| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Adware Win32 PricegongWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.03.2013, 16:34
| #1 |
 |  Adware Win32 Pricegong Hallo ihr Lieben! Leider muss auch ich bei meinem Notebook seit einigen Wochen, ungefähr drei/vier Wochen, feststellen, das irgendwelche Aktivitäten vor sich gehen. Seit dieser Woche ist es nämlich so, das beim Zusammenklappen des Notebooks, er sich nicht in den Ruhezustand versetzt, sondern erst einfach normal weiterarbeitet und wenig später, wenn ich ihn wieder aufklappe, runtergefahren ist. Beim Neustarten meldet er mir dann das: "Windows wird nach unerwünschten herunterfahren wieder ausgeführt". Außerdem ist mir auch aufgefallen, das jedesmal, wenn der Bildschirmschoner anbringt und ich dann zurückkehre an den Laptop, Kaspersky eine vermeintliche Advare gefunden habe - die im Titel besagte "Advare Win32 Pricegong". Jedesmal klicke aber auf Löschen und jeden Tag dann wieder das gleiche Spielchen. Das Problem daran ist auch, das sämtliche Communities, bei denen ich aktiv bin, immer wieder fremdeinwirken melden. Erst wars bei Facebook, dann bei meinem Mailhoster und letztendlich sogar schon ein Online Shop. Und bevor das alles über die Schwelle tritt, würde ich jetzt einfach mal eure Meinung einholen. Denn wenn ich Pech habe, werden wohl meine Passwörter "geklaut" oder wie man das nennen soll  Die OTL, EXTRAS, Gmer Files habe ich als Anhang anhängen müssen, weil es leider als Post mit der Zeichenzahl zuviel war. Hoffe das ist okay. Ich würde mich über jede Hilfe freuen! Liebe Grüße! |
|
25.03.2013, 15:44
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Adware Win32 Pricegong Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
25.03.2013, 19:13
| #3 |
| | Adware Win32 Pricegong Ich habe keine weiteren Logs gemacht, hab mich danach gerichtet wie es unter "Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?" dort stand.
__________________Und ich habe die Logs als Anhang gepostet, weil es von der Zeichenzahl her nicht passte... steht auch ganz unten im ersten Post  Ich poste mal alles einzelnd ^^ GMER Logfile: Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-24 15:45:02
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000062 WDC_WD75 rev.01.0 698,64GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Frankie\AppData\Local\Temp\uxdiykog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1900] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077a9fa88 5 bytes JMP 00000001737a139e
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1900] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077aa0018 5 bytes JMP 00000001737a1a54
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4296] C:\Windows\syswow64\kernel32.dll!FindResourceW 0000000075e35959 5 bytes JMP 0000000100440980
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4296] C:\Windows\syswow64\kernel32.dll!FindResourceA 0000000075e4e9a3 5 bytes JMP 0000000100440930
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4296] C:\Windows\syswow64\USER32.dll!LoadStringW 0000000075d38eb9 5 bytes JMP 0000000100440fd0
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4296] C:\Windows\syswow64\USER32.dll!LoadStringA 0000000075d3db21 5 bytes JMP 0000000100441110
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4296] C:\Windows\syswow64\USER32.dll!LoadMenuW 0000000075d44391 5 bytes JMP 0000000100440b40
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4296] C:\Windows\syswow64\USER32.dll!LoadMenuA 0000000075d54eef 5 bytes JMP 0000000100440ad0
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4296] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000075d55246 5 bytes JMP 00000001004409d0
.text C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe[4296] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000075d610dc 5 bytes JMP 0000000100440a50
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000757d1465 2 bytes [7D, 75]
.text C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[4500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757d14bb 2 bytes [7D, 75]
.text ... * 2
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000757d1465 2 bytes [7D, 75]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[4508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757d14bb 2 bytes [7D, 75]
.text ... * 2
.text C:\Windows\system32\atibtmon.exe[1724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000757d1465 2 bytes [7D, 75]
.text C:\Windows\system32\atibtmon.exe[1724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757d14bb 2 bytes [7D, 75]
.text ... * 2
---- EOF - GMER 2.1 ----
OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.03.2013 14:12:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Frankie\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,75 Gb Total Physical Memory | 4,10 Gb Available Physical Memory | 71,37% Memory free 11,49 Gb Paging File | 9,13 Gb Available in Paging File | 79,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684,15 Gb Total Space | 617,56 Gb Free Space | 90,27% Space Free | Partition Type: NTFS Drive D: | 14,19 Gb Total Space | 1,56 Gb Free Space | 10,97% Space Free | Partition Type: NTFS Drive I: | 7,49 Gb Total Space | 3,09 Gb Free Space | 41,29% Space Free | Partition Type: FAT32 Computer Name: FRANKIE-HP | User Name: Frankie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.03.24 14:11:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frankie\Downloads\OTL.exe PRC - [2013.03.14 16:36:35 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe PRC - [2013.01.10 10:02:12 | 000,310,128 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2013.01.10 10:02:08 | 001,475,952 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.25 17:34:08 | 000,593,784 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe PRC - [2012.10.25 17:33:34 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.09.13 15:49:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2011.08.23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.30 14:25:14 | 000,586,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2011.03.30 14:25:14 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2011.03.30 14:00:28 | 000,319,544 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2011.03.22 10:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011.03.14 10:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe PRC - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.01.14 03:27:26 | 001,751,656 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe PRC - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe PRC - [2010.04.23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010.04.23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2009.12.03 09:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe PRC - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe ========== Modules (No Company Name) ========== MOD - [2013.02.17 16:51:33 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll MOD - [2013.01.10 15:19:22 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013.01.09 23:23:39 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll MOD - [2013.01.09 23:23:20 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll MOD - [2013.01.09 23:23:09 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll MOD - [2013.01.09 23:23:06 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll MOD - [2013.01.09 23:23:04 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.01.09 23:23:00 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll MOD - [2013.01.09 23:22:59 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.01.09 23:22:51 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2012.12.12 06:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2012.11.18 14:53:26 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll MOD - [2012.10.05 11:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.10.05 11:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2012.08.31 11:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2012.08.17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.05.23 04:11:17 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010.11.21 04:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2010.11.21 04:23:56 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2010.11.21 04:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.06.10 22:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.02.28 20:52:00 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.02.28 11:02:10 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2013.03.14 16:36:35 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2013.03.13 16:07:40 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.08 11:56:51 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.25 17:33:34 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc) SRV - [2012.10.25 17:33:14 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc) SRV - [2012.09.27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.09.13 15:49:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2011.09.07 19:56:58 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Frankie\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer) SRV - [2011.03.30 14:25:14 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.01 20:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.01.14 03:27:26 | 001,751,656 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2010.12.17 12:41:36 | 000,276,992 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.10.11 01:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.06.17 04:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.07.13 01:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.14 16:43:34 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2013.03.14 16:43:34 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:64bit: - [2012.10.25 12:42:02 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2012.10.25 12:42:02 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:64bit: - [2012.09.20 05:35:36 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.09.20 05:35:36 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:64bit: - [2012.08.02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2012.06.27 09:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2012.06.27 09:37:56 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2012.06.27 09:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2012.06.27 09:37:56 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:64bit: - [2012.06.27 09:37:56 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) DRV:64bit: - [2012.06.27 09:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2012.06.27 09:37:56 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2012.06.27 09:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.03.30 03:55:48 | 001,143,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.28 21:23:06 | 009,079,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.02.28 20:17:20 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.01.29 02:36:04 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2011.01.29 02:36:02 | 000,077,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2011.01.13 01:10:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2010.12.17 12:41:36 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010.11.30 23:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.11.29 12:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.07.28 08:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010.06.17 14:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) DRV:64bit: - [2010.05.06 14:21:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 01:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012.10.25 17:33:26 | 000,071,032 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{59DBA956-559A-4168-8CA9-68C8C5B1A45E}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.chatzum.com/?orig=HP&affid=62&cztbid=542741626 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=cqde&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=b9511718-2272-4629-96b4-0adac2ea66a2&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{59DBA956-559A-4168-8CA9-68C8C5B1A45E}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=542741626&q={searchTerms} IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050&SSPV=IENOSGTB IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=b9511718-2272-4629-96b4-0adac2ea66a2&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=b9511718-2272-4629-96b4-0adac2ea66a2&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.windowsxlive.net IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=b9511718-2272-4629-96b4-0adac2ea66a2&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=b9511718-2272-4629-96b4-0adac2ea66a2&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=b9511718-2272-4629-96b4-0adac2ea66a2&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D48504E5444462670633D48504E544446267372633D49452D536561726368426F78&st={searchTerms}&clid=e9ceeff9-f9ab-4a8b-8681-9c6d9fc71eb4&pid=icqt&k=1 IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com.anonymize-me.de/?anonymto=687474703A2F2F73746172742E666163656D6F6F64732E636F6D2F3F613D6371646526733D7B7365617263685465726D737D26663D34&st={searchTerms}&clid=e9ceeff9-f9ab-4a8b-8681-9c6d9fc71eb4&pid=icqt&k=1 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=542741626&q={searchTerms} IE - HKCU\..\SearchScopes\{1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{1C5893D4-258A-4AF5-A63B-88B0D00C111B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&SSPV=IENOSGBR IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com.anonymize-me.de/?anonymto=687474703A2F2F65752E61736B2E636F6D2F7765623F713D7B7365617263687465726D737D266C3D646973266F3D48504E544446&st={searchTerms}&clid=e9ceeff9-f9ab-4a8b-8681-9c6d9fc71eb4&pid=icqt&k=1 IE - HKCU\..\SearchScopes\{32B8D044-E1F4-40D5-8876-ABCDDCE55DFA}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=e9ceeff9-f9ab-4a8b-8681-9c6d9fc71eb4&pid=icqt&mode=bounce&k=1 IE - HKCU\..\SearchScopes\{3306CD58-A712-420D-9751-519AB0FEE6FA}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=e9ceeff9-f9ab-4a8b-8681-9c6d9fc71eb4&pid=icqt&mode=bounce&k=1 IE - HKCU\..\SearchScopes\{59DBA956-559A-4168-8CA9-68C8C5B1A45E}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E616D617A6F6E2E64652F732F7265663D617A735F6F73645F69656164653F69653D5554462D38267461673D68702D6465322D7673622D3231266C696E6B253546636F64653D717326696E6465783D617073266669656C642D6B6579776F7264733D7B7365617263685465726D737D&st={searchTerms}&clid=e9ceeff9-f9ab-4a8b-8681-9c6d9fc71eb4&pid=icqt&k=1 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6963712E636F6D2F7365617263682F726573756C74732E7068703F713D7B7365617263685465726D737D2663685F69643D6F7364&st={searchTerms}&clid=e9ceeff9-f9ab-4a8b-8681-9c6d9fc71eb4&pid=icqt&k=1 IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://search.fbdownloader.com/search.php?channel=sfde206&q={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms} IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6B696B696E2E636F6D2F7365617263682F3F713D7B7365617263685465726D737D&st={searchTerms}&clid=e9ceeff9-f9ab-4a8b-8681-9c6d9fc71eb4&pid=icqt&k=1 IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263683F703D7B7365617263685465726D737D2665693D7B696E707574456E636F64696E677D2666723D6368722D68702D70736726747970653D48504E544446&st={searchTerms}&clid=e9ceeff9-f9ab-4a8b-8681-9c6d9fc71eb4&pid=icqt&k=1 IE - HKCU\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = hxxp://isearch.glarysoft.com/?q={searchTerms}&src=iesearch IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?anonymto=687474703A2F2F64652E77696B6970656469612E6F72672F77696B692F5370656369616C3A5365617263683F7365617263683D7B7365617263685465726D737D&st={searchTerms}&clid=e9ceeff9-f9ab-4a8b-8681-9c6d9fc71eb4&pid=icqt&k=1 IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com.anonymize-me.de/?anonymto=687474703A2F2F726F7665722E656261792E636F6D2F726F7665722F312F3730372D3131313037362D31393237302D332F343F6D7072653D687474703A2F2F73686F702E656261792E636F6D2F3F5F6E6B773D7B7365617263685465726D737D&st={searchTerms}&clid=e9ceeff9-f9ab-4a8b-8681-9c6d9fc71eb4&pid=icqt&k=1 IE - HKCU\..\SearchScopes\{F31B76F9-56A2-4A8B-A714-061F5874BAA9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=009f33bf-8eb0-49c0-8158-daaf19cf36f4&apn_sauid=971B9B5E-A507-438C-BFE0-BB29C50A7D2D& IE - HKCU\..\SearchScopes\{F65A4A81-E6FF-4241-B32F-D4F423D665D3}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=e9ceeff9-f9ab-4a8b-8681-9c6d9fc71eb4&pid=icqt&mode=bounce&k=1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Glary Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://isearch.glarysoft.com/?src=ffhome" FF - prefs.js..extensions.enabledAddons: firejump@firejump.net:1.0.0.0 FF - prefs.js..extensions.enabledAddons: lazarus@interclue.com:2.3 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7 FF - prefs.js..extensions.enabledAddons: avg@toolbar:10.2.0.3 FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.18 19:15:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.06 12:01:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.03.14 16:43:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.03.14 16:43:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.03.14 16:43:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.03.14 16:43:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.03.14 16:43:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 11:56:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 11:56:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Frankie\AppData\Roaming\Mozilla\Firefox\Profiles\ltfof94n.default\extensions\firejump@firejump.net [2012.05.07 16:24:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.12.07 16:28:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 11:56:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 11:56:47 | 000,000,000 | ---D | M] [2012.12.01 17:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frankie\AppData\Roaming\mozilla\Extensions [2013.03.10 21:05:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frankie\AppData\Roaming\mozilla\Firefox\Profiles\hwbkmg4t.Frankie\extensions [2012.12.08 11:21:54 | 000,000,000 | ---D | M] (Foxdie) -- C:\Users\Frankie\AppData\Roaming\mozilla\Firefox\Profiles\hwbkmg4t.Frankie\extensions\Foxdie@tanjihay.com [2012.12.06 12:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frankie\AppData\Roaming\mozilla\Firefox\Profiles\ltfof94n.default\extensions [2012.12.01 13:12:04 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Frankie\AppData\Roaming\mozilla\Firefox\Profiles\ltfof94n.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2011.10.03 21:54:25 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Frankie\AppData\Roaming\mozilla\Firefox\Profiles\ltfof94n.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2011.09.02 17:42:28 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Frankie\AppData\Roaming\mozilla\Firefox\Profiles\ltfof94n.default\extensions\ffxtlbr@Facemoods.com [2012.05.07 16:24:04 | 000,000,000 | ---D | M] (FireJump) -- C:\Users\Frankie\AppData\Roaming\mozilla\Firefox\Profiles\ltfof94n.default\extensions\firejump@firejump.net [2013.02.23 16:38:23 | 000,779,952 | ---- | M] () (No name found) -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\hwbkmg4t.Frankie\extensions\Australis@SoapyHamHocks.xpi [2012.05.07 16:25:25 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\hwbkmg4t.Frankie\extensions\lazarus@interclue.com.xpi [2013.02.14 17:38:52 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\hwbkmg4t.Frankie\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.09.07 20:50:25 | 000,090,420 | ---- | M] () (No name found) -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\extensions\ciuvo-extension@icq.de.xpi [2011.10.05 16:13:35 | 000,109,632 | ---- | M] () (No name found) -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\extensions\compatibility@addons.mozilla.org.xpi [2011.08.29 16:20:01 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\extensions\lazarus@interclue.com.xpi [2010.10.10 15:46:56 | 000,004,669 | ---- | M] () (No name found) -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\extensions\ffxtlbr@Facemoods.com\content\xpiInstallLgc.js [2011.09.07 19:57:00 | 000,001,114 | ---- | M] () -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\searchplugins\icqplugin.xml [2011.09.07 19:57:00 | 000,001,640 | ---- | M] () -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\searchplugins\kikin-search.xml [2012.12.01 13:12:01 | 000,002,515 | ---- | M] () -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\searchplugins\Search_Results.xml [2011.09.07 19:57:00 | 000,001,864 | ---- | M] () -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\searchplugins\{30F8BD7B-88FE-4C11-BEDC-2BDB14B4794D}.xml [2011.09.07 19:57:00 | 000,001,088 | ---- | M] () -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\searchplugins\{6CD2292F-0EF4-4610-B1DD-05D16DFAE8DD}.xml [2011.09.07 19:57:00 | 000,002,182 | ---- | M] () -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\searchplugins\{B06018DC-EFB0-45B7-9667-2B8F929CB3C7}.xml [2011.09.07 19:57:00 | 000,002,071 | ---- | M] () -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\searchplugins\{D2E2F51D-B581-4781-8942-3C417B724240}.xml [2013.03.08 11:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.08 11:56:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.03.08 11:56:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.03.08 11:56:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.03.08 11:56:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com [2012.02.18 19:15:15 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 File not found (No name found) -- C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.2.0.3 File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7\ File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.34\ File not found (No name found) -- C:\USERS\FRANKIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LTFOF94N.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} [2013.03.08 11:56:52 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.14 21:02:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.11 17:59:58 | 000,003,571 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.12.01 13:12:30 | 000,006,522 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.08.30 10:12:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.14 21:02:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.07 19:57:00 | 000,001,617 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml [2012.09.11 21:52:30 | 000,001,567 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\glarysearch.xml [2011.10.14 21:02:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.12.01 13:12:01 | 000,002,515 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2011.10.14 21:02:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.14 21:02:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: CHR - Extension: No name found = C:\Users\Frankie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl\1.1\ CHR - Extension: No name found = C:\Users\Frankie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.0_0\ CHR - Extension: No name found = C:\Users\Frankie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (TBSB05810 Class) - {A7AF277D-1466-4A7B-93AF-B043984A5671} - C:\Program Files (x86)\Glarysoft Toolbar\tbcore3.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\ChatZum Toolbar\tbunsi7DBF.tmp\tbcore3.dll () O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (ChatZum Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files (x86)\ChatZum Toolbar\tbunsi7DBF.tmp\tbcore3.dll () O3 - HKLM\..\Toolbar: (Glarysoft Toolbar) - {32D47EA5-9473-4CAD-805D-9999F15D5AE2} - C:\Program Files (x86)\Glarysoft Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Frankie\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [EPSON SX125 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGE.EXE /FU "C:\Windows\TEMP\E_SC217.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [Intermediate] C:\Users\Frankie\AppData\Roaming\Intermediate\Intermediate.exe () O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [SCheck] C:\Users\Frankie\AppData\Roaming\SCheck\SCheck.exe () O4 - HKCU..\Run: [SSync] C:\Users\Frankie\AppData\Roaming\SSync\SSync.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Frankie\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Frankie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Free YouTube Download - C:\Users\Frankie\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Frankie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.13.