\PROGRAM FILES\LOGITECH\FLOWSCROLL\LOGISMOOTHFIREFOXEXT [2013.02.24 17:30:15 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2013.02.16 01:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.08 09:54:00 | 000,171,584 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Programme\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Programme\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [LogiScrollApp] C:\Programme\Logitech\FlowScroll\KhalScroll.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4135101104-1104647458-3948773054-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\*\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-4135101104-1104647458-3948773054-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2A1E92E-412C-4F55-B92F-0AE381C58BAB}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9fc67e79-7d41-11e2-af40-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9fc67e79-7d41-11e2-af40-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe O33 - MountPoints2\{e4e33329-7d43-11e2-9a9a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e4e33329-7d43-11e2-9a9a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.04 18:54:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe [2013.03.02 15:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.02 15:15:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.02 15:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.02 14:01:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Fatshark [2013.02.27 23:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.02.27 23:10:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.02.27 22:59:14 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.02.25 20:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap [2013.02.25 20:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap [2013.02.25 19:53:55 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\TeamViewer [2013.02.25 19:51:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2013.02.25 18:13:45 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2013.02.25 18:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.02.25 18:13:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2013.02.25 18:13:18 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\LogMeIn Hamachi [2013.02.24 23:11:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Adobe [2013.02.24 17:32:00 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Swiss Academic Software [2013.02.24 17:30:36 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information [2013.02.24 17:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4700 series [2013.02.24 17:30:24 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2013.02.24 17:30:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 3 [2013.02.24 17:30:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citavi 3 [2013.02.24 17:21:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.02.24 17:21:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.02.24 16:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.02.24 16:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Swiss Academic Software [2013.02.23 16:04:14 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Macromedia [2013.02.23 16:03:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.02.23 15:49:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Logitech [2013.02.23 15:49:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Leadertech [2013.02.23 15:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.02.23 15:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software [2013.02.23 15:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2013.02.23 15:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd [2013.02.23 15:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2013.02.23 15:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd [2013.02.23 15:47:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Logitech [2013.02.23 15:47:16 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Logishrd [2013.02.23 15:39:56 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LcdStudio [2013.02.23 15:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LcdStudio [2013.02.23 15:39:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LcdStudio [2013.02.23 15:37:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2013.02.23 15:11:00 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Saved Games [2013.02.23 15:11:00 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Prince of Persia [2013.02.23 15:10:59 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\My Games [2013.02.23 15:10:59 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Legacy of Kain - Defiance [2013.02.23 15:10:58 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\GUILD WARS [2013.02.23 15:10:57 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Citavi 3 [2013.02.23 14:28:21 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.02.23 14:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ascaron Entertainment [2013.02.23 14:25:27 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.02.23 14:25:14 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Dropbox [2013.02.23 14:20:55 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\atmoWin_0.51 [2013.02.23 14:19:38 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\CDM 2.08.28 WHQL Certified [2013.02.23 14:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer [2013.02.23 14:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software [2013.02.23 13:20:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\AMD [2013.02.23 13:20:30 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\ATI [2013.02.23 13:20:30 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\ATI [2013.02.23 13:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.02.23 03:01:11 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Outlook-Dateien [2013.02.23 02:57:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.02.23 02:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.02.23 02:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2013.02.23 02:57:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2013.02.23 02:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2013.02.23 02:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2013.02.23 02:56:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2013.02.23 02:54:39 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2013.02.23 02:54:08 | 000,000,000 | ---D | C] -- C:\AMD [2013.02.23 02:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.02.23 02:49:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.02.23 02:48:31 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Heroes of Newerth [2013.02.23 02:48:31 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth [2013.02.23 02:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Newerth [2013.02.23 02:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.02.23 02:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.02.23 02:44:14 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.02.23 02:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.02.23 02:41:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2013.02.23 02:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2013.02.23 02:41:39 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.02.23 01:40:39 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7 [2013.02.23 01:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7 [2013.02.23 01:40:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoFiltre 7 [2013.02.23 01:39:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.02.23 01:32:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Microsoft Help [2013.02.23 01:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.02.23 01:28:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2013.02.23 01:28:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2013.02.23 01:15:36 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2013.02.23 01:15:24 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2013.02.23 01:05:13 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes [2013.02.23 01:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.23 01:05:11 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.23 01:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.23 01:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.23 01:05:05 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Programs [2013.02.23 00:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.02.23 00:49:57 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\vlc [2013.02.23 00:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.02.23 00:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013.02.23 00:31:41 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Skype [2013.02.23 00:31:39 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.02.23 00:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.23 00:31:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.02.23 00:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.02.23 00:23:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AS_SSD16_Benchmark [2013.02.23 00:20:40 | 000,127,208 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys [2013.02.23 00:20:38 | 000,263,168 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys [2013.02.23 00:20:38 | 000,022,664 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys [2013.02.23 00:20:38 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys [2013.02.23 00:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security [2013.02.23 00:12:41 | 001,025,880 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.02.23 00:12:41 | 000,377,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.02.23 00:12:41 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013.02.23 00:12:41 | 000,068,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013.02.23 00:12:41 | 000,033,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013.02.23 00:12:40 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.02.23 00:12:40 | 000,080,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013.02.23 00:12:31 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2013.02.23 00:12:31 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013.02.23 00:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2013.02.23 00:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2013.02.23 00:08:32 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Mozilla [2013.02.23 00:08:32 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Mozilla [2013.02.23 00:08:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.02.23 00:08:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.23 00:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.02.23 00:03:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Macromedia [2013.02.23 00:03:03 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Adobe [2013.02.23 00:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS OC Profiles [2013.02.23 00:00:57 | 000,016,896 | ---- | C] (ASUS) -- C:\Windows\AsTaskSched.dll [2013.02.23 00:00:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.02.22 23:59:41 | 000,014,464 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysNative\drivers\AiChargerPlus.sys [2013.02.22 23:59:32 | 000,184,320 | ---- | C] (ASUSTeK) -- C:\Windows\SysWow64\drivers\UpdateHelper.dll [2013.02.22 23:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS [2013.02.22 23:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS [2013.02.22 23:58:44 | 000,028,672 | R--- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysWow64\AsIO.dll [2013.02.22 23:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS [2013.02.22 23:57:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.02.22 23:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2013.02.22 23:56:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.02.22 23:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.02.22 23:56:22 | 002,580,824 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.02.22 23:56:21 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.02.22 23:56:21 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll [2013.02.22 23:56:21 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.02.22 23:56:21 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.02.22 23:56:21 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.02.22 23:56:21 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll [2013.02.22 23:56:21 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll [2013.02.22 23:56:21 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2013.02.22 23:56:17 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.02.22 23:56:17 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.02.22 23:56:17 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.02.22 23:56:17 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.02.22 23:56:17 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.02.22 23:56:17 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.02.22 23:56:14 | 001,870,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2013.02.22 23:56:14 | 001,718,616 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2013.02.22 23:56:14 | 000,421,720 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2013.02.22 23:56:14 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2013.02.22 23:56:14 | 000,127,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2013.02.22 23:56:14 | 000,108,888 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2013.02.22 23:56:14 | 000,074,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2013.02.22 23:56:13 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.02.22 23:56:13 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2013.02.22 23:56:13 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.02.22 23:56:09 | 001,937,312 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.02.22 23:56:09 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2013.02.22 23:56:09 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2013.02.22 23:56:09 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2013.02.22 23:56:09 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2013.02.22 23:56:08 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2013.02.22 23:56:08 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2013.02.22 23:56:08 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2013.02.22 23:56:08 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2013.02.22 23:56:08 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2013.02.22 23:56:08 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2013.02.22 23:56:08 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2013.02.22 23:56:08 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2013.02.22 23:56:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.02.22 23:55:24 | 000,000,000 | ---D | C] -- C:\Windows\RaidTool [2013.02.22 23:54:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.02.22 23:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology [2013.02.22 23:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3 [2013.02.22 23:54:18 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.02.22 23:52:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.02.22 23:52:55 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.02.22 23:51:40 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.02.22 23:50:01 | 000,000,000 | R--D | C] -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.02.22 