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{060AF79B-DCB1-41CC-B2C3-2980A61F0934}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O20 - AppInit_DLLs: (c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.22 13:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Skin Pack [2013.03.22 13:40:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skin Pack [2013.03.22 13:39:04 | 000,000,000 | -H-D | C] -- C:\Windows\Android Skin Pack [2013.03.14 16:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013 [2013.03.14 16:32:58 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll [2013.03.14 16:32:24 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP [2013.03.14 16:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.03.14 16:32:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2013.03.14 16:32:04 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2013.03.14 16:32:04 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys [2013.03.13 23:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.13 23:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.13 23:06:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.11 20:36:46 | 000,000,000 | ---D | C] -- C:\Users\Frankie\restore [2013.03.11 13:03:51 | 000,000,000 | ---D | C] -- C:\Users\Frankie\Desktop\to blog [2013.03.11 13:03:39 | 000,000,000 | ---D | C] -- C:\Users\Frankie\Desktop\Grafiken [2013.03.11 13:03:18 | 000,000,000 | ---D | C] -- C:\Users\Frankie\Desktop\blogged [2013.03.10 16:40:07 | 000,000,000 | ---D | C] -- C:\Windows\UXBackup [2013.03.10 16:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UX Pack [2013.03.10 16:32:11 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Roaming\Intermediate [2013.03.10 16:32:09 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Roaming\SSync [2013.03.10 16:32:06 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Roaming\SCheck [2013.03.10 16:32:05 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Roaming\FBDownloader [2013.03.10 16:32:05 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Roaming\Common [2013.03.10 16:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ChatZum Toolbar [2013.03.10 12:36:06 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Roaming\Apple Computer [2013.03.10 12:36:06 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\Apple Computer [2013.03.10 12:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari [2013.03.10 12:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.03.10 12:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.03.10 12:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013.03.10 12:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.03.08 11:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.05 22:11:19 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\Evernote [2013.03.01 11:17:20 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2013.02.27 14:31:06 | 000,680,624 | ---- | C] (ScreenTime Media) -- C:\Windows\SysWow64\Fliqlo.scr [2013.02.27 14:31:06 | 000,680,624 | ---- | C] (ScreenTime Media) -- C:\Windows\SysNative\Fliqlo.scr [2013.02.27 14:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Screentime [2013.02.27 14:31:03 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\Screentime [2013.02.23 17:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp [2013.02.23 17:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\hps [2013.02.23 17:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dm-Fotowelt [2013.02.23 16:54:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\dm [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.24 14:10:01 | 000,000,000 | ---- | M] () -- C:\Users\Frankie\defogger_reenable [2013.03.24 14:06:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.24 11:46:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.23 20:49:02 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.23 20:49:02 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.23 20:39:50 | 331,534,335 | -HS- | M] () -- C:\hiberfil.sys [2013.03.22 22:11:02 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.22 22:11:02 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.22 22:11:02 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.22 22:11:02 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.22 22:11:02 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.22 13:40:06 | 000,001,079 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\YzShadow.lnk [2013.03.22 13:40:05 | 000,001,099 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk [2013.03.22 13:40:05 | 000,001,079 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UberIcon.lnk [2013.03.21 20:46:37 | 704,975,087 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.21 14:39:19 | 000,000,132 | ---- | M] () -- C:\Users\Frankie\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.03.19 15:15:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf [2013.03.14 16:43:34 | 000,613,720 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2013.03.14 16:43:34 | 000,054,104 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys [2013.03.14 13:48:26 | 000,003,072 | -H-- | M] () -- C:\Users\Frankie\Desktop\photothumb.db [2013.03.14 11:15:05 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.03.12 12:34:48 | 005,018,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.07 10:32:53 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForFrankie.job [2013.02.27 14:31:06 | 000,680,624 | ---- | M] (ScreenTime Media) -- C:\Windows\SysWow64\Fliqlo.scr [2013.02.27 14:31:06 | 000,680,624 | ---- | M] (ScreenTime Media) -- C:\Windows\SysNative\Fliqlo.scr [2013.02.27 13:23:36 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForFRANKIE-HP$.job [2013.02.26 17:20:50 | 000,001,456 | ---- | M] () -- C:\Users\Frankie\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.24 14:10:01 | 000,000,000 | ---- | C] () -- C:\Users\Frankie\defogger_reenable [2013.03.22 13:40:06 | 000,001,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\YzShadow.lnk [2013.03.22 13:40:05 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk [2013.03.22 13:40:05 | 000,001,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UberIcon.lnk [2013.03.19 15:15:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf [2013.03.14 13:48:26 | 000,003,072 | -H-- | C] () -- C:\Users\Frankie\Desktop\photothumb.db [2013.03.10 16:39:33 | 000,076,288 | ---- | C] () -- C:\Windows\SysWow64\moveex.exe [2013.03.10 16:20:34 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.03.10 12:35:55 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2013.03.10 12:34:35 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.02.04 10:38:42 | 000,262,560 | ---- | C] () -- C:\Windows\SysWow64\javaws.exe [2012.12.01 13:53:33 | 000,001,456 | ---- | C] () -- C:\Users\Frankie\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2012.11.15 22:24:51 | 000,000,132 | ---- | C] () -- C:\Users\Frankie\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2012.09.26 20:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.09.26 20:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.09.26 20:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.09.26 20:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.09.26 20:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.05.31 16:15:25 | 000,034,814 | ---- | C] () -- C:\Users\Frankie\AppData\Local\dt.dat [2012.02.06 20:33:21 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2011.09.03 20:01:35 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.06.08 00:01:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.06.07 23:57:59 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2011.06.07 23:49:40 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.05.22 18:48:58 | 000,782,240 | ---- | C] () -- C:\Windows\SysWow64\deployJava1.dll [2011.05.22 18:47:07 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:12 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.04.09 17:43:22 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\Amazon [2012.10.11 10:11:04 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\AVG2013 [2012.12.01 13:12:21 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\Babylon [2012.11.21 15:13:18 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\Canon [2012.11.15 11:43:13 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.03.10 16:32:05 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\Common [2011.09.02 17:42:25 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\DesktopIconForAmazon [2012.10.04 05:04:36 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\DVDVideoSoft [2012.05.26 12:35:53 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\DVDVideoSoftIEHelpers [2012.06.15 09:50:20 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\Epson [2013.03.11 20:33:47 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\FBDownloader [2013.02.24 17:36:43 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\FileZilla [2011.11.08 17:21:07 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\FireShot [2012.12.06 12:03:57 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\FreeVideoConverter [2013.03.23 22:02:32 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\ICQ [2013.03.10 16:32:11 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\Intermediate [2011.10.13 20:57:37 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\kikin [2011.09.02 17:42:18 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\OCS [2012.12.06 12:01:39 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\OpenCandy [2011.09.02 17:42:22 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\Opera [2012.11.15 21:36:30 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\PDAppFlex [2012.12.01 13:30:32 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\PerformerSoft [2013.03.03 20:55:03 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\PhotoScape [2012.11.17 17:19:29 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\Samsung [2013.03.10 16:32:06 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\SCheck [2013.03.09 22:57:22 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\SoftGrid Client [2013.03.10 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\SSync [2012.11.15 21:42:47 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.08.29 12:38:54 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\Synaptics [2011.09.03 20:02:13 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\TP [2012.12.06 12:04:29 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\TuneUp Software [2013.02.05 15:40:36 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\WildTangent [2011.10.08 21:17:49 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\Windows Live Writer [2012.06.14 10:11:46 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\YoudaGames [2012.07.30 10:53:54 | 000,000,000 | ---D | M] -- C:\Users\Frankie\AppData\Roaming\_MDLogs ========== Purity Check ========== < End of report > [/CODE] |
|
25.03.2013, 19:16
| #4 |
| | Adware Win32 PricegongCode:
ATTFilter OTL Extras logfile created on: 24.03.2013 14:12:28 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Frankie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,75 Gb Total Physical Memory | 4,10 Gb Available Physical Memory | 71,37% Memory free
11,49 Gb Paging File | 9,13 Gb Available in Paging File | 79,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,15 Gb Total Space | 617,56 Gb Free Space | 90,27% Space Free | Partition Type: NTFS
Drive D: | 14,19 Gb Total Space | 1,56 Gb Free Space | 10,97% Space Free | Partition Type: NTFS
Drive I: | 7,49 Gb Total Space | 3,09 Gb Free Space | 41,29% Space Free | Partition Type: FAT32
Computer Name: FRANKIE-HP | User Name: Frankie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A9F4FD8-2C04-43FD-94CE-CF1684829945}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{86D4AC1A-C4C5-455A-8075-70769E8996C0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0384179E-EE64-4793-A824-3E616FD24365}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{0C456F56-8B8D-42BE-9781-37616883253F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0FDE8D9B-20BD-4F75-8D94-34EA93DA4EEC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{16218286-2BB8-4B8D-8840-8C9F93020A25}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2203E2AB-C3AA-4F3A-9491-93DA83FCF19B}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{231DB6F7-DBB4-4214-84F1-E4DC21A3D840}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{2663056F-D919-4CE2-879C-F34BF3A2351A}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{30C089CD-72FA-4EC1-9386-2AE3E6D4A3B1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{3499CA10-C3FD-46E3-87CD-2BF3DB0B6036}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{38DF6D54-D698-4D9F-B904-3AAA15C1D031}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{38FD1BF1-5A0D-46EF-BF74-697C2A131427}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{5C5864FF-C884-4C93-8820-3FA561CCD4F8}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{630C7EA7-17F2-437A-BA76-C37D7E3150C1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{68DC1ED1-E248-4038-A2B7-C2FAD7EA74DD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{699BB4C9-CE53-4782-A2D5-39A82AE5E198}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{87D29FC9-1081-48B8-B994-BE7DCF0349B3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9116302B-2585-4311-80BD-5321E19D70C5}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{922AECE3-151F-4D1E-BE88-3DE8763852A9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9747D505-3CC9-455F-9E29-E64CD64D5DE6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9F935242-9ECC-43B6-B25A-66286C408719}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B66DF1DA-8E55-42B0-B7AA-A5B6EEEE5866}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{D062D3F1-1A28-4B30-82AD-836C47385407}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{D691136C-0ED4-4D3D-A7FE-F33CD616F3E4}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"TCP Query User{F8D330FD-3050-49A6-8B2D-31D5A75ADC5B}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{FDDA62EA-1636-490C-8A44-607DE743D997}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{40DB28C5-3C37-72E8-BE8F-82104E97EFCC}" = AMD Fuel
"{42A2FD03-F0C7-6DD5-8D7B-EBAA992F12AA}" = WMV9/VC-1 Video Playback
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E53B80F-4137-5F27-B4C4-88641B1E7F10}" = ccc-utility64
"{7FBA6627-88F8-0AE0-9326-FB8488DD26E0}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"DesktopIconAmazon" = Desktop Icon für Amazon
"EPSON SX125 Series" = Druckerdeinstallation für EPSON SX125 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SearchAnonymizer" = SearchAnonymizer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.5 Build #5259 Banner Remover 1.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{143774AF-ED46-EF8E-A9C5-516D67A484C2}" = CCC Help Korean
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{28B8E509-8E2A-A274-B59F-1D892778CBB6}" = CCC Help Chinese Traditional
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294C2687-77C0-4E1D-83DE-97680786602C}" = HP Quick Launch
"{2C93DDCA-E6BB-977B-8C55-724C1DA25C21}" = CCC Help Norwegian
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30DDA988-6BCC-8B14-E0BB-026DA821EC23}" = CCC Help Czech
"{311295C1-80F9-D8B6-06E4-5CBD2492460E}" = CCC Help Dutch
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A59718-E873-CE8E-718C-D56B341DD14D}" = CCC Help German
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{371794E8-423C-52DD-ED06-9385469EA274}" = CCC Help Swedish
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{384FA0C0-BB19-4CA0-8DB4-5FD4E938277F}" = Notification Center
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{39EAEE16-AF24-CF47-3BD1-7B048A5DABD3}" = CCC Help English
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3C7F25C6-6BCB-7F39-BC81-48A8B5F38EDD}" = CCC Help French
"{3FE1B94B-FB1C-1AF3-4DC2-EB5F4DB56A30}" = CCC Help Chinese Standard
"{45160C56-61F6-468D-A5B0-9FAE2C3E68D6}" = Catalyst Control Center - Branding
"{456D64EB-7E2A-FF45-EFA9-439EB529A105}" = CCC Help Greek
"{4798F9E7-BE3A-3EBF-BDF2-6751C8C38503}" = CCC Help Italian
"{483539DB-FA71-4C45-8438-55D3DCFDECC8}" = HP Software Framework
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5184A194-BA95-0411-A13C-468097CD4A06}" = Catalyst Control Center InstallProxy
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58327844-EEAB-8C79-CA64-6C3623DEF11B}" = CCC Help Polish
"{601E6B37-4FF1-FC93-F48F-F73D29040AD4}" = CCC Help Japanese
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}" = HP Documentation
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710870E4-16ED-AC81-71CF-8941963E0776}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72737A9E-FAC6-01F9-C0F3-88F6DB538607}" = CCC Help Russian
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}" = Mysteryville 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78E5E045-D6EB-57CD-02F8-F55E79882790}" = CCC Help Danish
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8BE8CC83-C423-BF43-C1A0-9C072E3785B7}" = ccc-core-static
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9761AC3A-7B7C-4ACB-8F02-140308012C4D}_is1" = FormPrinter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B35FC82A-6C05-45B0-DDE5-8DF62422E703}" = CCC Help Turkish
"{B65FCAA5-F3A6-4B3F-ABEE-CBC2B085796B}" = HP Connection Manager
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD3F5161-C40B-CA50-F82A-1F4417EE722D}" = CCC Help Spanish
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C0BD6A24-3110-E1DE-45B2-C7FC14F4DC76}" = CCC Help Thai
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D4414765-E8CD-518B-91E8-FA7C76CD2AE2}" = CCC Help Hungarian
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump 1.0
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DC6B510F-7EA2-8171-55E0-6A76B46CA17D}" = CCC Help Portuguese
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.11
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB120C5A-42D2-C901-FF0C-D0DBDD07E9BD}" = Catalyst Control Center Graphics Previews Common
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EEF4EAB8-D049-FD0A-02BD-F9F42C49551F}" = CCC Help Finnish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1BB1C5F-E94E-454C-B385-23016566644F}" = HP On Screen Display
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE163F11-1919-4257-A280-FF5AF8DAEECB}" = ICQ Sparberater
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Android Skin Pack" = Android Skin Pack 1.0-X86
"AudibleDownloadManager" = Audible Download Manager
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"ChatZum Toolbar" = ChatZum Toolbar
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DivX Setup" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"DPP" = Canon Utilities Digital Photo Professional 3.10
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EasyBits Magic Desktop" = Magic Desktop
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"EPSON Scanner" = EPSON Scan
"EPSON SX125 Series Manual" = EPSON SX125 Series Handbuch
"facemoods" = Facemoods Toolbar
"FileZilla Client" = FileZilla Client 3.6.0.1
"Fliqlo" = Fliqlo Screen Saver
"Free Video Converter_is1" = Free Video Converter V 3.1
"Free YouTube Download_is1" = Free YouTube Download version 3.1.41.1201
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Glarysoft Toolbar" = Glarysoft Toolbar
"ICQToolbar" = ICQ Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PriceGong" = PriceGong 2.6.8
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087490" = Jewel Quest Solitaire
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089460" = Mystery P.I. - The London Caper
"WT089484" = Namco All-Stars PAC-MAN
"WT089492" = Crazy Chicken Kart 2
"WT089493" = Fishdom
"WT089497" = Big Rig Europe
"Youda Legend" = Youda Legend
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.12.2012 06:38:49 | Computer Name = Frankie-HP | Source = WinMgmt | ID = 10
Description =
Error - 03.12.2012 07:01:22 | Computer Name = Frankie-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 03.12.2012 07:05:35 | Computer Name = Frankie-HP | Source = WinMgmt | ID = 10
Description =
Error - 03.12.2012 07:07:02 | Computer Name = Frankie-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 03.12.2012 07:07:36 | Computer Name = Frankie-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 03.12.2012 07:07:36 | Computer Name = Frankie-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 03.12.2012 07:08:55 | Computer Name = Frankie-HP | Source = WinMgmt | ID = 10
Description =
Error - 03.12.2012 07:11:38 | Computer Name = Frankie-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 03.12.2012 07:11:38 | Computer Name = Frankie-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 03.12.2012 07:16:07 | Computer Name = Frankie-HP | Source = WinMgmt | ID = 10
Description =
[ Hewlett-Packard Events ]
Error - 27.11.2012 08:52:58 | Computer Name = Frankie-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
5882 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)
Error - 27.11.2012 08:52:58 | Computer Name = Frankie-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
5882 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)
Error - 27.11.2012 08:52:59 | Computer Name = Frankie-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
5882 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)
Error - 27.11.2012 08:52:59 | Computer Name = Frankie-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
5882 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)
Error - 27.11.2012 08:53:00 | Computer Name = Frankie-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
5882 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)
Error - 27.11.2012 08:53:00 | Computer Name = Frankie-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
5882 Ram Utilization: 50 TargetSite: Void loadActiveCheckResult(Boolean)
Error - 27.11.2012 08:53:01 | Computer Name = Frankie-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
5882 Ram Utilization: 50 TargetSite: Void loadActiveCheckResult(Boolean)
Error - 27.11.2012 08:53:01 | Computer Name = Frankie-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
5882 Ram Utilization: 50 TargetSite: Void loadActiveCheckResult(Boolean)
Error - 27.11.2012 08:53:02 | Computer Name = Frankie-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
5882 Ram Utilization: 50 TargetSite: Void loadActiveCheckResult(Boolean)
Error - 27.11.2012 08:53:02 | Computer Name = Frankie-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
5882 Ram Utilization: 50 TargetSite: Void loadActiveCheckResult(Boolean)
[ HP Connection Manager Events ]
Error - 19.03.2013 17:43:22 | Computer Name = Frankie-HP | Source = hpCMSrv | ID = 5
Description = 2013/03/19 22:43:22.477|000014D8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 19.03.2013 17:43:24 | Computer Name = Frankie-HP | Source = hpCMSrv | ID = 5
Description = 2013/03/19 22:43:24.505|000014D8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 20.03.2013 17:34:21 | Computer Name = Frankie-HP | Source = hpCMSrv | ID = 5
Description = 2013/03/20 22:34:21.227|000016C0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 20.03.2013 17:34:38 | Computer Name = Frankie-HP | Source = hpCMSrv | ID = 5
Description = 2013/03/20 22:34:38.450|000016C0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 20.03.2013 17:34:42 | Computer Name = Frankie-HP | Source = hpCMSrv | ID = 5
Description = 2013/03/20 22:34:42.506|000016C0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 21.03.2013 17:27:45 | Computer Name = Frankie-HP | Source = hpCMSrv | ID = 5
Description = 2013/03/21 22:27:45.905|000013AC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 22.03.2013 08:41:13 | Computer Name = Frankie-HP | Source = hpCMSrv | ID = 5
Description = 2013/03/22 13:41:13.884|00000398|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 22.03.2013 08:41:20 | Computer Name = Frankie-HP | Source = hpCMSrv | ID = 5
Description = 2013/03/22 13:41:20.452|00000398|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 22.03.2013 08:47:43 | Computer Name = Frankie-HP | Source = hpCMSrv | ID = 5
Description = 2013/03/22 13:47:43.587|00001A14|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 22.03.2013 09:04:11 | Computer Name = Frankie-HP | Source = hpCMSrv | ID = 5
Description = 2013/03/22 14:04:11.497|00000C4C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
[ HP Software Framework Events ]
Error - 16.05.2012 04:17:24 | Computer Name = Frankie-HP | Source = CaslWmi | ID = 5
Description = 2012.05.16 10:17:24.959|00000504|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 17.05.2012 08:22:41 | Computer Name = Frankie-HP | Source = CaslWmi | ID = 5
Description = 2012.05.17 14:22:41.849|00000B34|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 18.05.2012 08:15:20 | Computer Name = Frankie-HP | Source = CaslWmi | ID = 5
Description = 2012.05.18 14:15:20.300|00001530|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 19.05.2012 07:48:31 | Computer Name = Frankie-HP | Source = CaslWmi | ID = 5
Description = 2012.05.19 13:48:31.147|00000340|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 19.05.2012 15:12:10 | Computer Name = Frankie-HP | Source = CaslWmi | ID = 5
Description = 2012.05.19 21:12:10.761|000015B4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 20.05.2012 06:21:41 | Computer Name = Frankie-HP | Source = CaslWmi | ID = 5
Description = 2012.05.20 12:21:41.055|0000098C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 21.05.2012 08:17:04 | Computer Name = Frankie-HP | Source = CaslWmi | ID = 5
Description = 2012.05.21 14:17:04.308|000008CC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 22.05.2012 08:25:42 | Computer Name = Frankie-HP | Source = CaslWmi | ID = 5
Description = 2012.05.22 14:25:42.461|00000B28|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 22.05.2012 08:35:48 | Computer Name = Frankie-HP | Source = CaslWmi | ID = 5
Description = 2012.05.22 14:35:48.928|00000E78|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 22.05.2012 08:35:51 | Computer Name = Frankie-HP | Source = CaslWmi | ID = 5
Description = 2012.05.22 14:35:51.989|00000F64|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
[ System Events ]
Error - 21.03.2013 15:46:58 | Computer Name = Frankie-HP | Source = BugCheck | ID = 1001
Description =
Error - 21.03.2013 15:47:10 | Computer Name = Frankie-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
Error - 22.03.2013 05:39:11 | Computer Name = Frankie-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
Error - 22.03.2013 08:42:17 | Computer Name = Frankie-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
Error - 22.03.2013 08:48:39 | Computer Name = Frankie-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
Error - 22.03.2013 08:59:35 | Computer Name = Frankie-HP | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?03.?2013 um 13:58:18 unerwartet heruntergefahren.
Error - 22.03.2013 08:59:48 | Computer Name = Frankie-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
Error - 22.03.2013 09:05:03 | Computer Name = Frankie-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
Error - 23.03.2013 15:39:54 | Computer Name = Frankie-HP | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?23.?03.?2013 um 17:46:00 unerwartet heruntergefahren.
Error - 23.03.2013 15:40:06 | Computer Name = Frankie-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
< End of report >
|
|
25.03.2013, 20:42
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adware Win32 Pricegong Ähm, meine Frage war eigentlich eher, ob ein Virenscanner jemals bei dir angeschlagen hat. Wenn ja bitte alle Logs dazu posten.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.03.2013, 22:18
| #6 |
| | Adware Win32 Pricegong Ja, wie schon gesagt... Kaspersky schlägt immer an ^^ Nur ist da jetzt irgendwie nicht die Advare Pricegong dabei, aber das ist grad alles was ich unter den Berichten finden konnte. Code:
ATTFilter Typ: trojanisches Programm (6)
Exploit.Linux.Lotoor.p Gelöscht 23.03.2013 14:24:54 C:\Documents and Settings\Frankie\Downloads\SuperOneClickv2.2-ShortFuse(1)\Exploits\ GingerBreak
Exploit.Linux.Lotoor.p Gelöscht 23.03.2013 14:24:06 C:\Documents and Settings\Frankie\Downloads\SuperOneClickv2.2-ShortFuse.zip//Exploits/ GingerBreak
Exploit.Linux.Lotoor.p Gelöscht 23.03.2013 14:24:04 C:\Documents and Settings\Frankie\Downloads\SuperOneClickv2.2-ShortFuse(1).zip//Exploits/ GingerBreak
Exploit.Linux.Lotoor.p Gelöscht 23.03.2013 12:44:47 C:\$Recycle.Bin\S-1-5-21-3495674402-3954303839-1852778492-1001\$RAJI4QK.zip//Exploits/ GingerBreak
Exploit.Linux.Lotoor.p Inaktiv 19.03.2013 15:20:01 hxxp://199.91.152.74/d8b787iyzsrg/r6g4v17ec6s08c2/SuperOneClickv2.2-ShortFuse.zip//Exploits/ GingerBreak
Exploit.Linux.Lotoor.p Gelöscht 19.03.2013 14:53:35 C:\Users\Frankie\Downloads\SuperOneClickv2.1.1-ShortFuse\Exploits\ GingerBreak
Typ: Schwachstelle (4)
hxxp://redirect.kaspersky.com/?hl=de-DE&target=securelist&rpe=1&function=advisories&VN=51090 Inaktiv 19.03.2013 13:06:13 C:\Windows\SysWOW64\Adobe\Shockwave 11\ SwInit.exe
hxxp://redirect.kaspersky.com/?hl=de-DE&target=securelist&rpe=1&function=advisories&VN=51820 Inaktiv 19.03.2013 12:58:07 C:\Program Files\Java\jre7\bin\ java.exe
hxxp://redirect.kaspersky.com/?hl=de-DE&target=securelist&rpe=1&function=advisories&VN=50949 Inaktiv 19.03.2013 12:58:04 C:\Program Files\Java\jre6\bin\ java.exe
hxxp://redirect.kaspersky.com/?hl=de-DE&target=securelist&rpe=1&function=advisories&VN=51820 Inaktiv 19.03.2013 12:58:00 C:\Program Files\Java\jdk1.7.0\bin\ javac.exe
Typ: Unbekannt (3)
SuperOneClickv2.2-ShortFuse.zip Desinfiziert 23.03.2013 14:24:06 C:\Documents and Settings\Frankie\Downloads\ SuperOneClickv2.2-ShortFuse.zip
SuperOneClickv2.2-ShortFuse(1).zip Desinfiziert 23.03.2013 14:24:04 C:\Documents and Settings\Frankie\Downloads\ SuperOneClickv2.2-ShortFuse(1).zip
$RAJI4QK.zip Desinfiziert 23.03.2013 12:44:47 C:\$Recycle.Bin\S-1-5-21-3495674402-3954303839-1852778492-1001\ $RAJI4QK.zip
|
|
25.03.2013, 23:14
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adware Win32 Pricegong Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2013, 14:02
| #8 |
| | Adware Win32 Pricegong Beim aswMBR.exe Scan wollte ich die gefundenen Objekte fixen, aber da poppte plötzlich ne Warnmeldung auf und ich war verunsichert  Deswegen hab ich es abgebrochen bzw. kann es auf Anfrage ja noch nachträglich machen, falls nötig. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.26.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Frankie :: FRANKIE-HP [administrator]
26.03.2013 11:59:45
mbar-log-2013-03-26 (11-59-45).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30718
Time elapsed: 19 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
c:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.
Files Detected: 2
c:\Users\Frankie\AppData\Roaming\FBDownloader\revert.dll (Trojan.StartPage.) -> Delete on reboot.
c:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Delete on reboot.
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-26 12:43:06
-----------------------------
12:43:06.431 OS Version: Windows x64 6.1.7601 Service Pack 1
12:43:06.431 Number of processors: 4 586 0x503
12:43:06.431 ComputerName: FRANKIE-HP UserName: Frankie
12:43:09.832 Initialize success
12:46:48.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
12:46:48.640 Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 11
12:46:48.765 Disk 0 MBR read successfully
12:46:48.765 Disk 0 MBR scan
12:46:48.780 Disk 0 Windows 7 default MBR code
12:46:48.780 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
12:46:48.796 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 700567 MB offset 409600
12:46:48.843 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14534 MB offset 1435170816
12:46:48.858 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1464936448
12:46:48.905 Disk 0 scanning C:\Windows\system32\drivers
12:46:55.972 Service scanning
12:47:01.728 Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
12:47:01.853 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
12:47:02.415 Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
12:47:02.992 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
12:47:03.039 Service kltdi C:\Windows\system32\DRIVERS\kltdi.sys **LOCKED** 5
12:47:03.085 Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
12:47:11.697 Modules scanning
12:47:11.712 Disk 0 trace - called modules:
12:47:11.759 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
12:47:11.775 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006012060]
12:47:11.790 3 CLASSPNP.SYS[fffff88000c8643f] -> nt!IofCallDriver -> [0xfffffa8005ec3ac0]
12:47:11.790 5 amd_xata.sys[fffff88000fef900] -> nt!IofCallDriver -> \Device\00000061[0xfffffa8005ebc9c0]
12:47:11.806 Scan finished successfully
12:47:38.217 Disk 0 MBR has been saved successfully to "C:\Users\Frankie\Desktop\MBR.dat"
12:47:38.217 The log file has been saved successfully to "C:\Users\Frankie\Desktop\aswMBR.txt"
Code:
ATTFilter 12:57:57.0596 6568 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:57:57.0892 6568 ============================================================
12:57:57.0892 6568 Current date / time: 2013/03/26 12:57:57.0892
12:57:57.0892 6568 SystemInfo:
12:57:57.0892 6568
12:57:57.0892 6568 OS Version: 6.1.7601 ServicePack: 1.0
12:57:57.0892 6568 Product type: Workstation
12:57:57.0892 6568 ComputerName: FRANKIE-HP
12:57:57.0892 6568 UserName: Frankie
12:57:57.0892 6568 Windows directory: C:\Windows
12:57:57.0892 6568 System windows directory: C:\Windows
12:57:57.0892 6568 Running under WOW64
12:57:57.0892 6568 Processor architecture: Intel x64
12:57:57.0892 6568 Number of processors: 4
12:57:57.0892 6568 Page size: 0x1000
12:57:57.0892 6568 Boot type: Normal boot
12:57:57.0892 6568 ============================================================
12:57:58.0610 6568 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:57:58.0610 6568 Drive \Device\Harddisk1\DR1 - Size: 0x1DFF00000 (7.50 Gb), SectorSize: 0x200, Cylinders: 0x3D2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:57:58.0625 6568 ============================================================
12:57:58.0625 6568 \Device\Harddisk0\DR0:
12:57:58.0625 6568 MBR partitions:
12:57:58.0625 6568 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
12:57:58.0625 6568 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x5584B800
12:57:58.0625 6568 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x558AF800, BlocksNum 0x1C63000
12:57:58.0625 6568 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0
12:57:58.0625 6568 \Device\Harddisk1\DR1:
12:57:58.0625 6568 MBR partitions:
12:57:58.0625 6568 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xEFD800
12:57:58.0625 6568 ============================================================
12:57:58.0641 6568 C: <-> \Device\Harddisk0\DR0\Partition2
12:57:58.0688 6568 D: <-> \Device\Harddisk0\DR0\Partition3
12:57:58.0688 6568 ============================================================
12:57:58.0688 6568 Initialize success
12:57:58.0688 6568 ============================================================
12:58:16.0784 6776 ============================================================
12:58:16.0784 6776 Scan started
12:58:16.0784 6776 Mode: Manual; SigCheck; TDLFS;
12:58:16.0784 6776 ============================================================
12:58:17.0392 6776 ================ Scan system memory ========================
12:58:17.0392 6776 System memory - ok
12:58:17.0392 6776 ================ Scan services =============================
12:58:17.0626 6776 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:58:17.0782 6776 1394ohci - ok
12:58:17.0860 6776 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
12:58:17.0907 6776 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
12:58:17.0954 6776 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:58:18.0001 6776 ACPI - ok
12:58:18.0032 6776 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:58:18.0094 6776 AcpiPmi - ok
12:58:18.0204 6776 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:58:18.0250 6776 AdobeARMservice - ok
12:58:18.0438 6776 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:58:18.0484 6776 AdobeFlashPlayerUpdateSvc - ok
12:58:18.0547 6776 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:58:18.0594 6776 adp94xx - ok
12:58:18.0656 6776 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:58:18.0687 6776 adpahci - ok
12:58:18.0718 6776 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:58:18.0734 6776 adpu320 - ok
12:58:18.0765 6776 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:58:18.0828 6776 AeLookupSvc - ok
12:58:18.0890 6776 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:58:18.0937 6776 AFD - ok
12:58:18.0984 6776 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:58:19.0015 6776 agp440 - ok
12:58:19.0046 6776 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:58:19.0077 6776 ALG - ok
12:58:19.0124 6776 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:58:19.0140 6776 aliide - ok
12:58:19.0296 6776 ALSysIO - ok
12:58:19.0327 6776 [ 7842F4961F28022A881F85BB7494AC6D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:58:19.0374 6776 AMD External Events Utility - ok
12:58:19.0452 6776 AMD FUEL Service - ok
12:58:19.0498 6776 [ DD27F6C3DE9BFE50635C721E09EDC5DD ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
12:58:19.0530 6776 AMD Reservation Manager - ok
12:58:19.0545 6776 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:58:19.0561 6776 amdide - ok
12:58:19.0592 6776 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
12:58:19.0608 6776 amdiox64 - ok
12:58:19.0623 6776 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:58:19.0670 6776 AmdK8 - ok
12:58:19.0888 6776 [ CF5FC8D37F10C9C374AE6D990C9D2CD7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:58:20.0185 6776 amdkmdag - ok
12:58:20.0216 6776 [ 2BD89CB34B67EDC64E741AA3864D8C1A ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:58:20.0263 6776 amdkmdap - ok
12:58:20.0278 6776 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:58:20.0310 6776 AmdPPM - ok
12:58:20.0356 6776 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:58:20.0388 6776 amdsata - ok
12:58:20.0403 6776 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:58:20.0450 6776 amdsbs - ok
12:58:20.0497 6776 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:58:20.0528 6776 amdxata - ok
12:58:20.0559 6776 [ 6363014D5E4CCD280FB4902EC3C2CCFE ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
12:58:20.0575 6776 amd_sata - ok
12:58:20.0590 6776 [ 51A5AED2A4CCEDA6ADDCF3194C9B29EB ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
12:58:20.0606 6776 amd_xata - ok
12:58:20.0637 6776 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
12:58:20.0668 6776 androidusb - ok
12:58:20.0731 6776 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:58:20.0793 6776 AppID - ok
12:58:20.0824 6776 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:58:20.0871 6776 AppIDSvc - ok
12:58:20.0887 6776 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:58:20.0980 6776 Appinfo - ok
12:58:20.0996 6776 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
12:58:21.0027 6776 arc - ok
12:58:21.0058 6776 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:58:21.0074 6776 arcsas - ok
12:58:21.0105 6776 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:58:21.0152 6776 AsyncMac - ok
12:58:21.0183 6776 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:58:21.0199 6776 atapi - ok
12:58:21.0277 6776 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
12:58:21.0308 6776 AtiHdmiService - ok
12:58:21.0355 6776 [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie64.sys
12:58:21.0386 6776 AtiPcie - ok
12:58:21.0417 6776 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:58:21.0495 6776 AudioEndpointBuilder - ok
12:58:21.0511 6776 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:58:21.0589 6776 AudioSrv - ok
12:58:21.0698 6776 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
12:58:21.0745 6776 AVP - ok
12:58:21.0776 6776 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:58:21.0854 6776 AxInstSV - ok
12:58:21.0916 6776 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
12:58:21.0979 6776 b06bdrv - ok
12:58:22.0057 6776 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:58:22.0135 6776 b57nd60a - ok
12:58:22.0228 6776 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
12:58:22.0260 6776 BBSvc - ok
12:58:22.0384 6776 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
12:58:22.0478 6776 BCM43XX - ok
12:58:22.0509 6776 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:58:22.0540 6776 BDESVC - ok
12:58:22.0587 6776 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:58:22.0665 6776 Beep - ok
12:58:22.0728 6776 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:58:22.0821 6776 BFE - ok
12:58:22.0868 6776 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
12:58:22.0946 6776 BITS - ok
12:58:22.0993 6776 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
12:58:23.0024 6776 blbdrive - ok
12:58:23.0133 6776 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:58:23.0164 6776 Bonjour Service - ok
12:58:23.0196 6776 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:58:23.0227 6776 bowser - ok
12:58:23.0258 6776 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:58:23.0305 6776 BrFiltLo - ok
12:58:23.0336 6776 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:58:23.0367 6776 BrFiltUp - ok
12:58:23.0398 6776 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:58:23.0445 6776 Browser - ok
12:58:23.0461 6776 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:58:23.0539 6776 Brserid - ok
12:58:23.0554 6776 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:58:23.0601 6776 BrSerWdm - ok
12:58:23.0632 6776 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:58:23.0664 6776 BrUsbMdm - ok
12:58:23.0695 6776 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:58:23.0710 6776 BrUsbSer - ok
12:58:23.0773 6776 [ A9C4AEE6AC10D41BB815468D2E734045 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
12:58:23.0820 6776 BstHdAndroidSvc - ok
12:58:23.0913 6776 [ EAE75499461AE856330EBDB3489DB1E9 ] BstHdDrv C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
12:58:23.0944 6776 BstHdDrv - ok
12:58:23.0976 6776 [ CD96992A52B454CDBB77E56F9F7FA151 ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
12:58:24.0007 6776 BstHdLogRotatorSvc - ok
12:58:24.0022 6776 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:58:24.0085 6776 BTHMODEM - ok
12:58:24.0132 6776 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:58:24.0178 6776 bthserv - ok
12:58:24.0210 6776 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:58:24.0288 6776 cdfs - ok
12:58:24.0319 6776 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:58:24.0350 6776 cdrom - ok
12:58:24.0397 6776 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:58:24.0490 6776 CertPropSvc - ok
12:58:24.0506 6776 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
12:58:24.0553 6776 circlass - ok
12:58:24.0568 6776 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:58:24.0600 6776 CLFS - ok
12:58:24.0678 6776 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:58:24.0709 6776 clr_optimization_v2.0.50727_32 - ok
12:58:24.0771 6776 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:58:24.0802 6776 clr_optimization_v2.0.50727_64 - ok
12:58:24.0865 6776 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:58:24.0896 6776 clr_optimization_v4.0.30319_32 - ok
12:58:24.0912 6776 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:58:24.0943 6776 clr_optimization_v4.0.30319_64 - ok
12:58:24.0974 6776 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
12:58:24.0990 6776 clwvd - ok
12:58:25.0036 6776 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
12:58:25.0083 6776 CmBatt - ok
12:58:25.0114 6776 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:58:25.0146 6776 cmdide - ok
12:58:25.0177 6776 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
12:58:25.0224 6776 CNG - ok
12:58:25.0239 6776 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:58:25.0255 6776 Compbatt - ok
12:58:25.0286 6776 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:58:25.0333 6776 CompositeBus - ok
12:58:25.0333 6776 COMSysApp - ok
12:58:25.0364 6776 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:58:25.0380 6776 crcdisk - ok
12:58:25.0442 6776 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:58:25.0504 6776 CryptSvc - ok
12:58:25.0614 6776 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:58:25.0660 6776 cvhsvc - ok
12:58:25.0707 6776 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:58:25.0785 6776 DcomLaunch - ok
12:58:25.0848 6776 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:58:25.0941 6776 defragsvc - ok
12:58:25.0988 6776 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:58:26.0082 6776 DfsC - ok
12:58:26.0097 6776 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
12:58:26.0128 6776 dg_ssudbus - ok
12:58:26.0160 6776 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:58:26.0206 6776 Dhcp - ok
12:58:26.0238 6776 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:58:26.0300 6776 discache - ok
12:58:26.0394 6776 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
12:58:26.0425 6776 Disk - ok
12:58:26.0456 6776 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:58:26.0518 6776 Dnscache - ok
12:58:26.0550 6776 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:58:26.0628 6776 dot3svc - ok
12:58:26.0659 6776 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:58:26.0721 6776 DPS - ok
12:58:26.0752 6776 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:58:26.0784 6776 drmkaud - ok
12:58:26.0815 6776 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:58:26.0862 6776 DXGKrnl - ok
12:58:26.0877 6776 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:58:26.0986 6776 EapHost - ok
12:58:27.0096 6776 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
12:58:27.0220 6776 ebdrv - ok
12:58:27.0252 6776 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:58:27.0283 6776 EFS - ok
12:58:27.0361 6776 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:58:27.0423 6776 ehRecvr - ok
12:58:27.0454 6776 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:58:27.0486 6776 ehSched - ok
12:58:27.0532 6776 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:58:27.0595 6776 elxstor - ok
12:58:27.0610 6776 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:58:27.0642 6776 ErrDev - ok
12:58:27.0720 6776 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:58:27.0798 6776 EventSystem - ok
12:58:27.0844 6776 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:58:27.0938 6776 exfat - ok