23:50:01 | 000,000,000 | R--D | C] -- C:\Users\*\Searches [2013.02.22 23:50:01 | 000,000,000 | R--D | C] -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.02.22 23:49:56 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Identities [2013.02.22 23:49:55 | 000,000,000 | R--D | C] -- C:\Users\*\Contacts [2013.02.22 23:49:54 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\VirtualStore [2013.02.22 23:49:51 | 000,000,000 | --SD | C] -- C:\Users\*\AppData\Roaming\Microsoft [2013.02.22 23:49:51 | 000,000,000 | R--D | C] -- C:\Users\*\Videos [2013.02.22 23:49:51 | 000,000,000 | R--D | C] -- C:\Users\*\Saved Games [2013.02.22 23:49:51 | 000,000,000 | R--D | C] -- C:\Users\*\Pictures [2013.02.22 23:49:51 | 000,000,000 | R--D | C] -- C:\Users\*\Music [2013.02.22 23:49:51 | 000,000,000 | R--D | C] -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.02.22 23:49:51 | 000,000,000 | R--D | C] -- C:\Users\*\Links [2013.02.22 23:49:51 | 000,000,000 | R--D | C] -- C:\Users\*\Favorites [2013.02.22 23:49:51 | 000,000,000 | R--D | C] -- C:\Users\*\Downloads [2013.02.22 23:49:51 | 000,000,000 | R--D | C] -- C:\Users\*\Documents [2013.02.22 23:49:51 | 000,000,000 | R--D | C] -- C:\Users\*\Desktop [2013.02.22 23:49:51 | 000,000,000 | R--D | C] -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.02.22 23:49:51 | 000,000,000 | -HSD | C] -- C:\Users\*\Vorlagen [2013.02.22 23:49:51 | 000,000,000 | -HSD | C] -- C:\Users\*\AppData\Local\Verlauf [2013.02.22 23:49:51 | 000,000,000 | -HSD | C] -- C:\Users\*\AppData\Local\Temporary Internet Files [2013.02.22 23:49:51 | 000,000,000 | -HSD | C] -- C:\Users\*\Startmenü [2013.02.22 23:49:51 | 000,000,000 | -HSD | C] -- C:\Users\*\SendTo [2013.02.22 23:49:51 | 000,000,000 | -HSD | C] -- C:\Users\*\Recent [2013.02.22 23:49:51 | 000,000,000 | -HSD | C] -- C:\Users\*\Netzwerkumgebung [2013.02.22 23:49:51 | 000,000,000 | -HSD | C] -- C:\Users\*\Lokale Einstellungen [2013.02.22 23:49:51 | 000,000,000 | -HSD | C] -- C:\Users\*\Documents\Eigene Videos [2013.02.22 23:49:51 | 000,000,000 | -HSD | C] -- C:\Users\*\Documents\Eigene Musik [2013.02.22 23:49:51 | 000,000,000 | -HSD | C] -- C:\Users\*\Eigene Dateien [2013.02.22 23:49:51 | 000,000,000 | -HSD | C] -- C:\Users\*\Documents\Eigene Bilder [2013.02.22 23:49:51 | 000,000,000 | -HSD | C] -- C:\Users\*\Druckumgebung [2013.02.22 23:49:51 | 000,000,000 | -HSD | C] -- C:\Users\*\Cookies [2013.02.22 23:49:51 | 000,000,000 | -HSD | C] -- C:\Users\*\AppData\Local\Anwendungsdaten [2013.02.22 23:49:51 | 000,000,000 | -HSD | C] -- C:\Users\*\Anwendungsdaten [2013.02.22 23:49:51 | 000,000,000 | -H-D | C] -- C:\Users\*\AppData [2013.02.22 23:49:51 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Temp [2013.02.22 23:49:51 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Microsoft [2013.02.22 23:49:51 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Media Center Programs [2013.02.22 23:49:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.02.22 23:49:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.02.22 23:49:49 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.02.22 23:49:49 | 000,000,000 | -HSD | C] -- C:\Programme [2013.02.22 23:49:49 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.02.22 23:49:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.02.22 23:49:49 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.02.22 23:49:49 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.02.22 23:49:49 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.02.22 23:49:49 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.02.22 23:49:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.02.22 23:49:49 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.02.22 23:46:12 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.02.22 23:46:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.02.22 23:45:12 | 000,000,000 | ---D | C] -- C:\Windows\Panther ========== Files - Modified Within 30 Days ========== [2013.03.04 18:55:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe [2013.03.04 18:50:22 | 000,000,000 | ---- | M] () -- C:\Users\*\defogger_reenable [2013.03.04 18:49:29 | 000,050,477 | ---- | M] () -- C:\Users\*\Desktop\Defogger.exe [2013.03.04 18:22:05 | 000,000,205 | ---- | M] () -- C:\Users\*\Desktop\Team Fortress 2.url [2013.03.04 18:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.04 18:00:31 | 000,014,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.04 18:00:31 | 000,014,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.04 17:57:47 | 001,507,170 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.04 17:57:47 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.04 17:57:47 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.04 17:57:47 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.04 17:57:47 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.04 17:56:37 | 067,181,572 | ---- | M] () -- C:\Users\*\Desktop\BlackWallpaperPack.zip [2013.03.04 17:53:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.01 18:33:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.02.28 23:18:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2013.02.28 