12:58:27.0938 6776 ezSharedSvc - ok
12:58:27.0969 6776 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:58:28.0063 6776 fastfat - ok
12:58:28.0078 6776 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:58:28.0125 6776 Fax - ok
12:58:28.0156 6776 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
12:58:28.0188 6776 fdc - ok
12:58:28.0203 6776 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:58:28.0266 6776 fdPHost - ok
12:58:28.0281 6776 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:58:28.0328 6776 FDResPub - ok
12:58:28.0344 6776 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:58:28.0359 6776 FileInfo - ok
12:58:28.0375 6776 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:58:28.0453 6776 Filetrace - ok
12:58:28.0500 6776 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:58:28.0531 6776 flpydisk - ok
12:58:28.0546 6776 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:58:28.0578 6776 FltMgr - ok
12:58:28.0640 6776 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:58:28.0718 6776 FontCache - ok
12:58:28.0765 6776 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:58:28.0796 6776 FontCache3.0.0.0 - ok
12:58:28.0812 6776 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:58:28.0843 6776 FsDepends - ok
12:58:28.0874 6776 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:58:28.0890 6776 Fs_Rec - ok
12:58:28.0905 6776 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:58:28.0936 6776 fvevol - ok
12:58:28.0968 6776 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:58:28.0999 6776 gagp30kx - ok
12:58:29.0046 6776 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
12:58:29.0092 6776 GamesAppService - ok
12:58:29.0124 6776 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:58:29.0186 6776 gpsvc - ok
12:58:29.0217 6776 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:58:29.0248 6776 hcw85cir - ok
12:58:29.0264 6776 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:58:29.0295 6776 HdAudAddService - ok
12:58:29.0326 6776 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:58:29.0358 6776 HDAudBus - ok
12:58:29.0389 6776 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:58:29.0420 6776 HidBatt - ok
12:58:29.0436 6776 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:58:29.0467 6776 HidBth - ok
12:58:29.0482 6776 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
12:58:29.0514 6776 HidIr - ok
12:58:29.0529 6776 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
12:58:29.0592 6776 hidserv - ok
12:58:29.0623 6776 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:58:29.0654 6776 HidUsb - ok
12:58:29.0685 6776 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:58:29.0779 6776 hkmsvc - ok
12:58:29.0810 6776 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:58:29.0826 6776 HomeGroupListener - ok
12:58:29.0872 6776 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:58:29.0919 6776 HomeGroupProvider - ok
12:58:30.0028 6776 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
12:58:30.0044 6776 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
12:58:30.0044 6776 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
12:58:30.0091 6776 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
12:58:30.0122 6776 HPClientSvc - ok
12:58:30.0216 6776 [ E07F8E78D08D9269E3365C2A4F637191 ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
12:58:30.0247 6776 hpCMSrv - ok
12:58:30.0325 6776 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
12:58:30.0372 6776 hpqwmiex - ok
12:58:30.0403 6776 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:58:30.0418 6776 HpSAMD - ok
12:58:30.0450 6776 [ EAD185ACDCFD81BF2172CD6F36277D50 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
12:58:30.0465 6776 HPWMISVC - ok
12:58:30.0496 6776 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:58:30.0574 6776 HTTP - ok
12:58:30.0590 6776 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:58:30.0606 6776 hwpolicy - ok
12:58:30.0652 6776 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:58:30.0684 6776 i8042prt - ok
12:58:30.0715 6776 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:58:30.0746 6776 iaStorV - ok
12:58:30.0840 6776 [ 2C3CC41FEFCB77E2826886E6B7EF93AE ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
12:58:30.0949 6776 IconMan_R - ok
12:58:31.0027 6776 [ 7A95A3AD931B97FEC5067E40636CE37F ] ICQ Service C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
12:58:31.0058 6776 ICQ Service - ok
12:58:31.0120 6776 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:58:31.0183 6776 idsvc - ok
12:58:31.0198 6776 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:58:31.0214 6776 iirsp - ok
12:58:31.0261 6776 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:58:31.0354 6776 IKEEXT - ok
12:58:31.0386 6776 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:58:31.0401 6776 intelide - ok
12:58:31.0432 6776 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
12:58:31.0464 6776 intelppm - ok
12:58:31.0479 6776 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:58:31.0557 6776 IPBusEnum - ok
12:58:31.0588 6776 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:58:31.0651 6776 IpFilterDriver - ok
12:58:31.0698 6776 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:58:31.0760 6776 iphlpsvc - ok
12:58:31.0791 6776 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:58:31.0838 6776 IPMIDRV - ok
12:58:31.0854 6776 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:58:31.0916 6776 IPNAT - ok
12:58:31.0947 6776 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:58:31.0963 6776 IRENUM - ok
12:58:31.0994 6776 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:58:32.0010 6776 isapnp - ok
12:58:32.0056 6776 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:58:32.0103 6776 iScsiPrt - ok
12:58:32.0134 6776 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
12:58:32.0150 6776 kbdclass - ok
12:58:32.0197 6776 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:58:32.0244 6776 kbdhid - ok
12:58:32.0259 6776 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:58:32.0290 6776 KeyIso - ok
12:58:32.0353 6776 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
12:58:32.0400 6776 kl1 - ok
12:58:32.0462 6776 [ 65F3B81FA285EAB641F5E6EF7AEB984D ] KLIF C:\Windows\system32\DRIVERS\klif.sys
12:58:32.0509 6776 KLIF - ok
12:58:32.0524 6776 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
12:58:32.0540 6776 KLIM6 - ok
12:58:32.0556 6776 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
12:58:32.0571 6776 klkbdflt - ok
12:58:32.0587 6776 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
12:58:32.0602 6776 klmouflt - ok
12:58:32.0634 6776 [ A8081ED8D48FA611D11DB97F49A5343D ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
12:58:32.0649 6776 kltdi - ok
12:58:32.0665 6776 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
12:58:32.0680 6776 kneps - ok
12:58:32.0712 6776 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:58:32.0758 6776 KSecDD - ok
12:58:32.0774 6776 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:58:32.0790 6776 KSecPkg - ok
12:58:32.0821 6776 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:58:32.0883 6776 ksthunk - ok
12:58:32.0914 6776 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:58:32.0992 6776 KtmRm - ok
12:58:33.0055 6776 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
12:58:33.0164 6776 LanmanServer - ok
12:58:33.0180 6776 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:58:33.0258 6776 LanmanWorkstation - ok
12:58:33.0304 6776 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:58:33.0382 6776 lltdio - ok
12:58:33.0414 6776 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:58:33.0460 6776 lltdsvc - ok
12:58:33.0507 6776 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:58:33.0585 6776 lmhosts - ok
12:58:33.0648 6776 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:58:33.0679 6776 LSI_FC - ok
12:58:33.0710 6776 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:58:33.0726 6776 LSI_SAS - ok
12:58:33.0741 6776 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:58:33.0772 6776 LSI_SAS2 - ok
12:58:33.0788 6776 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:58:33.0804 6776 LSI_SCSI - ok
12:58:33.0835 6776 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:58:33.0882 6776 luafv - ok
12:58:33.0944 6776 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:58:33.0991 6776 Mcx2Svc - ok
12:58:34.0022 6776 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
12:58:34.0053 6776 megasas - ok
12:58:34.0084 6776 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:58:34.0116 6776 MegaSR - ok
12:58:34.0131 6776 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:58:34.0194 6776 MMCSS - ok
12:58:34.0225 6776 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:58:34.0287 6776 Modem - ok
12:58:34.0318 6776 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:58:34.0365 6776 monitor - ok
12:58:34.0412 6776 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:58:34.0443 6776 mouclass - ok
12:58:34.0474 6776 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:58:34.0506 6776 mouhid - ok
12:58:34.0537 6776 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:58:34.0552 6776 mountmgr - ok
12:58:34.0615 6776 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:58:34.0646 6776 MozillaMaintenance - ok
12:58:34.0662 6776 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:58:34.0693 6776 mpio - ok
12:58:34.0724 6776 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:58:34.0771 6776 mpsdrv - ok
12:58:34.0802 6776 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:58:34.0864 6776 MpsSvc - ok
12:58:34.0880 6776 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:58:34.0927 6776 MRxDAV - ok
12:58:34.0958 6776 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:58:34.0989 6776 mrxsmb - ok
12:58:35.0020 6776 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:58:35.0052 6776 mrxsmb10 - ok
12:58:35.0067 6776 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:58:35.0083 6776 mrxsmb20 - ok
12:58:35.0098 6776 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:58:35.0114 6776 msahci - ok
12:58:35.0145 6776 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:58:35.0161 6776 msdsm - ok
12:58:35.0176 6776 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:58:35.0223 6776 MSDTC - ok
12:58:35.0270 6776 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:58:35.0317 6776 Msfs - ok
12:58:35.0332 6776 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:58:35.0395 6776 mshidkmdf - ok
12:58:35.0426 6776 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:58:35.0457 6776 msisadrv - ok
12:58:35.0488 6776 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:58:35.0582 6776 MSiSCSI - ok
12:58:35.0598 6776 msiserver - ok
12:58:35.0629 6776 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:58:35.0707 6776 MSKSSRV - ok
12:58:35.0738 6776 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:58:35.0800 6776 MSPCLOCK - ok
12:58:35.0816 6776 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:58:35.0863 6776 MSPQM - ok
12:58:35.0878 6776 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:58:35.0910 6776 MsRPC - ok
12:58:35.0956 6776 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:58:35.0988 6776 mssmbios - ok
12:58:36.0003 6776 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:58:36.0050 6776 MSTEE - ok
12:58:36.0066 6776 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:58:36.0112 6776 MTConfig - ok
12:58:36.0128 6776 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:58:36.0144 6776 Mup - ok
12:58:36.0190 6776 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:58:36.0253 6776 napagent - ok
12:58:36.0331 6776 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:58:36.0424 6776 NativeWifiP - ok
12:58:36.0502 6776 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:58:36.0565 6776 NDIS - ok
12:58:36.0612 6776 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:58:36.0674 6776 NdisCap - ok
12:58:36.0705 6776 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:58:36.0783 6776 NdisTapi - ok
12:58:36.0799 6776 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:58:36.0861 6776 Ndisuio - ok
12:58:36.0892 6776 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:58:36.0939 6776 NdisWan - ok
12:58:36.0970 6776 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:58:37.0033 6776 NDProxy - ok
12:58:37.0064 6776 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:58:37.0126 6776 NetBIOS - ok
12:58:37.0158 6776 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:58:37.0204 6776 NetBT - ok
12:58:37.0236 6776 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:58:37.0251 6776 Netlogon - ok
12:58:37.0298 6776 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:58:37.0360 6776 Netman - ok
12:58:37.0423 6776 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:58:37.0516 6776 netprofm - ok
12:58:37.0532 6776 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:58:37.0563 6776 NetTcpPortSharing - ok
12:58:37.0579 6776 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:58:37.0594 6776 nfrd960 - ok
12:58:37.0626 6776 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:58:37.0657 6776 NlaSvc - ok
12:58:37.0672 6776 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:58:37.0735 6776 Npfs - ok
12:58:37.0750 6776 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:58:37.0797 6776 nsi - ok
12:58:37.0813 6776 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:58:37.0875 6776 nsiproxy - ok
12:58:37.0953 6776 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:58:38.0062 6776 Ntfs - ok
12:58:38.0078 6776 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:58:38.0125 6776 Null - ok
12:58:38.0156 6776 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
12:58:38.0187 6776 NVENETFD - ok
12:58:38.0234 6776 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:58:38.0265 6776 nvraid - ok
12:58:38.0312 6776 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:58:38.0343 6776 nvstor - ok
12:58:38.0359 6776 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:58:38.0390 6776 nv_agp - ok
12:58:38.0406 6776 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:58:38.0421 6776 ohci1394 - ok
12:58:38.0468 6776 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:58:38.0499 6776 ose - ok
12:58:38.0686 6776 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:58:38.0920 6776 osppsvc - ok
12:58:38.0967 6776 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:58:39.0014 6776 p2pimsvc - ok
12:58:39.0045 6776 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:58:39.0076 6776 p2psvc - ok
12:58:39.0092 6776 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
12:58:39.0139 6776 Parport - ok
12:58:39.0170 6776 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:58:39.0186 6776 partmgr - ok
12:58:39.0201 6776 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:58:39.0264 6776 PcaSvc - ok
12:58:39.0295 6776 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:58:39.0326 6776 pci - ok
12:58:39.0357 6776 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:58:39.0373 6776 pciide - ok
12:58:39.0388 6776 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:58:39.0404 6776 pcmcia - ok
12:58:39.0435 6776 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:58:39.0451 6776 pcw - ok
12:58:39.0482 6776 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:58:39.0560 6776 PEAUTH - ok
12:58:39.0685 6776 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:58:39.0732 6776 PerfHost - ok
12:58:39.0810 6776 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:58:39.0950 6776 pla - ok
12:58:39.0981 6776 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:58:40.0028 6776 PlugPlay - ok
12:58:40.0059 6776 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:58:40.0106 6776 PNRPAutoReg - ok
12:58:40.0137 6776 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:58:40.0168 6776 PNRPsvc - ok
12:58:40.0200 6776 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:58:40.0278 6776 PolicyAgent - ok
12:58:40.0309 6776 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:58:40.0402 6776 Power - ok
12:58:40.0434 6776 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:58:40.0512 6776 PptpMiniport - ok
12:58:40.0527 6776 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
12:58:40.0558 6776 Processor - ok
12:58:40.0590 6776 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:58:40.0621 6776 ProfSvc - ok
12:58:40.0636 6776 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:58:40.0652 6776 ProtectedStorage - ok
12:58:40.0683 6776 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:58:40.0792 6776 Psched - ok
12:58:40.0870 6776 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:58:40.0933 6776 ql2300 - ok
12:58:40.0964 6776 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:58:40.0980 6776 ql40xx - ok
12:58:41.0011 6776 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:58:41.0042 6776 QWAVE - ok
12:58:41.0058 6776 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:58:41.0073 6776 QWAVEdrv - ok
12:58:41.0104 6776 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:58:41.0151 6776 RasAcd - ok
12:58:41.0167 6776 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:58:41.0229 6776 RasAgileVpn - ok
12:58:41.0245 6776 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:58:41.0307 6776 RasAuto - ok
12:58:41.0338 6776 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:58:41.0401 6776 Rasl2tp - ok
12:58:41.0432 6776 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:58:41.0479 6776 RasMan - ok
12:58:41.0510 6776 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:58:41.0572 6776 RasPppoe - ok
12:58:41.0588 6776 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:58:41.0650 6776 RasSstp - ok
12:58:41.0682 6776 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:58:41.0791 6776 rdbss - ok
12:58:41.0806 6776 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
12:58:41.0853 6776 rdpbus - ok
12:58:41.0869 6776 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:58:41.0916 6776 RDPCDD - ok
12:58:41.0962 6776 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:58:42.0056 6776 RDPENCDD - ok
12:58:42.0087 6776 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:58:42.0134 6776 RDPREFMP - ok
12:58:42.0181 6776 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:58:42.0228 6776 RdpVideoMiniport - ok
12:58:42.0259 6776 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:58:42.0290 6776 RDPWD - ok
12:58:42.0321 6776 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:58:42.0352 6776 rdyboost - ok
12:58:42.0384 6776 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:58:42.0446 6776 RemoteAccess - ok
12:58:42.0477 6776 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:58:42.0540 6776 RemoteRegistry - ok
12:58:42.0571 6776 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:58:42.0633 6776 RpcEptMapper - ok
12:58:42.0664 6776 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:58:42.0711 6776 RpcLocator - ok
12:58:42.0727 6776 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:58:42.0789 6776 RpcSs - ok
12:58:42.0820 6776 [ D5C3E1629A3F7F0857D27949252B94CE ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
12:58:42.0852 6776 RSPCIESTOR - ok
12:58:42.0867 6776 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:58:42.0914 6776 rspndr - ok
12:58:42.0976 6776 [ A73ED14670220307874AD6BC2F279349 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:58:43.0023 6776 RTL8167 - ok
12:58:43.0070 6776 [ 5FA2F4F658FCA7816A5FF6980B95C5F9 ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys
12:58:43.0117 6776 RTL8192Ce - ok
12:58:43.0132 6776 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:58:43.0148 6776 SamSs - ok
12:58:43.0164 6776 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:58:43.0195 6776 sbp2port - ok
12:58:43.0210 6776 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:58:43.0273 6776 SCardSvr - ok
12:58:43.0288 6776 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:58:43.0335 6776 scfilter - ok
12:58:43.0382 6776 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:58:43.0491 6776 Schedule - ok
12:58:43.0538 6776 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:58:43.0585 6776 SCPolicySvc - ok
12:58:43.0616 6776 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
12:58:43.0663 6776 sdbus - ok
12:58:43.0678 6776 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:58:43.0710 6776 SDRSVC - ok
12:58:43.0756 6776 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
12:58:43.0772 6776 SeaPort - ok
12:58:43.0897 6776 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\Frankie\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
12:58:43.0912 6776 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
12:58:43.0912 6776 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
12:58:43.0944 6776 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:58:44.0022 6776 secdrv - ok
12:58:44.0053 6776 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:58:44.0100 6776 seclogon - ok
12:58:44.0115 6776 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
12:58:44.0178 6776 SENS - ok
12:58:44.0209 6776 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:58:44.0271 6776 SensrSvc - ok
12:58:44.0302 6776 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
12:58:44.0365 6776 Serenum - ok
12:58:44.0396 6776 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
12:58:44.0458 6776 Serial - ok
12:58:44.0490 6776 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:58:44.0521 6776 sermouse - ok
12:58:44.0568 6776 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:58:44.0646 6776 SessionEnv - ok
12:58:44.0677 6776 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:58:44.0724 6776 sffdisk - ok
12:58:44.0724 6776 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:58:44.0755 6776 sffp_mmc - ok
12:58:44.0786 6776 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:58:44.0817 6776 sffp_sd - ok
12:58:44.0880 6776 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:58:44.0911 6776 sfloppy - ok
12:58:44.0973 6776 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
12:58:45.0020 6776 Sftfs - ok
12:58:45.0082 6776 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:58:45.0129 6776 sftlist - ok
12:58:45.0160 6776 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:58:45.0176 6776 Sftplay - ok
12:58:45.0192 6776 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:58:45.0207 6776 Sftredir - ok
12:58:45.0223 6776 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
12:58:45.0238 6776 Sftvol - ok
12:58:45.0254 6776 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:58:45.0270 6776 sftvsa - ok
12:58:45.0301 6776 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:58:45.0379 6776 SharedAccess - ok
12:58:45.0410 6776 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:58:45.0504 6776 ShellHWDetection - ok
12:58:45.0535 6776 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:58:45.0566 6776 SiSRaid2 - ok
12:58:45.0582 6776 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:58:45.0597 6776 SiSRaid4 - ok
12:58:45.0628 6776 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:58:45.0691 6776 Smb - ok
12:58:45.0738 6776 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:58:45.0769 6776 SNMPTRAP - ok
12:58:45.0800 6776 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:58:45.0816 6776 spldr - ok
12:58:45.0878 6776 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:58:45.0925 6776 Spooler - ok
12:58:46.0018 6776 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:58:46.0190 6776 sppsvc - ok
12:58:46.0221 6776 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:58:46.0284 6776 sppuinotify - ok
12:58:46.0315 6776 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:58:46.0408 6776 srv - ok
12:58:46.0440 6776 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:58:46.0518 6776 srv2 - ok
12:58:46.0564 6776 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
12:58:46.0596 6776 SrvHsfHDA - ok
12:58:46.0658 6776 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
12:58:46.0783 6776 SrvHsfV92 - ok
12:58:46.0814 6776 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
12:58:46.0861 6776 SrvHsfWinac - ok
12:58:46.0892 6776 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:58:46.0923 6776 srvnet - ok
12:58:46.0954 6776 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
12:58:47.0017 6776 ssadbus - ok
12:58:47.0048 6776 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
12:58:47.0079 6776 ssadmdfl - ok
12:58:47.0110 6776 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
12:58:47.0157 6776 ssadmdm - ok
12:58:47.0204 6776 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
12:58:47.0251 6776 ssadserd - ok
12:58:47.0298 6776 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
12:58:47.0329 6776 sscdbus - ok
12:58:47.0360 6776 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
12:58:47.0391 6776 sscdmdfl - ok
12:58:47.0407 6776 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
12:58:47.0438 6776 sscdmdm - ok
12:58:47.0469 6776 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:58:47.0532 6776 SSDPSRV - ok
12:58:47.0563 6776 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:58:47.0625 6776 SstpSvc - ok
12:58:47.0656 6776 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
12:58:47.0672 6776 ssudmdm - ok
12:58:47.0734 6776 [ 293A556E04F815477AE93E07B35065E6 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
12:58:47.0781 6776 STacSV - ok
12:58:47.0797 6776 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:58:47.0828 6776 stexstor - ok
12:58:47.0859 6776 [ AA3C0336514C239A171F00A6902B59B8 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
12:58:47.0906 6776 STHDA - ok
12:58:47.0968 6776 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:58:48.0046 6776 stisvc - ok
12:58:48.0078 6776 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:58:48.0093 6776 swenum - ok
12:58:48.0218 6776 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:58:48.0280 6776 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
12:58:48.0280 6776 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
12:58:48.0312 6776 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:58:48.0405 6776 swprv - ok
12:58:48.0452 6776 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:58:48.0483 6776 SynTP - ok
12:58:48.0561 6776 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:58:48.0655 6776 SysMain - ok
12:58:48.0686 6776 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:58:48.0717 6776 TabletInputService - ok
12:58:48.0733 6776 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:58:48.0780 6776 TapiSrv - ok
12:58:48.0795 6776 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:58:48.0858 6776 TBS - ok
12:58:48.0951 6776 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:58:49.0045 6776 Tcpip - ok
12:58:49.0107 6776 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:58:49.0185 6776 TCPIP6 - ok
12:58:49.0216 6776 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:58:49.0263 6776 tcpipreg - ok
12:58:49.0294 6776 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:58:49.0326 6776 TDPIPE - ok
12:58:49.0357 6776 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:58:49.0372 6776 TDTCP - ok
12:58:49.0388 6776 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:58:49.0482 6776 tdx - ok
12:58:49.0513 6776 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:58:49.0560 6776 TermDD - ok
12:58:49.0591 6776 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:58:49.0638 6776 TermService - ok
12:58:49.0653 6776 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:58:49.0684 6776 Themes - ok
12:58:49.0716 6776 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:58:49.0762 6776 THREADORDER - ok
12:58:49.0778 6776 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:58:49.0887 6776 TrkWks - ok
12:58:49.0934 6776 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:58:50.0028 6776 TrustedInstaller - ok
12:58:50.0028 6776 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:58:50.0121 6776 tssecsrv - ok
12:58:50.0168 6776 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:58:50.0184 6776 TsUsbFlt - ok
12:58:50.0215 6776 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
12:58:50.0230 6776 TsUsbGD - ok
12:58:50.0246 6776 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:58:50.0308 6776 tunnel - ok
12:58:50.0355 6776 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:58:50.0371 6776 uagp35 - ok
12:58:50.0402 6776 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:58:50.0449 6776 udfs - ok
12:58:50.0480 6776 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:58:50.0511 6776 UI0Detect - ok
12:58:50.0542 6776 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:58:50.0574 6776 uliagpkx - ok
12:58:50.0605 6776 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:58:50.0636 6776 umbus - ok
12:58:50.0667 6776 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
12:58:50.0714 6776 UmPass - ok
12:58:50.0745 6776 [ 8F387A1CC015A3F5020700C657A0FC85 ] UnsignedThemes C:\Windows\UnsignedThemesSvc.exe
12:58:50.0792 6776 UnsignedThemes - ok
12:58:50.0808 6776 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:58:50.0886 6776 upnphost - ok
12:58:50.0901 6776 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:58:50.0932 6776 usbccgp - ok
12:58:50.0948 6776 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:58:50.0995 6776 usbcir - ok
12:58:51.0026 6776 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:58:51.0057 6776 usbehci - ok
12:58:51.0088 6776 [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
12:58:51.0104 6776 usbfilter - ok
12:58:51.0135 6776 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:58:51.0182 6776 usbhub - ok
12:58:51.0213 6776 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:58:51.0244 6776 usbohci - ok
12:58:51.0291 6776 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:58:51.0354 6776 usbprint - ok
12:58:51.0385 6776 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
12:58:51.0432 6776 usbscan - ok
12:58:51.0463 6776 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:58:51.0494 6776 USBSTOR - ok
12:58:51.0541 6776 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:58:51.0588 6776 usbuhci - ok
12:58:51.0634 6776 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:58:51.0681 6776 usbvideo - ok
12:58:51.0728 6776 [ 297EE9C666FC8BB96A232DB0DDBA1E49 ] uxpatch C:\Windows\system32\drivers\uxpatch.sys
12:58:51.0759 6776 uxpatch - ok
12:58:51.0790 6776 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:58:51.0853 6776 UxSms - ok
12:58:51.0868 6776 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:58:51.0900 6776 VaultSvc - ok
12:58:51.0931 6776 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:58:51.0946 6776 vdrvroot - ok
12:58:51.0978 6776 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:58:52.0056 6776 vds - ok
12:58:52.0071 6776 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:58:52.0102 6776 vga - ok
12:58:52.0118 6776 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:58:52.0196 6776 VgaSave - ok
12:58:52.0227 6776 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:58:52.0258 6776 vhdmp - ok
12:58:52.0290 6776 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:58:52.0305 6776 viaide - ok
12:58:52.0321 6776 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:58:52.0352 6776 volmgr - ok
12:58:52.0368 6776 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:58:52.0399 6776 volmgrx - ok
12:58:52.0414 6776 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:58:52.0446 6776 volsnap - ok
12:58:52.0461 6776 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:58:52.0492 6776 vsmraid - ok
12:58:52.0539 6776 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:58:52.0617 6776 VSS - ok
12:58:52.0633 6776 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:58:52.0664 6776 vwifibus - ok
12:58:52.0695 6776 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:58:52.0726 6776 vwififlt - ok
12:58:52.0758 6776 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:58:52.0820 6776 W32Time - ok
12:58:52.0836 6776 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:58:52.0898 6776 WacomPen - ok
12:58:52.0929 6776 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:58:53.0038 6776 WANARP - ok
12:58:53.0054 6776 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:58:53.0132 6776 Wanarpv6 - ok
12:58:53.0179 6776 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:58:53.0257 6776 wbengine - ok
12:58:53.0288 6776 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:58:53.0319 6776 WbioSrvc - ok
12:58:53.0350 6776 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:58:53.0382 6776 wcncsvc - ok
12:58:53.0397 6776 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:58:53.0444 6776 WcsPlugInService - ok
12:58:53.0475 6776 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
12:58:53.0491 6776 Wd - ok
12:58:53.0553 6776 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:58:53.0600 6776 Wdf01000 - ok
12:58:53.0631 6776 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:58:53.0662 6776 WdiServiceHost - ok
12:58:53.0678 6776 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:58:53.0725 6776 WdiSystemHost - ok
12:58:53.0740 6776 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:58:53.0803 6776 WebClient - ok
12:58:53.0834 6776 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:58:53.0896 6776 Wecsvc - ok
12:58:53.0912 6776 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:58:53.0959 6776 wercplsupport - ok
12:58:54.0006 6776 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:58:54.0052 6776 WerSvc - ok
12:58:54.0115 6776 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:58:54.0193 6776 WfpLwf - ok
12:58:54.0208 6776 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:58:54.0224 6776 WIMMount - ok
12:58:54.0240 6776 WinDefend - ok
12:58:54.0255 6776 WinHttpAutoProxySvc - ok
12:58:54.0333 6776 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:58:54.0411 6776 Winmgmt - ok
12:58:54.0505 6776 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:58:54.0676 6776 WinRM - ok
12:58:54.0754 6776 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:58:54.0817 6776 WinUsb - ok
12:58:54.0864 6776 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:58:54.0957 6776 Wlansvc - ok
12:58:55.0035 6776 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:58:55.0066 6776 wlcrasvc - ok
12:58:55.0222 6776 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:58:55.0363 6776 wlidsvc - ok
12:58:55.0394 6776 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:58:55.0425 6776 WmiAcpi - ok
12:58:55.0472 6776 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:58:55.0519 6776 wmiApSrv - ok
12:58:55.0566 6776 WMPNetworkSvc - ok
12:58:55.0597 6776 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:58:55.0644 6776 WPCSvc - ok
12:58:55.0644 6776 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:58:55.0675 6776 WPDBusEnum - ok
12:58:55.0690 6776 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:58:55.0737 6776 ws2ifsl - ok
12:58:55.0753 6776 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
12:58:55.0800 6776 wscsvc - ok
12:58:55.0815 6776 WSearch - ok
12:58:55.0924 6776 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:58:56.0034 6776 wuauserv - ok
12:58:56.0080 6776 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:58:56.0112 6776 WudfPf - ok
12:58:56.0143 6776 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:58:56.0174 6776 WUDFRd - ok
12:58:56.0205 6776 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:58:56.0268 6776 wudfsvc - ok
12:58:56.0299 6776 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:58:56.0346 6776 WwanSvc - ok
12:58:56.0377 6776 ================ Scan global ===============================
12:58:56.0392 6776 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:58:56.0424 6776 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:58:56.0455 6776 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
12:58:56.0502 6776 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:58:56.0533 6776 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:58:56.0548 6776 [Global] - ok
12:58:56.0548 6776 ================ Scan MBR ==================================
12:58:56.0580 6776 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:58:57.0126 6776 \Device\Harddisk0\DR0 - ok
12:58:57.0141 6776 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
12:58:57.0282 6776 \Device\Harddisk1\DR1 - ok
12:58:57.0282 6776 ================ Scan VBR ==================================
12:58:57.0282 6776 [ 3181A534C9609949CDD3A8FDFA7998FC ] \Device\Harddisk0\DR0\Partition1
12:58:57.0282 6776 \Device\Harddisk0\DR0\Partition1 - ok
12:58:57.0313 6776 [ 23DBB239A1727A2A3416999EA64C37CD ] \Device\Harddisk0\DR0\Partition2
12:58:57.0313 6776 \Device\Harddisk0\DR0\Partition2 - ok
12:58:57.0344 6776 [ BB6ACAA61C1F035D6481C6D9497F68B5 ] \Device\Harddisk0\DR0\Partition3
12:58:57.0344 6776 \Device\Harddisk0\DR0\Partition3 - ok
12:58:57.0375 6776 [ 267BF5C0EB020F73B522A742804D0210 ] \Device\Harddisk0\DR0\Partition4
12:58:57.0375 6776 \Device\Harddisk0\DR0\Partition4 - ok
12:58:57.0391 6776 [ E00344E17E81B8D958D573A4C6A0D7AA ] \Device\Harddisk1\DR1\Partition1
12:58:57.0391 6776 \Device\Harddisk1\DR1\Partition1 - ok
12:58:57.0391 6776 ============================================================
12:58:57.0391 6776 Scan finished
12:58:57.0391 6776 ============================================================
12:58:57.0422 1828 Detected object count: 3
12:58:57.0422 1828 Actual detected object count: 3
12:59:31.0056 1828 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
12:59:31.0056 1828 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:59:31.0071 1828 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
12:59:31.0071 1828 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:59:31.0071 1828 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
12:59:31.0071 1828 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:59:34.0347 6492 Deinitialize success
|
|
26.03.2013, 14:13
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adware Win32 Pricegong Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2013, 14:45
| #10 |
| | Adware Win32 Pricegong Combofix Logfile: Code:
ATTFilter ComboFix 13-03-25.01 - Frankie 26.03.2013 14:24:55.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.5883.4023 [GMT 1:00]
ausgeführt von:: c:\users\Frankie\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ChatZum Toolbar\tbunsi7DBF.tmp\tbHElper.dll
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\uninstall.exe
c:\program files (x86)\kikin
c:\program files (x86)\kikin\default_settings.xml
c:\program files (x86)\kikin\ie_kikin.dll
c:\program files (x86)\kikin\KikinBroker.exe
c:\program files (x86)\kikin\KikinCrashReporter.exe
c:\program files (x86)\kikin\uninst.exe
c:\users\Frankie\AppData\Roaming\kikin
c:\users\Frankie\AppData\Roaming\kikin\ff_configuration.xml
c:\users\Frankie\AppData\Roaming\kikin\ff_settings.xml
c:\users\Frankie\AppData\Roaming\kikin\ie_configuration.xml
c:\users\Frankie\AppData\Roaming\kikin\ie_kkes.xml
c:\users\Frankie\AppData\Roaming\kikin\ie_settings.xml
c:\users\Frankie\AppData\Roaming\kikin\KikinHelper.exe
c:\users\Frankie\AppData\Roaming\kikin\kkes.xml
c:\windows\IsUn0407.exe
c:\windows\SysWow64\themeui.dll.tmp
c:\windows\SysWow64\uxtheme.dll.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-26 bis 2013-03-26 ))))))))))))))))))))))))))))))
.