09:36:34 | 000,177,672 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.02.28 09:36:34 | 000,068,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2013.02.28 09:36:33 | 001,025,880 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.02.28 09:36:33 | 000,377,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.02.28 09:36:33 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2013.02.28 09:36:33 | 000,065,408 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013.02.28 09:36:32 | 000,263,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys [2013.02.28 09:36:32 | 000,080,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2013.02.28 09:36:32 | 000,022,664 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys [2013.02.28 09:36:31 | 000,127,208 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys [2013.02.28 09:36:31 | 000,033,472 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2013.02.28 09:36:07 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2013.02.28 09:35:43 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2013.02.27 23:13:03 | 000,028,632 | ---- | M] () -- C:\Users\*\Documents\cc_20130227_231300.reg [2013.02.26 18:12:42 | 000,431,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.25 18:13:42 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2013.02.23 14:28:25 | 000,120,320 | ---- | M] () -- C:\Windows\SysWow64\drivers\SSHDRV65.sys [2013.02.23 14:25:33 | 000,001,011 | ---- | M] () -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.23 13:21:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.02.23 13:19:33 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2013.02.23 02:55:09 | 001,526,060 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.23 01:05:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.23 00:26:07 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.02.23 00:26:07 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.23 00:00:57 | 000,016,896 | ---- | M] (ASUS) -- C:\Windows\AsTaskSched.dll [2013.02.22 23:52:27 | 000,023,953 | ---- | M] () -- C:\Windows\Ascd_tmp.ini [2013.02.22 23:52:14 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini [2013.02.22 23:48:29 | 000,057,035 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.02.22 23:48:29 | 000,057,035 | ---- | M] () -- C:\Windows\SysNative\license.rtf ========== Files Created - No Company Name ========== [2013.03.04 18:50:22 | 000,000,000 | ---- | C] () -- C:\Users\*\defogger_reenable [2013.03.04 18:49:28 | 000,050,477 | ---- | C] () -- C:\Users\*\Desktop\Defogger.exe [2013.03.04 18:22:05 | 000,000,205 | ---- | C] () -- C:\Users\*\Desktop\Team Fortress 2.url [2013.03.04 17:55:54 | 067,181,572 | ---- | C] () -- C:\Users\*\Desktop\BlackWallpaperPack.zip [2013.03.02 17:36:30 | 000,004,032 | ---- | C] () -- C:\Users\*\Documents\cc_20130302_173629.reg [2013.03.01 18:33:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.02.28 23:18:53 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.02.28 23:18:53 | 000,065,408 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2013.02.27 23:13:02 | 000,028,632 | ---- | C] () -- C:\Users\*\Documents\cc_20130227_231300.reg [2013.02.25 19:51:06 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.02.25 18:13:08 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk [2013.02.24 17:22:06 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.02.23 16:03:50 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.23 14:28:25 | 000,120,320 | ---- | C] () -- C:\Windows\SysWow64\drivers\SSHDRV65.sys [2013.02.23 14:25:33 | 000,001,011 | ---- | C] () -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.02.23 13:21:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.02.23 13:19:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.02.23 02:55:09 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.23 01:37:04 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.02.23 01:26:34 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.02.23 01:16:09 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2013.02.23 01:15:14 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2013.02.23 01:15:07 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2013.02.23 01:15:07 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2013.02.23 01:14:58 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc [2013.02.23 01:14:58 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2013.02.23 01:05:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.23 00:26:07 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.02.23 00:26:07 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.23 00:12:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2013.02.23 00:08:30 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.02.22 23:58:44 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2013.02.22 23:58:37 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2013.02.22 23:52:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2013.02.22 23:51:59 | 000,023,953 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2013.02.22 23:50:05 | 000,001,409 | ---- | C] () -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.02.22 23:50:02 | 000,001,443 | ---- | C] () -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.02.22 23:48:28 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.02.22 23:48:25 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.12.19 20:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.12.19 20:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.04 17:53:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Dropbox [2013.03.02 14:01:52 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Fatshark [2013.02.23 15:49:52 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Leadertech [2013.02.24 23:11:06 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Swiss Academic Software [2013.02.26 18:17:32 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TeamViewer ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 04.03.2013 18:56:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,96 Gb Total Physical Memory | 13,59 Gb Available Physical Memory | 85,15% Memory free 31,92 Gb Paging File | 29,16 Gb Available in Paging File | 91,35% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,62 Gb Total Space | 18,61 Gb Free Space | 31,21% Space Free | Partition Type: NTFS Drive D: | 465,66 Gb Total Space | 355,50 Gb Free Space | 76,34% Space Free | Partition Type: NTFS Computer Name: *-PC | User Name: * | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-4135101104-1104647458-3948773054-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1905B4D1-E7B7-40F4-80B3-B983F1B369AB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2660B114-9E5E-4960-A5CB-F7C78921556F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{270A8BAB-C8C3-4CC7-9544-9946F425723A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4EBB2114-3DDB-473B-852B-5CBABF750534}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{4EE982B0-7FDB-40FB-97A5-DEEAB8340BAF}" = rport=10243 | protocol=6 | dir=out | app=system | "{537BE641-68E2-4B19-9E44-933C79F557AB}" = lport=137 | protocol=17 | dir=in | app=system | "{56E03441-13FB-4A98-A95C-83FD452CC197}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5945C08D-8FD1-421D-A90D-B8FE69C8D44E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5E28A23E-A618-4EDA-860E-F5B31CD0015B}" = lport=139 | protocol=6 | dir=in | app=system | "{7550C39F-266F-4E78-A83B-0FA5FAE030A1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{76871FCD-32CC-42B4-9FC3-CB08E4AC6216}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{86DD75BE-D824-463A-8A89-836AFCDE3570}" = rport=445 | protocol=6 | dir=out | app=system | "{A41794C5-3864-4CC2-9717-7C89ED5C1847}" = lport=138 | protocol=17 | dir=in | app=system | "{AC469E66-AFB4-429B-97F1-F902C1EAD8AA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AE816870-5951-40CF-B65D-CCA71AE91AA6}" = lport=2869 | protocol=6 | dir=in | app=system | "{B7985655-7FDC-4879-BBE2-98F426150613}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C64087D2-1A6F-4DE8-9DCC-0366351C8BED}" = rport=137 | protocol=17 | dir=out | app=system | "{C708F438-1DFF-44E3-9341-D3149A9E3FB8}" = lport=445 | protocol=6 | dir=in | app=system | "{DE818CB0-E02E-43E2-ABD3-D15E42D660D0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E8BEEAC3-64BD-4769-9C30-20F257298F45}" = rport=139 | protocol=6 | dir=out | app=system | "{EA2A75AB-CE21-47FC-89D4-BD352C83E7E3}" = lport=10243 | protocol=6 | dir=in | app=system | "{FF727611-26DB-4883-B759-73968D7C21A8}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04B44004-2576-4F3A-8356-16A3D2213DA2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{0A1F33D9-3104-4BBF-86F5-C71F4BE4D64C}" = protocol=17 | dir=in | app=c:\users\*\appdata\roaming\dropbox\bin\dropbox.exe | "{0CC02F1E-3136-40B1-9F93-59A67A30856D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{0DD0CFB4-B550-4137-A456-79A2D9646652}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0EBA77C2-B947-4EF6-8E25-0FE1B526F973}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{15EDB3B6-FEC6-43C6-98BD-CEFB37CD17DA}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\jedi academy\gamedata\jasp.exe | "{1629A1D7-8246-4DE1-905F-4B9B73AB8D81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{17BB94F3-7351-43D3-8730-DD72926B2D45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{21031FA4-1FC3-4F6A-BAA7-E9533BD765DE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{24878868-B582-44B2-B89E-1435CB7BEDC7}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\jedi academy\gamedata\jamp.exe | "{253F3B82-586E-4B65-AA5C-9C5DF372EB38}" = protocol=58 | dir=in | app=system | "{26EF3860-56C8-43CC-9171-A8653333512C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2E99AB5F-AFF1-4A06-B9EF-97D3AEEDFF49}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dota 2 beta\dota.exe | "{3A1C65C2-43E8-43AB-95A1-BB9A30CB68D4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{45556817-5E8B-4EB4-94A5-CC873E66125D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{48375DD4-4840-4E25-9342-1470C0C18B38}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{4B0359A8-BF4B-415C-9F46-AAB0266278DA}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\call of duty black ops ii\t6mp.exe | "{50CE5313-BF14-41E7-991E-2349477D8CA7}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\jedi