.
2013-03-26 13:35 . 2013-03-26 13:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-26 13:31 . 2013-03-26 13:31 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32B8A4F0-C39B-4A30-98E6-7F0512C09F20}\offreg.dll
2013-03-26 10:38 . 2013-03-26 10:38 -------- d-----w- c:\programdata\Malwarebytes
2013-03-26 10:37 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32B8A4F0-C39B-4A30-98E6-7F0512C09F20}\mpengine.dll
2013-03-22 12:40 . 2013-03-22 12:40 -------- d-----w- c:\program files (x86)\Skin Pack
2013-03-20 13:46 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-14 15:32 . 2012-07-11 16:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2013-03-14 15:32 . 2013-03-14 15:32 -------- d-----w- c:\windows\ELAMBKUP
2013-03-14 15:32 . 2013-03-26 12:16 -------- d-----w- c:\programdata\Kaspersky Lab
2013-03-14 15:32 . 2013-03-14 15:32 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2013-03-14 15:32 . 2013-03-14 15:43 613720 ----a-w- c:\windows\system32\drivers\klif.sys
2013-03-14 15:32 . 2012-08-13 17:24 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-03-13 22:06 . 2013-03-13 22:06 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-13 22:06 . 2013-03-13 22:06 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-11 19:36 . 2013-03-11 19:36 -------- d-----w- c:\users\Frankie\restore
2013-03-10 15:40 . 2010-11-21 03:24 257024 ----a-w- c:\windows\system32\stobject.dll
2013-03-10 15:40 . 2010-11-21 03:24 14336 ----a-w- c:\windows\system32\browseui.dll
2013-03-10 15:40 . 2010-11-21 03:24 1866240 ----a-w- c:\windows\system32\ExplorerFrame.dll
2013-03-10 15:40 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-03-10 15:40 . 2010-11-21 03:23 225280 ----a-w- c:\windows\system32\SndVolSSO.dll
2013-03-10 15:40 . 2010-11-21 03:23 1927680 ----a-w- c:\windows\system32\authui.dll
2013-03-10 15:40 . 2009-07-14 01:38 1162240 ----a-w- c:\windows\system32\wscui.cpl
2013-03-10 15:40 . 2010-11-21 03:23 1808384 ----a-w- c:\windows\system32\pnidui.dll
2013-03-10 15:40 . 2013-03-11 10:23 -------- d-----w- c:\windows\UXBackup
2013-03-10 15:40 . 2009-07-14 01:28 20268032 ----a-w- c:\windows\system32\imageres.dll
2013-03-10 15:39 . 2013-03-11 10:21 -------- d-----w- c:\program files (x86)\UX Pack
2013-03-10 15:39 . 2011-08-11 11:47 76288 ----a-w- c:\windows\SysWow64\moveex.exe
2013-03-10 15:32 . 2013-03-10 15:32 -------- d-----w- c:\users\Frankie\AppData\Roaming\Intermediate
2013-03-10 15:32 . 2013-03-10 15:32 -------- d-----w- c:\users\Frankie\AppData\Roaming\SSync
2013-03-10 15:32 . 2013-03-10 15:32 -------- d-----w- c:\users\Frankie\AppData\Roaming\SCheck
2013-03-10 15:32 . 2013-03-26 11:01 -------- d-----w- c:\users\Frankie\AppData\Roaming\FBDownloader
2013-03-10 15:32 . 2013-03-10 15:32 -------- d-----w- c:\users\Frankie\AppData\Roaming\Common
2013-03-10 15:20 . 2013-03-10 15:20 -------- d-----w- c:\program files (x86)\ChatZum Toolbar
2013-03-10 11:36 . 2013-03-10 11:39 -------- d-----w- c:\users\Frankie\AppData\Roaming\Apple Computer
2013-03-10 11:36 . 2013-03-10 11:36 -------- d-----w- c:\users\Frankie\AppData\Local\Apple Computer
2013-03-10 11:35 . 2013-03-10 11:35 -------- d-----w- c:\program files (x86)\Safari
2013-03-10 11:35 . 2013-03-10 11:35 -------- d-----w- c:\programdata\Apple Computer
2013-03-10 11:34 . 2013-03-10 11:34 -------- d-----w- c:\program files\Bonjour
2013-03-10 11:34 . 2013-03-10 11:34 -------- d-----w- c:\program files (x86)\Bonjour
2013-03-10 11:34 . 2013-03-10 11:34 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-03-05 21:11 . 2013-03-05 21:11 -------- d-----w- c:\users\Frankie\AppData\Local\Evernote
2013-03-01 10:17 . 2013-03-01 10:17 -------- d-----w- c:\windows\CheckSur
2013-02-27 13:31 . 2013-02-27 13:31 680624 ----a-w- c:\windows\system32\Fliqlo.scr
2013-02-27 13:31 . 2013-02-27 13:31 680624 ------w- c:\windows\SysWow64\Fliqlo.scr
2013-02-27 13:31 . 2013-02-27 13:31 -------- d-----w- c:\programdata\Screentime
2013-02-27 13:31 . 2013-02-27 13:31 -------- d-----w- c:\users\Frankie\AppData\Local\Screentime
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-14 15:43 . 2012-06-08 10:38 54104 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-03-13 22:09 . 2012-12-07 09:21 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 15:07 . 2012-04-04 13:17 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 15:07 . 2011-08-30 20:26 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-14 16:54 . 2011-05-22 17:49 252296 ----a-w- c:\windows\system32\javaws.exe
2013-02-14 16:54 . 2011-05-22 17:49 188808 ----a-w- c:\windows\system32\javaw.exe
2013-02-14 16:54 . 2011-05-22 17:49 627600 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-14 16:54 . 2011-05-22 17:49 188808 ----a-w- c:\windows\system32\java.exe
2013-02-12 05:45 . 2013-03-13 20:24 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 20:24 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 20:24 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 20:24 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 20:24 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 20:24 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-06 06:42 . 2013-02-06 06:42 708168 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2013-02-06 06:42 . 2013-02-06 06:42 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-02-04 09:38 . 2013-02-04 09:38 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-04 09:38 . 2012-06-21 14:52 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-01-17 00:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:53 . 2013-02-14 10:34 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-14 10:34 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-14 10:34 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-14 10:34 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-14 10:34 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-14 10:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-14 10:34 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-14 10:34 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-14 10:34 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-14 10:34 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-14 10:34 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-14 10:34 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-14 10:34 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A7AF277D-1466-4A7B-93AF-B043984A5671}]
2012-07-31 08:38 2669408 ------w- c:\program files (x86)\Glarysoft Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 20:20 1515688 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FE163F11-1919-4257-A280-FF5AF8DAEECB}]
2011-08-24 13:26 50240 ----a-w- c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-05-09 176936]
"{32D47EA5-9473-4CAD-805D-9999F15D5AE2}"= "c:\program files (x86)\Glarysoft Toolbar\tbcore3.dll" [2012-07-31 2669408]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{32d47ea5-9473-4cad-805d-9999f15d5ae2}]
[HKEY_CLASSES_ROOT\TBSB05810.TBSB05810.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB05810.TBSB05810]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-01-10 1475952]
"KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-12-18 578560]
"SCheck"="c:\users\Frankie\AppData\Roaming\SCheck\SCheck.exe" [2012-12-19 41984]
"SSync"="c:\users\Frankie\AppData\Roaming\SSync\SSync.exe" [2012-12-19 41984]
"Intermediate"="c:\users\Frankie\AppData\Roaming\Intermediate\Intermediate.exe" [2012-12-19 41984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-28 336384]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-03-30 586808]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-03-30 319544]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-01-10 310128]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-06-25 1073352]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2012-10-25 593784]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-03-14 356376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Frankie\Downloads\mbar-1.01.0.1021\mbar\mbar.exe" [2013-02-16 1363016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-8-29 110592]
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
RocketDock.lnk - c:\windows\Android Skin Pack\RocketDock\RocketDock.exe [N/A]
UberIcon.lnk - c:\windows\Android Skin Pack\UberIcon\UberIcon.exe [N/A]
YzShadow.lnk - c:\windows\Android Skin Pack\YzShadow\YzShadow.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\Frankie\AppData\Local\Temp\ALSysIO64.sys [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2012-06-27 36328]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2012-06-27 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2012-06-27 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2012-06-27 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2012-06-27 146920]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-01-29 77952]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-01-29 38016]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-03-14 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-28 203776]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-02-28 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-10-25 71032]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-10-25 384888]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-03-30 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-01-14 1751656]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-11-21 247608]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\Frankie\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [2011-09-07 40960]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 24168]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-13 30568]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-09-13 1098296]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-10-25 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-10-25 29528]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-13 333928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-03-30 1143400]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 30790474
*NewlyCreated* - ASWMBR
*Deregistered* - 30790474
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 15:07]
.
2013-02-27 c:\windows\Tasks\HPCeeScheduleForFRANKIE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
2013-03-07 c:\windows\Tasks\HPCeeScheduleForFrankie.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-17 525312]
"Ocs_SM"="c:\users\Frankie\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2011-09-07 106496]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.windowsxlive.net
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome
mStart Page = hxxp://search.chatzum.com/?orig=HP&affid=62&cztbid=542741626
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=b9511718-2272-4629-96b4-0adac2ea66a2&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
mSearchAssistant = hxxp://start.facemoods.com/?a=cqde&s={searchTerms}&f=4
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Free YouTube Download - c:\users\Frankie\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Frankie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Frankie\AppData\Roaming\Mozilla\Firefox\Profiles\hwbkmg4t.Frankie\
FF - prefs.js: browser.search.selectedEngine - FBDownloader Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=542741626&q=
FF - ExtSQL: 2013-03-14 16:43; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-03-14 16:43; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-03-14 16:43; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-03-14 16:43; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-03-14 16:43; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF - user.js: extensions.claro.tlbrSrchUrl -
FF - user.js: extensions.claro.id - c286916a000000000000ac81127e6155
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15675
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1013:12
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - irhnew
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll
BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files (x86)\kikin\ie_kikin.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
Toolbar-10 - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.8\uninstall.exe
AddRemove-{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA} - c:\program files (x86)\kikin\uninst.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-26 14:39:32
ComboFix-quarantined-files.txt 2013-03-26 13:39
.
Vor Suchlauf: 8 Verzeichnis(se), 659.130.171.392 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 660.191.535.104 Bytes frei
.
- - End Of File - - 8498B05A39FDEB74CAAA560C41622188
|
|
26.03.2013, 16:15
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adware Win32 Pricegong JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.03.2013, 17:18
| #12 |
| | Adware Win32 PricegongCode:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Home Premium x64
Ran by Frankie on 26.03.2013 at 16:31:30,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] icq service
Successfully deleted: [Service] icq service
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\bprotector start page
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\bprotectordefaultscope
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{1bb22d38-a411-4b13-a746-c2a4f4ec7344}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{855f3b16-6d32-4fe6-8a56-bbb695989046}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{855f3b16-6d32-4fe6-8a56-bbb695989046}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{db4e9724-f518-4dfd-9c7c-78b52103cab9}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3495674402-3954303839-1852778492-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Failed to delete: [Registry Key] hkey_local_machine\software\datamngr
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\iminent
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\icq service.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\pricegongie.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbcommonutils.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbhelper.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\escort.escrtbtn.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\esrv.escrtsrvc
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\esrv.escrtsrvc.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\facemoods.xtrnl
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\facemoods.xtrnl.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\facemoodsapp.appcore
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\facemoodsapp.appcore.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\icqtoolbar.iehook
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\icqtoolbar.iehook.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbcommonutils.commonutils
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbcommonutils.commonutils.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbdownloadmanager
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbdownloadmanager.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbpropertymanager
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbpropertymanager.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbrequest
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbrequest.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbtask
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbtask.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.toolbarhelper
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.toolbarhelper.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.contextmenunotifier
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.contextmenunotifier.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.custominternetsecurityimpl
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.custominternetsecurityimpl.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.searchprovidermanager
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.searchprovidermanager.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\facemoodssrv_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\facemoodssrv_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\iminent_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs
Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2269050
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0d7562ae-8ef6-416d-a838-ab665251703a}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{1bb22d38-a411-4b13-a746-c2a4f4ec7344}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{57cadc46-58ff-4105-b733-5a9f3fc9783c}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{64182481-4f71-486b-a045-b233bd0da8fc}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{64182481-4f71-486b-a045-b233bd0da8fc}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{855f3b16-6d32-4fe6-8a56-bbb695989046}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{db4e9724-f518-4dfd-9c7c-78b52103cab9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fcbccb87-9224-4b8d-b117-f56d924beb18}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fcbccb87-9224-4b8d-b117-f56d924beb18}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\browser manager"
Successfully deleted: [Folder] "C:\Users\Frankie\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Frankie\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Frankie\AppData\Roaming\fbdownloader"
Successfully deleted: [Folder] "C:\Users\Frankie\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Frankie\AppData\Roaming\performersoft"
Successfully deleted: [Folder] "C:\Users\Frankie\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Frankie\appdata\local\smartbar"
Successfully deleted: [Folder] "C:\Users\Frankie\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Frankie\appdata\locallow\claro ltd"
Successfully deleted: [Folder] "C:\Users\Frankie\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Frankie\appdata\locallow\dvdvideosofttb"
Successfully deleted: [Folder] "C:\Users\Frankie\appdata\locallow\facemoods.com"
Successfully deleted: [Folder] "C:\Users\Frankie\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Frankie\appdata\locallow\toolbar4"
Successfully deleted: [Folder] "C:\Program Files (x86)\chatzum toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\dvdvideosofttb"
Successfully deleted: [Folder] "C:\Program Files (x86)\glarysoft toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\pricegong"
Successfully deleted: [Folder] "C:\Users\Frankie\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
~~~ FireFox
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdsrch.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\user.js
Successfully deleted: [File] C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\hwbkmg4t.Frankie\user.js
Successfully deleted: [File] C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\hwbkmg4t.Frankie\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\hwbkmg4t.Frankie\searchplugins\conduit.xml
Successfully deleted: [File] C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\hwbkmg4t.Frankie\searchplugins\mngr.xml
Successfully deleted: [File] C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\searchplugins\search_results.xml
Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com"
Successfully deleted: [Folder] C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\hwbkmg4t.Frankie\smartbar
Successfully deleted: [Folder] C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\extensions\ffxtlbr@Facemoods.com
Failed to delete: [Folder] C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
Successfully deleted: [Folder] C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\extensions\{8a9386b4-e958-4c4c-adf4-8f26db3e4829}
Successfully deleted: [Registry Value] hkey_current_user\software\mozilla\firefox\extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted the following from C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\prefs.js
user_pref("extensions.facemoods.aflt", "_#cqde");
user_pref("extensions.facemoods.firstRun", false);
user_pref("extensions.facemoods.lastActv", "6");
user_pref("extensions.ffxtlbr@Facemoods.com.install-event-fired", true);
Successfully deleted the following from C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\hwbkmg4t.Frankie\prefs.js
user_pref("CT2269050.1000082.isPlayDisplay", "true");
user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\":\"Hotmix 108\",\"url\":\"hxxp://67.202.67.18:8082\"}");
user_pref("CT2269050.1000234.TWC_TMP_city", "MUENCHEN");
user_pref("CT2269050.1000234.TWC_TMP_country", "DE");
user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.FirstTime", "true");
user_pref("CT2269050.FirstTimeFF3", "true");
user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=");
user_pref("CT2269050.UserID", "UN80163022692228095");
user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2269050.autoDisableScopes", 0);
user_pref("CT2269050.browser.search.defaultthis.engineName", true);
user_pref("CT2269050.defaultSearch", "true");
user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT2269050.enableAlerts", "false");
user_pref("CT2269050.enableSearchFromAddressBar", "true");
user_pref("CT2269050.firstTimeDialogOpened", "true");
user_pref("CT2269050.fixPageNotFoundError", "true");
user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2269050.installId", "ConduitNSISIntegration");
user_pref("CT2269050.installType", "ConduitNSISIntegration");
user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.isNewTabEnabled", true);
user_pref("CT2269050.isPerformedSmartBarTransition", "true");
user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2269050.keyword", true);
user_pref("CT2269050.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.facebook.com%2F\",\"EB_MAIN_FRAME_TITLE\":\"Facebook\",\"EB_TOO
user_pref("CT2269050.openThankYouPage", "false");
user_pref("CT2269050.openUninstallPage", "true");
user_pref("CT2269050.search.searchAppId", "128834881989343895");
user_pref("CT2269050.search.searchCount", "0");
user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2269050\"}");
user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DVDVideoSoftTB.OurToolbar.com//xpi\"}");
user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DVDVideoSoftTB\"}");
user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1338035499288");
user_pref("CT2269050.serviceLayer_services_appTracking_lastUpdate", "1338035501317");
user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1338035499065");
user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1338035500724");
user_pref("CT2269050.serviceLayer_services_login_10.10.2.10_lastUpdate", "1339089299343");
user_pref("CT2269050.serviceLayer_services_optimizer_lastUpdate", "1338035499320");
user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1338035500674");
user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1338035496946");
user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1339083083266");
user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1338035500760");
user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1339089298321");
user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1339083083600");
user_pref("CT2269050.settingsINI", true);
user_pref("CT2269050.shouldFirstTimeDialog", "false");
user_pref("CT2269050.smartbar.CTID", "CT2269050");
user_pref("CT2269050.smartbar.Uninstall", "0");
user_pref("CT2269050.smartbar.homepage", true);
user_pref("CT2269050.smartbar.isHidden", true);
user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
user_pref("CT2269050.startPage", "userChanged");
user_pref("CT2269050.toolbarBornServerTime", "26-5-2012");
user_pref("CT2269050.toolbarCurrentServerTime", "7-6-2012");
user_pref("CT2269050.toolbarDisabled", "true");
user_pref("Smartbar.ConduitHomepagesList", "");
user_pref("Smartbar.ConduitSearchEngineList", "DVDVideoSoftTB Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/route/?d=4e5ba197&v=7.008.031.001&i=23&tp=ab&iy=&ychte=de&lng=de&q=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT2269050");
user_pref("browser.search.selectedEngine", "FBDownloader Search");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=114506&tt=4812_6&babsrc=NT_clro&mntrId=c286916a000000000000ac81127e6155");
user_pref("extensions.claro.admin", false);
user_pref("extensions.claro.aflt", "babsst");
user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
user_pref("extensions.claro.dfltLng", "en");
user_pref("extensions.claro.excTlbr", false);
user_pref("extensions.claro.id", "c286916a000000000000ac81127e6155");
user_pref("extensions.claro.instlDay", "15675");
user_pref("extensions.claro.instlRef", "sst");
user_pref("extensions.claro.prdct", "claro");
user_pref("extensions.claro.prtnrId", "claro");
user_pref("extensions.claro.tlbrId", "irhnew");
user_pref("extensions.claro.tlbrSrchUrl", "");
user_pref("extensions.claro.vrsn", "1.8.3.10");
user_pref("extensions.claro.vrsni", "1.8.3.10");
user_pref("extensions.claro_i.smplGrp", "none");
user_pref("extensions.claro_i.vrsnTs", "1.8.3.1013:12:39");
user_pref("extensions.helperbar.SmartbarDisabled", false);
user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
user_pref("id_chatzum_softonic_installed_version", "1.0.20");
user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1363004930110");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent109", "1363182720664");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent110", "1363201224866");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent111", "1363182720689");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent112", "1363204089509");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent122", "1363182720712");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1363181467773");
user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent140", "1363028621545");
user_pref("iminent.webbooster.scripts.sslminibar.ShowThankyouPixel", "0");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1363120485477");
user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent105", "1363212060870");
user_pref("keyword.URL", "hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=542741626&q=");
Emptied folder: C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\hwbkmg4t.Frankie\minidumps [176 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.03.2013 at 16:47:33,19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.115 - Datei am 26/03/2013 um 16:55:49 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Frankie - FRANKIE-HP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Frankie\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Frankie\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\Frankie\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\Frankie\AppData\Roaming\Mozilla\Firefox\Profiles\hwbkmg4t.Frankie\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Frankie\AppData\Roaming\Mozilla\Firefox\Profiles\hwbkmg4t.Frankie\bprotector_prefs.js
Datei Gelöscht : C:\Users\Frankie\AppData\Roaming\Mozilla\Firefox\Profiles\hwbkmg4t.Frankie\searchplugins\fbdownloader_search.xml
Datei Gelöscht : C:\Users\Frankie\AppData\Roaming\Mozilla\Firefox\Profiles\ltfof94n.default\searchplugins\icqplugin.xml
Gelöscht mit Neustart : C:\Users\Frankie\AppData\Roaming\Mozilla\Firefox\Profiles\ltfof94n.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Ordner Gelöscht : C:\Users\Frankie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl
Ordner Gelöscht : C:\Users\Frankie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Ordner Gelöscht : C:\Users\Frankie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Ordner Gelöscht : C:\Users\Frankie\AppData\LocalLow\AVG Security Toolbar
Ordner Gelöscht : C:\Users\Frankie\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Frankie\AppData\Roaming\Mozilla\Firefox\Profiles\ltfof94n.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
Ordner Gelöscht : C:\Users\Frankie\AppData\Roaming\Mozilla\Firefox\Profiles\ltfof94n.default\extensions\firejump@firejump.net
Ordner Gelöscht : C:\Users\Frankie\AppData\Roaming\OCS
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\facemoods.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Schlüssel Gelöscht : HKCU\Software\84d6dfbd3dea10
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\Software\facemoods.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\84d6dfbd3dea10
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32D47EA5-9473-4CAD-805D-9999F15D5AE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7AF277D-1466-4A7B-93AF-B043984A5671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26A8152A-D2A2-4388-96B5-996F8199D21B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7AF277D-1466-4A7B-93AF-B043984A5671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [firejump@firejump.net]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32D47EA5-9473-4CAD-805D-9999F15D5AE2}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.glarysoft.com/?src=newtab --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=b9511718-2272-4629-96b4-0adac2ea66a2&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=b9511718-2272-4629-96b4-0adac2ea66a2&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=cqde&s={searchTerms}&f=4 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://isearch.glarysoft.com/?src=iehome --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Frankie\AppData\Roaming\Mozilla\Firefox\Profiles\hwbkmg4t.Frankie\prefs.js
Gelöscht : user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\"[...]
Gelöscht : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2269050.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Gelöscht : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gelöscht : user_pref("browser.search.defaultenginename", "ChatZumSearch");
Gelöscht : user_pref("browser.search.order.1", "ChatZumSearch");
Gelöscht : user_pref("id_gubar_tabpage", "hxxp%3A//isearch.glarysoft.com/%3Fsrc%3Dnewtab");
Datei : C:\Users\Frankie\AppData\Roaming\Mozilla\Firefox\Profiles\ltfof94n.default\prefs.js
Gelöscht : user_pref("browser.startup.homepage", "hxxp://isearch.glarysoft.com/?src=ffhome");
Gelöscht : user_pref("icqtoolbar.installsource", "1");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "yes");
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Frankie\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [379 octets] - [26/03/2013 16:55:16]
AdwCleaner[S2].txt - [32768 octets] - [26/03/2013 16:55:49]
########## EOF - C:\AdwCleaner[S2].txt - [32829 octets] ##########
|
|
26.03.2013, 17:21
| #13 |
| | Adware Win32 Pricegong OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.03.2013 17:02:46 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Frankie\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,75 Gb Total Physical Memory | 3,59 Gb Available Physical Memory | 62,52% Memory free 11,49 Gb Paging File | 9,09 Gb Available in Paging File | 79,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 684,15 Gb Total Space | 615,04 Gb Free Space | 89,90% Space Free | Partition Type: NTFS Drive D: | 14,19 Gb Total Space | 1,56 Gb Free Space | 10,97% Space Free | Partition Type: NTFS Drive I: | 7,49 Gb Total Space | 3,01 Gb Free Space | 40,22% Space Free | Partition Type: FAT32 Computer Name: FRANKIE-HP | User Name: Frankie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Frankie\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) PRC - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll () MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BstHdLogRotatorSvc) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) SRV - (BstHdAndroidSvc) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.) SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (HPClientSvc) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (AMD Reservation Manager) -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (UnsignedThemes) -- C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation) DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (uxpatch) -- C:\Windows\SysNative\drivers\uxpatch.sys () DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BstHdDrv) -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys (BlueStack Systems) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{59DBA956-559A-4168-8CA9-68C8C5B1A45E}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKLM\..\SearchScopes\{59DBA956-559A-4168-8CA9-68C8C5B1A45E}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=542741626&q={searchTerms} IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = IE - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.windowsxlive.net IE - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26666F726D3D48504E5444462670633D48504E544446267372633D49452D536561726368426F78&st={searchTerms}&clid=e9ceeff9-f9ab-4a8b-8681-9c6d9fc71eb4&pid=icqt&k=1 IE - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\..\SearchScopes\{1}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\..\SearchScopes\{1C5893D4-258A-4AF5-A63B-88B0D00C111B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&SSPV=IENOSGBR IE - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\..\SearchScopes\{32B8D044-E1F4-40D5-8876-ABCDDCE55DFA}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=e9ceeff9-f9ab-4a8b-8681-9c6d9fc71eb4&pid=icqt&mode=bounce&k=1 IE - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\..\SearchScopes\{3306CD58-A712-420D-9751-519AB0FEE6FA}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=e9ceeff9-f9ab-4a8b-8681-9c6d9fc71eb4&pid=icqt&mode=bounce&k=1 IE - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\..\SearchScopes\{59DBA956-559A-4168-8CA9-68C8C5B1A45E}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E616D617A6F6E2E64652F732F7265663D617A735F6F73645F69656164653F69653D5554462D38267461673D68702D6465322D7673622D3231266C696E6B253546636F64653D717326696E6465783D617073266669656C642D6B6579776F7264733D7B7365617263685465726D737D&st={searchTerms}&clid=e9ceeff9-f9ab-4a8b-8681-9c6d9fc71eb4&pid=icqt&k=1 IE - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E6B696B696E2E636F6D2F7365617263682F3F713D7B7365617263685465726D737D&st={searchTerms}&clid=e9ceeff9-f9ab-4a8b-8681-9c6d9fc71eb4&pid=icqt&k=1 IE - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = hxxp://isearch.glarysoft.com/?q={searchTerms}&src=iesearch IE - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?anonymto=687474703A2F2F64652E77696B6970656469612E6F72672F77696B692F5370656369616C3A5365617263683F7365617263683D7B7365617263685465726D737D&st={searchTerms}&clid=e9ceeff9-f9ab-4a8b-8681-9c6d9fc71eb4&pid=icqt&k=1 IE - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com.anonymize-me.de/?anonymto=687474703A2F2F726F7665722E656261792E636F6D2F726F7665722F312F3730372D3131313037362D31393237302D332F343F6D7072653D687474703A2F2F73686F702E656261792E636F6D2F3F5F6E6B773D7B7365617263685465726D737D&st={searchTerms}&clid=e9ceeff9-f9ab-4a8b-8681-9c6d9fc71eb4&pid=icqt&k=1 IE - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\..\SearchScopes\{F31B76F9-56A2-4A8B-A714-061F5874BAA9}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=009f33bf-8eb0-49c0-8158-daaf19cf36f4&apn_sauid=971B9B5E-A507-438C-BFE0-BB29C50A7D2D& IE - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\..\SearchScopes\{F65A4A81-E6FF-4241-B32F-D4F423D665D3}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=e9ceeff9-f9ab-4a8b-8681-9c6d9fc71eb4&pid=icqt&mode=bounce&k=1 IE - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Glary Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: firejump@firejump.net:1.0.0.0 FF - prefs.js..extensions.enabledAddons: lazarus@interclue.com:2.3 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7 FF - prefs.js..extensions.enabledAddons: avg@toolbar:10.2.0.3 FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.18 19:15:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.03.14 16:43:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.03.14 16:43:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.03.14 16:43:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.03.14 16:43:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.03.14 16:43:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 11:56:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 11:56:47 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 11:56:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 11:56:47 | 000,000,000 | ---D | M] [2012.12.01 17:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frankie\AppData\Roaming\mozilla\Extensions [2013.03.10 21:05:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frankie\AppData\Roaming\mozilla\Firefox\Profiles\hwbkmg4t.Frankie\extensions [2012.12.08 11:21:54 | 000,000,000 | ---D | M] (Foxdie) -- C:\Users\Frankie\AppData\Roaming\mozilla\Firefox\Profiles\hwbkmg4t.Frankie\extensions\Foxdie@tanjihay.com [2013.03.26 16:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frankie\AppData\Roaming\mozilla\Firefox\Profiles\ltfof94n.default\extensions [2013.02.23 16:38:23 | 000,779,952 | ---- | M] () (No name found) -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\hwbkmg4t.Frankie\extensions\Australis@SoapyHamHocks.xpi [2012.05.07 16:25:25 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\hwbkmg4t.Frankie\extensions\lazarus@interclue.com.xpi [2013.02.14 17:38:52 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\hwbkmg4t.Frankie\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.09.07 20:50:25 | 000,090,420 | ---- | M] () (No name found) -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\extensions\ciuvo-extension@icq.de.xpi [2011.10.05 16:13:35 | 000,109,632 | ---- | M] () (No name found) -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\extensions\compatibility@addons.mozilla.org.xpi [2011.08.29 16:20:01 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\extensions\lazarus@interclue.com.xpi [2011.09.07 19:57:00 | 000,001,640 | ---- | M] () -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\searchplugins\kikin-search.xml [2011.09.07 19:57:00 | 000,001,864 | ---- | M] () -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\searchplugins\{30F8BD7B-88FE-4C11-BEDC-2BDB14B4794D}.xml [2011.09.07 19:57:00 | 000,001,088 | ---- | M] () -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\searchplugins\{6CD2292F-0EF4-4610-B1DD-05D16DFAE8DD}.xml [2011.09.07 19:57:00 | 000,002,182 | ---- | M] () -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\searchplugins\{B06018DC-EFB0-45B7-9667-2B8F929CB3C7}.xml [2011.09.07 19:57:00 | 000,002,071 | ---- | M] () -- C:\Users\Frankie\AppData\Roaming\mozilla\firefox\profiles\ltfof94n.default\searchplugins\{D2E2F51D-B581-4781-8942-3C417B724240}.xml [2013.03.26 16:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.08 11:56:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.03.08 11:56:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.03.08 11:56:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.02.18 19:15:15 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 File not found (No name found) -- C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.2.0.3 File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7\ File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.34\ File not found (No name found) -- C:\USERS\FRANKIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LTFOF94N.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C} File not found (No name found) -- C:\USERS\FRANKIE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LTFOF94N.DEFAULT\EXTENSIONS\FIREJUMP@FIREJUMP.NET [2013.03.08 11:56:52 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.10.14 21:02:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.30 10:12:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.10.14 21:02:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.11 21:52:30 | 000,001,567 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\glarysearch.xml [2011.10.14 21:02:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.14 21:02:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.14 21:02:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: O1 HOSTS File: ([2013.03.26 14:36:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Frankie\AppData\Roaming\OCS\SM\SearchAnonymizer.exe File not found O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001..\Run: [Intermediate] C:\Users\Frankie\AppData\Roaming\Intermediate\Intermediate.exe () O4 - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001..\Run: [SCheck] C:\Users\Frankie\AppData\Roaming\SCheck\SCheck.exe () O4 - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001..\Run: [SSync] C:\Users\Frankie\AppData\Roaming\SSync\SSync.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-3495674402-3954303839-1852778492-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Frankie\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Frankie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Free YouTube Download - C:\Users\Frankie\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Frankie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.13.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{060AF79B-DCB1-41CC-B2C3-2980A61F0934}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.26 16:31:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.26 16:31:20 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.26 16:28:09 | 000,550,069 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Frankie\Desktop\JRT.exe [2013.03.26 14:42:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.26 14:39:35 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.26 14:22:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.26 14:22:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.26 14:22:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.26 14:22:38 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.26 14:22:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.26 14:20:29 | 005,044,493 | R--- | C] (Swearware) -- C:\Users\Frankie\Desktop\ComboFix.exe [2013.03.26 12:54:21 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Frankie\Desktop\tdsskiller.exe [2013.03.26 12:25:08 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Frankie\Desktop\aswMBR.exe [2013.03.26 11:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.24 14:11:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Frankie\Desktop\OTL.exe [2013.03.22 13:40:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skin Pack [2013.03.22 13:39:55 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2013.03.22 13:39:29 | 020,268,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imageres.dll [2013.03.22 13:39:28 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll [2013.03.22 13:39:26 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SndVolSSO.dll [2013.03.22 13:39:24 | 001,750,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pnidui.dll [2013.03.22 13:39:23 | 000,740,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\batmeter.dll [2013.03.22 13:39:22 | 001,792,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.03.22 13:39:21 | 000,705,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imagesp1.dll [2013.03.22 13:39:18 | 002,755,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\themeui.dll.backup [2013.03.22 13:39:18 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ActionCenter.dll [2013.03.20 14:46:39 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.14 16:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013 [2013.03.14 16:32:58 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll [2013.03.14 16:32:24 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP [2013.03.14 16:32:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.03.14 16:32:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2013.03.14 16:32:04 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2013.03.14 16:32:04 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys [2013.03.13 23:08:26 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.13 23:08:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.13 23:08:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.13 23:08:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.13 23:08:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.13 23:08:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.13 23:08:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.13 23:08:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.13 23:08:24 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.13 23:08:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.13 23:08:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.13 23:08:24 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.13 23:08:22 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.13 23:08:22 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.13 23:08:21 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.13 23:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.13 23:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.13 23:06:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.11 20:36:46 | 000,000,000 | ---D | C] -- C:\Users\Frankie\restore [2013.03.11 13:03:51 | 000,000,000 | ---D | C] -- C:\Users\Frankie\Desktop\to blog [2013.03.11 13:03:39 | 000,000,000 | ---D | C] -- C:\Users\Frankie\Desktop\Grafiken [2013.03.11 13:03:18 | 000,000,000 | ---D | C] -- C:\Users\Frankie\Desktop\blogged [2013.03.10 16:40:19 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\stobject.dll [2013.03.10 16:40:18 | 001,866,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll [2013.03.10 16:40:15 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.03.10 16:40:15 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscui.cpl [2013.03.10 16:40:15 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SndVolSSO.dll [2013.03.10 16:40:14 | 001,808,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pnidui.dll [2013.03.10 16:40:07 | 020,268,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imageres.dll [2013.03.10 16:40:07 | 000,000,000 | ---D | C] -- C:\Windows\UXBackup [2013.03.10 16:39:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UX Pack [2013.03.10 16:32:11 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Roaming\Intermediate [2013.03.10 16:32:09 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Roaming\SSync [2013.03.10 16:32:06 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Roaming\SCheck [2013.03.10 16:32:05 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Roaming\Common [2013.03.10 12:36:06 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Roaming\Apple Computer [2013.03.10 12:36:06 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\Apple Computer [2013.03.10 12:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari [2013.03.10 12:35:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.03.10 12:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.03.10 12:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013.03.10 12:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.03.08 11:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.05 22:11:19 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\Evernote [2013.03.01 11:17:20 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur [2013.02.27 14:31:06 | 000,680,624 | ---- | C] (ScreenTime Media) -- C:\Windows\SysWow64\Fliqlo.scr [2013.02.27 14:31:06 | 000,680,624 | ---- | C] (ScreenTime Media) -- C:\Windows\SysNative\Fliqlo.scr [2013.02.27 14:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Screentime [2013.02.27 14:31:03 | 000,000,000 | ---D | C] -- C:\Users\Frankie\AppData\Local\Screentime ========== Files - Modified Within 30 Days ========== [2013.03.26 17:06:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.26 17:05:13 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.26 17:05:13 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.26 16:57:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.26 16:57:31 | 331,534,335 | -HS- | M] () -- C:\hiberfil.sys [2013.03.26 16:56:19 | 000,000,192 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.03.26 16:54:12 | 000,609,993 | ---- | M] () -- C:\Users\Frankie\Desktop\adwcleaner.exe [2013.03.26 16:28:31 | 000,550,069 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Frankie\Desktop\JRT.exe [2013.03.26 15:22:05 | 000,000,132 | ---- | M] () -- C:\Users\Frankie\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.03.26 14:36:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.26 14:21:07 | 005,044,493 | R--- | M] (Swearware) -- C:\Users\Frankie\Desktop\ComboFix.exe [2013.03.26 12:54:32 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Frankie\Desktop\tdsskiller.exe [2013.03.26 12:47:38 | 000,000,512 | ---- | M] () -- C:\Users\Frankie\Desktop\MBR.dat [2013.03.26 12:26:41 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Frankie\Desktop\aswMBR.exe [2013.03.25 20:45:33 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.25 20:45:33 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.25 20:45:33 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.25 20:45:33 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.25 