academy\gamedata\jamp.exe | "{5A0A4E84-D755-49FD-B30C-3713C1E247EB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{5A24F93B-BAF2-4D23-B60F-DF1FB51E3AE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{621030DF-8C96-499B-AD46-7974232E6276}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6B4B2AFA-0A0D-465D-8BF3-222855B9B8B5}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dota 2 beta\dota.exe | "{73A874F8-FE7D-4713-8ECA-C90D0582B8F8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{73C2B68C-8DB2-43E3-8EF1-13688D16457E}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{80662A6B-48EB-4DE0-9352-C1C3E8818FC5}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe | "{850048A5-936A-4F99-B853-156E0D9C59FB}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{86E1454B-6E94-4E8C-BCA7-BACFA37DC135}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8871E479-1129-4FD4-AC33-E224FDE237EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9A523922-6B3F-4420-BDED-104F68630406}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\thief_2\thief2.exe | "{9F61D4FF-E659-49A9-A4B2-0FD3C82A8B4F}" = protocol=6 | dir=out | app=system | "{AC49FA57-9D51-417E-A734-DD0C419A74DB}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\thief_2\thief2.exe | "{B4D8F70D-7E71-4BCB-8AEA-E6F2C1325C8D}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\dota 2 beta\dota.exe | "{B6A1C03A-C172-421B-BAB6-98CE22ACB984}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe | "{B6A96F03-CC85-45D1-A523-0BC7E12BF413}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{BEDAA473-7ED7-45F9-BA48-578E20899721}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CBE54C8E-4F56-4F17-B180-445E2A18AEB9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D4161FB3-4A63-4297-9BC5-E9A507801368}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D548F4EC-29E6-4D80-8531-A22ABFD24AE3}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{DB9E87F9-0D71-46CE-9E24-673A49580579}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\jedi academy\gamedata\jasp.exe | "{E0B94F15-439D-460B-BAD4-C1992BBFF80B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E59E5279-4811-490F-B423-1E7FF0474ABD}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\call of duty black ops ii\t6mp.exe | "{E663BFFC-285B-41DA-8EA0-BD0D6215F23F}" = protocol=6 | dir=in | app=c:\users\*\appdata\roaming\dropbox\bin\dropbox.exe | "{E9154B75-6234-4F86-9BB7-85A36729D38F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E91E15EA-1D34-4818-A3AF-CFDB0208D109}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\dota 2 beta\dota.exe | "{FA018767-8DE5-4BA1-9952-0D15E34BB139}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{FD975DA4-F092-4B42-902C-EFB0A0D50A02}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "TCP Query User{51860FD5-71B7-49A4-AAF0-CF805164B69E}D:\games\sacred underworld\sacred.exe" = protocol=6 | dir=in | app=d:\games\sacred underworld\sacred.exe | "TCP Query User{8618E98E-371A-46C6-BD95-21FD4A88D71D}C:\users\*\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\*\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{F77B250F-FFFE-4AD2-97C3-9C033D94CD10}D:\games\sacred underworld\gameserver.exe" = protocol=6 | dir=in | app=d:\games\sacred underworld\gameserver.exe | "UDP Query User{1B8915F5-D82B-4C43-BA75-1AD0B6C16B62}C:\users\*\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\*\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{6ED17C83-8673-4A47-B5AE-916BBFF32FDB}D:\games\sacred underworld\sacred.exe" = protocol=17 | dir=in | app=d:\games\sacred underworld\sacred.exe | "UDP Query User{B2F3F149-DEC3-4855-9EFA-7C44A6265FDF}D:\games\sacred underworld\gameserver.exe" = protocol=17 | dir=in | app=d:\games\sacred underworld\gameserver.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver "{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel "{44610EE0-C908-D8F1-425D-914A5B745DEA}" = AMD Drag and Drop Transcoding "{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64 "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Logitech Gaming Software" = Logitech Gaming Software 8.40 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Sn1" = Logitech Flow Scroll 4.0 "VLC media player" = VLC media player 2.0.5 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech "{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi "{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish "{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese "{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish "{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English "{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2 "{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian "{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai "{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center "{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek "{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy "{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish "{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean "{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish "{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common "{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional "{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All "{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish "{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "avast" = avast! Internet Security "hon" = Heroes of Newerth "LcdStudio" = LcdStudio 2.0 Build 806 "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.SingleImage" = Microsoft Office Professional 2010 "Sacred Underworld_is1" = Sacred Underworld "Sacred_is1" = Sacred "Steam App 202990" = Call of Duty: Black Ops II - Multiplayer "Steam App 211740" = Thief 2 "Steam App 440" = Team Fortress 2 "Steam App 570" = Dota 2 "Steam App 6020" = Star Wars Jedi Knight: Jedi Academy "Steam App 730" = Counter-Strike: Global Offensive "TeamViewer 8" = TeamViewer 8 "WinPcapInst" = WinPcap 4.1.2 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4135101104-1104647458-3948773054-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "PhotoFiltre 7" = PhotoFiltre 7 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.03.2013 06:05:26 | Computer Name = *-PC | Source = ESENT | ID = 455 Description = Windows (3576) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00027.log. Error - 03.03.2013 06:05:26 | Computer Name = *-PC | Source = Windows Search Service | ID = 9000 Description = Error - 03.03.2013 06:05:26 | Computer Name = *-PC | Source = Windows Search Service | ID = 7040 Description = Error - 03.03.2013 06:05:26 | Computer Name = *-PC | Source = Windows Search Service | ID = 7042 Description = Error - 03.03.2013 06:05:26 | Computer Name = *-PC | Source = Windows Search Service | ID = 9002 Description = Error - 03.03.2013 06:05:26 | Computer Name = *-PC | Source = Windows Search Service | ID = 3029 Description = Error - 03.03.2013 06:05:26 | Computer Name = *-PC | Source = Windows Search Service | ID = 3029 Description = Error - 03.03.2013 06:05:26 | Computer Name = *-PC | Source = Windows Search Service | ID = 3028 Description = Error - 03.03.2013 06:05:26 | Computer Name = *-PC | Source = Windows Search Service | ID = 3058 Description = Error - 03.03.2013 06:05:26 | Computer Name = *-PC | Source = Windows Search Service | ID = 7010 Description = [ System Events ] Error - 03.03.2013 12:56:51 | Computer Name = *-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program Files (x86)\LcdStudio\LC7981.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 03.03.2013 12:56:52 | Computer Name = *-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program Files (x86)\LcdStudio\ks0108.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 03.03.2013 12:56:59 | Computer Name = *-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: KS0108 LC7981 n3900 SED133x T6963C Error - 04.03.2013 12:53:17 | Computer Name = *-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\SSHDRV65.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 04.03.2013 12:53:21 | Computer Name = *-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program Files (x86)\LcdStudio\T6963c.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 04.03.2013 12:53:21 | Computer Name = *-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program Files (x86)\LcdStudio\SED133x.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 04.03.2013 12:53:21 | Computer Name = *-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program Files (x86)\LcdStudio\n3900.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 04.03.2013 12:53:21 | Computer Name = *-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program Files (x86)\LcdStudio\LC7981.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 04.03.2013 12:53:21 | Computer Name = *-PC | Source = Application Popup | ID = 1060 Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program Files (x86)\LcdStudio\ks0108.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error - 04.03.2013 12:53:29 | Computer Name = *-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: KS0108 LC7981 n3900 SED133x T6963C < End of report > |
06.03.2013, 21:42 | #2 |
| Skype / Avast IP Block durch Malwarebytes Kann es sein, dass Skype P2P-Verbindungen ins Ausland aufbauen will und Avast deswegen auch blockiert wird, weil sich die beiden Echtzeitscanner von MWB und Avast gegenseitig stören?
__________________ |
11.03.2013, 19:59 | #3 |
| Skype / Avast IP Block durch Malwarebytes Weiß hier niemand was dazu oder ist die Frage so dämlich? Bei meinem anderen Thread wurde mir doch auch so kompetent weitergeholfen...
__________________ |
15.03.2013, 19:44 | #4 |
| Skype / Avast IP Block durch Malwarebytes Hab MWB jetzt erstmal deinstalliert, seitdem zeigt Avast auch nichts mehr an. Interessieren würde es mich aber schon, gibt ein paar Treffer bei Google, aber keine Antwort darauf, |
Themen zu Skype / Avast IP Block durch Malwarebytes |
anderen, application/pdf:, aswrvrt.sys, ausgehende, avast, code, dateien, direkt, fehlalarm, firefox, focus, install.exe, ip block, launch, leute, log, malwarebytes, natürlich, nichts, port, problem, process, programme, skype, suche, tracker, update, updated, verbindungen, verdächtige, version, virus |