20:45:33 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.24 15:59:11 | 1192,943,855 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.24 14:11:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Frankie\Desktop\OTL.exe [2013.03.24 14:10:01 | 000,000,000 | ---- | M] () -- C:\Users\Frankie\defogger_reenable [2013.03.22 13:40:06 | 000,001,079 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\YzShadow.lnk [2013.03.22 13:40:05 | 000,001,099 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk [2013.03.22 13:40:05 | 000,001,079 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UberIcon.lnk [2013.03.19 15:15:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf [2013.03.14 16:43:34 | 000,613,720 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2013.03.14 16:43:34 | 000,054,104 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys [2013.03.14 13:48:26 | 000,003,072 | -H-- | M] () -- C:\Users\Frankie\Desktop\photothumb.db [2013.03.14 11:15:05 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.03.13 16:07:40 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.13 16:07:40 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.12 12:34:48 | 005,018,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.07 10:32:53 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForFrankie.job [2013.02.27 14:31:06 | 000,680,624 | ---- | M] (ScreenTime Media) -- C:\Windows\SysWow64\Fliqlo.scr [2013.02.27 14:31:06 | 000,680,624 | ---- | M] (ScreenTime Media) -- C:\Windows\SysNative\Fliqlo.scr [2013.02.27 13:23:36 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForFRANKIE-HP$.job [2013.02.26 17:20:50 | 000,001,456 | ---- | M] () -- C:\Users\Frankie\AppData\Local\Adobe Für Web speichern 13.0 Prefs ========== Files Created - No Company Name ========== [2013.03.26 16:56:06 | 000,000,192 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.03.26 16:53:57 | 000,609,993 | ---- | C] () -- C:\Users\Frankie\Desktop\adwcleaner.exe [2013.03.26 14:22:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.26 14:22:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.26 14:22:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.26 14:22:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.26 14:22:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.26 12:47:38 | 000,000,512 | ---- | C] () -- C:\Users\Frankie\Desktop\MBR.dat [2013.03.24 14:10:01 | 000,000,000 | ---- | C] () -- C:\Users\Frankie\defogger_reenable [2013.03.22 13:40:06 | 000,001,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\YzShadow.lnk [2013.03.22 13:40:05 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk [2013.03.22 13:40:05 | 000,001,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UberIcon.lnk [2013.03.19 15:15:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf [2013.03.14 13:48:26 | 000,003,072 | -H-- | C] () -- C:\Users\Frankie\Desktop\photothumb.db [2013.03.10 16:39:33 | 000,076,288 | ---- | C] () -- C:\Windows\SysWow64\moveex.exe [2013.03.10 16:20:34 | 000,000,898 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog [2013.03.10 12:35:55 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2013.03.10 12:34:35 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.02.04 10:38:42 | 000,262,560 | ---- | C] () -- C:\Windows\SysWow64\javaws.exe [2012.12.01 13:53:33 | 000,001,456 | ---- | C] () -- C:\Users\Frankie\AppData\Local\Adobe Für Web speichern 13.0 Prefs [2012.11.15 22:24:51 | 000,000,132 | ---- | C] () -- C:\Users\Frankie\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2012.09.26 20:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.09.26 20:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.09.26 20:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.09.26 20:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.09.26 20:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.05.31 16:15:25 | 000,034,814 | ---- | C] () -- C:\Users\Frankie\AppData\Local\dt.dat [2012.02.06 20:33:21 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2011.09.03 20:01:35 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.06.08 00:01:25 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.06.07 23:57:59 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2011.06.07 23:49:40 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.05.22 18:48:58 | 000,782,240 | ---- | C] () -- C:\Windows\SysWow64\deployJava1.dll [2011.05.22 18:47:07 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:12 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.03.2013 17:02:46 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Frankie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
5,75 Gb Total Physical Memory | 3,59 Gb Available Physical Memory | 62,52% Memory free
11,49 Gb Paging File | 9,09 Gb Available in Paging File | 79,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,15 Gb Total Space | 615,04 Gb Free Space | 89,90% Space Free | Partition Type: NTFS
Drive D: | 14,19 Gb Total Space | 1,56 Gb Free Space | 10,97% Space Free | Partition Type: NTFS
Drive I: | 7,49 Gb Total Space | 3,01 Gb Free Space | 40,22% Space Free | Partition Type: FAT32
Computer Name: FRANKIE-HP | User Name: Frankie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3495674402-3954303839-1852778492-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A9F4FD8-2C04-43FD-94CE-CF1684829945}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{86D4AC1A-C4C5-455A-8075-70769E8996C0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0384179E-EE64-4793-A824-3E616FD24365}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{0C456F56-8B8D-42BE-9781-37616883253F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0FDE8D9B-20BD-4F75-8D94-34EA93DA4EEC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{16218286-2BB8-4B8D-8840-8C9F93020A25}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2203E2AB-C3AA-4F3A-9491-93DA83FCF19B}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{231DB6F7-DBB4-4214-84F1-E4DC21A3D840}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{2663056F-D919-4CE2-879C-F34BF3A2351A}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{30C089CD-72FA-4EC1-9386-2AE3E6D4A3B1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{3499CA10-C3FD-46E3-87CD-2BF3DB0B6036}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{38DF6D54-D698-4D9F-B904-3AAA15C1D031}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{38FD1BF1-5A0D-46EF-BF74-697C2A131427}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{5C5864FF-C884-4C93-8820-3FA561CCD4F8}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{630C7EA7-17F2-437A-BA76-C37D7E3150C1}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{68DC1ED1-E248-4038-A2B7-C2FAD7EA74DD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{699BB4C9-CE53-4782-A2D5-39A82AE5E198}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{87D29FC9-1081-48B8-B994-BE7DCF0349B3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9116302B-2585-4311-80BD-5321E19D70C5}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{922AECE3-151F-4D1E-BE88-3DE8763852A9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9747D505-3CC9-455F-9E29-E64CD64D5DE6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9F935242-9ECC-43B6-B25A-66286C408719}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B66DF1DA-8E55-42B0-B7AA-A5B6EEEE5866}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{D062D3F1-1A28-4B30-82AD-836C47385407}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.5\icq.exe |
"{D691136C-0ED4-4D3D-A7FE-F33CD616F3E4}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"TCP Query User{EDD6531B-4854-4DA9-A9C5-5197AEB32543}C:\users\frankie\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\frankie\appdata\roaming\spotify\spotify.exe |
"TCP Query User{F8D330FD-3050-49A6-8B2D-31D5A75ADC5B}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{BCF3C86A-3EEA-4B3C-8F28-8D35BF44B2E8}C:\users\frankie\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\frankie\appdata\roaming\spotify\spotify.exe |
"UDP Query User{FDDA62EA-1636-490C-8A44-607DE743D997}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{40DB28C5-3C37-72E8-BE8F-82104E97EFCC}" = AMD Fuel
"{42A2FD03-F0C7-6DD5-8D7B-EBAA992F12AA}" = WMV9/VC-1 Video Playback
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java(TM) SE Development Kit 7 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E53B80F-4137-5F27-B4C4-88641B1E7F10}" = ccc-utility64
"{7FBA6627-88F8-0AE0-9326-FB8488DD26E0}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON SX125 Series" = Druckerdeinstallation für EPSON SX125 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.5 Build #5259 Banner Remover 1.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{143774AF-ED46-EF8E-A9C5-516D67A484C2}" = CCC Help Korean
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{28B8E509-8E2A-A274-B59F-1D892778CBB6}" = CCC Help Chinese Traditional
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294C2687-77C0-4E1D-83DE-97680786602C}" = HP Quick Launch
"{2C93DDCA-E6BB-977B-8C55-724C1DA25C21}" = CCC Help Norwegian
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30DDA988-6BCC-8B14-E0BB-026DA821EC23}" = CCC Help Czech
"{311295C1-80F9-D8B6-06E4-5CBD2492460E}" = CCC Help Dutch
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34A59718-E873-CE8E-718C-D56B341DD14D}" = CCC Help German
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{371794E8-423C-52DD-ED06-9385469EA274}" = CCC Help Swedish
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{384FA0C0-BB19-4CA0-8DB4-5FD4E938277F}" = Notification Center
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{39EAEE16-AF24-CF47-3BD1-7B048A5DABD3}" = CCC Help English
"{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}" = Epson Easy Photo Print 2
"{3C7F25C6-6BCB-7F39-BC81-48A8B5F38EDD}" = CCC Help French
"{3FE1B94B-FB1C-1AF3-4DC2-EB5F4DB56A30}" = CCC Help Chinese Standard
"{45160C56-61F6-468D-A5B0-9FAE2C3E68D6}" = Catalyst Control Center - Branding
"{456D64EB-7E2A-FF45-EFA9-439EB529A105}" = CCC Help Greek
"{4798F9E7-BE3A-3EBF-BDF2-6751C8C38503}" = CCC Help Italian
"{483539DB-FA71-4C45-8438-55D3DCFDECC8}" = HP Software Framework
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5184A194-BA95-0411-A13C-468097CD4A06}" = Catalyst Control Center InstallProxy
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58327844-EEAB-8C79-CA64-6C3623DEF11B}" = CCC Help Polish
"{601E6B37-4FF1-FC93-F48F-F73D29040AD4}" = CCC Help Japanese
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}" = HP Documentation
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710870E4-16ED-AC81-71CF-8941963E0776}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72737A9E-FAC6-01F9-C0F3-88F6DB538607}" = CCC Help Russian
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}" = Mysteryville 2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78E5E045-D6EB-57CD-02F8-F55E79882790}" = CCC Help Danish
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8BE8CC83-C423-BF43-C1A0-9C072E3785B7}" = ccc-core-static
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9761AC3A-7B7C-4ACB-8F02-140308012C4D}_is1" = FormPrinter
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B35FC82A-6C05-45B0-DDE5-8DF62422E703}" = CCC Help Turkish
"{B65FCAA5-F3A6-4B3F-ABEE-CBC2B085796B}" = HP Connection Manager
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD3F5161-C40B-CA50-F82A-1F4417EE722D}" = CCC Help Spanish
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C0BD6A24-3110-E1DE-45B2-C7FC14F4DC76}" = CCC Help Thai
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D4414765-E8CD-518B-91E8-FA7C76CD2AE2}" = CCC Help Hungarian
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DC6B510F-7EA2-8171-55E0-6A76B46CA17D}" = CCC Help Portuguese
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB120C5A-42D2-C901-FF0C-D0DBDD07E9BD}" = Catalyst Control Center Graphics Previews Common
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EEF4EAB8-D049-FD0A-02BD-F9F42C49551F}" = CCC Help Finnish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1BB1C5F-E94E-454C-B385-23016566644F}" = HP On Screen Display
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE163F11-1919-4257-A280-FF5AF8DAEECB}" = ICQ Sparberater
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AudibleDownloadManager" = Audible Download Manager
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DivX Setup" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"DPP" = Canon Utilities Digital Photo Professional 3.10
"EasyBits Magic Desktop" = Magic Desktop
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"EPSON Scanner" = EPSON Scan
"EPSON SX125 Series Manual" = EPSON SX125 Series Handbuch
"FileZilla Client" = FileZilla Client 3.6.0.1
"Fliqlo" = Fliqlo Screen Saver
"Free Video Converter_is1" = Free Video Converter V 3.1
"Free YouTube Download_is1" = Free YouTube Download version 3.1.41.1201
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Glarysoft Toolbar" = Glarysoft Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PhotoScape" = PhotoScape
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087490" = Jewel Quest Solitaire
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089460" = Mystery P.I. - The London Caper
"WT089484" = Namco All-Stars PAC-MAN
"WT089492" = Crazy Chicken Kart 2
"WT089493" = Fishdom
"WT089497" = Big Rig Europe
"Youda Legend" = Youda Legend
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3495674402-3954303839-1852778492-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.03.2013 11:50:07 | Computer Name = Frankie-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 26.03.2013 11:51:19 | Computer Name = Frankie-HP | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.SystemException: Cannot
create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich
beendet --- Ende der internen Ausnahmestapelüberwachung --- bei BlueStacks.hyperDroid.Service.Service.OnStart(String[]
args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 26.03.2013 11:51:23 | Computer Name = Frankie-HP | Source = WinMgmt | ID = 10
Description =
Error - 26.03.2013 11:52:48 | Computer Name = Frankie-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 26.03.2013 11:56:01 | Computer Name = Frankie-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 26.03.2013 11:56:01 | Computer Name = Frankie-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 26.03.2013 11:56:01 | Computer Name = Frankie-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 26.03.2013 11:57:54 | Computer Name = Frankie-HP | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.SystemException: Cannot
create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich
beendet --- Ende der internen Ausnahmestapelüberwachung --- bei BlueStacks.hyperDroid.Service.Service.OnStart(String[]
args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 26.03.2013 11:58:15 | Computer Name = Frankie-HP | Source = WinMgmt | ID = 10
Description =
Error - 26.03.2013 11:59:47 | Computer Name = Frankie-HP | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
[ Hewlett-Packard Events ]
Error - 27.11.2012 08:52:58 | Computer Name = Frankie-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
5882 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)
Error - 27.11.2012 08:52:58 | Computer Name = Frankie-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
5882 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)
Error - 27.11.2012 08:52:59 | Computer Name = Frankie-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
5882 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)
Error - 27.11.2012 08:52:59 | Computer Name = Frankie-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
5882 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)
Error - 27.11.2012 08:53:00 | Computer Name = Frankie-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
5882 Ram Utilization: TargetSite: Void loadActiveCheckResult(Boolean)
Error - 27.11.2012 08:53:00 | Computer Name = Frankie-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
5882 Ram Utilization: 50 TargetSite: Void loadActiveCheckResult(Boolean)
Error - 27.11.2012 08:53:01 | Computer Name = Frankie-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
5882 Ram Utilization: 50 TargetSite: Void loadActiveCheckResult(Boolean)
Error - 27.11.2012 08:53:01 | Computer Name = Frankie-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
5882 Ram Utilization: 50 TargetSite: Void loadActiveCheckResult(Boolean)
Error - 27.11.2012 08:53:02 | Computer Name = Frankie-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
5882 Ram Utilization: 50 TargetSite: Void loadActiveCheckResult(Boolean)
Error - 27.11.2012 08:53:02 | Computer Name = Frankie-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
StackTrace:
bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE
RAM:
5882 Ram Utilization: 50 TargetSite: Void loadActiveCheckResult(Boolean)
[ HP Connection Manager Events ]
Error - 24.03.2013 17:38:31 | Computer Name = Frankie-HP | Source = hpCMSrv | ID = 5
Description = 2013/03/24 22:38:31.388|00001508|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 25.03.2013 17:47:50 | Computer Name = Frankie-HP | Source = hpCMSrv | ID = 5
Description = 2013/03/25 22:47:50.201|0000173C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 25.03.2013 17:54:05 | Computer Name = Frankie-HP | Source = hpCMSrv | ID = 5
Description = 2013/03/25 22:54:05.146|00001528|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 26.03.2013 07:02:18 | Computer Name = Frankie-HP | Source = hpCMSrv | ID = 5
Description = 2013/03/26 12:02:18.261|00000340|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 26.03.2013 09:40:53 | Computer Name = Frankie-HP | Source = hpCMSrv | ID = 5
Description = 2013/03/26 14:40:53.693|000010AC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 26.03.2013 09:40:55 | Computer Name = Frankie-HP | Source = hpCMSrv | ID = 5
Description = 2013/03/26 14:40:55.316|000010AC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 26.03.2013 11:50:11 | Computer Name = Frankie-HP | Source = hpCMSrv | ID = 5
Description = 2013/03/26 16:50:11.793|00000574|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 26.03.2013 11:56:16 | Computer Name = Frankie-HP | Source = hpCMSrv | ID = 5
Description = 2013/03/26 16:56:16.656|00000F20|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 26.03.2013 11:56:51 | Computer Name = Frankie-HP | Source = hpCMSrv | ID = 5
Description = 2013/03/26 16:56:51.225|00000F20|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 26.03.2013 11:56:53 | Computer Name = Frankie-HP | Source = hpCMSrv | ID = 5
Description = 2013/03/26 16:56:53.128|00000F20|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
[ HP Software Framework Events ]
Error - 16.05.2012 04:17:24 | Computer Name = Frankie-HP | Source = CaslWmi | ID = 5
Description = 2012.05.16 10:17:24.959|00000504|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 17.05.2012 08:22:41 | Computer Name = Frankie-HP | Source = CaslWmi | ID = 5
Description = 2012.05.17 14:22:41.849|00000B34|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 18.05.2012 08:15:20 | Computer Name = Frankie-HP | Source = CaslWmi | ID = 5
Description = 2012.05.18 14:15:20.300|00001530|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 19.05.2012 07:48:31 | Computer Name = Frankie-HP | Source = CaslWmi | ID = 5
Description = 2012.05.19 13:48:31.147|00000340|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 19.05.2012 15:12:10 | Computer Name = Frankie-HP | Source = CaslWmi | ID = 5
Description = 2012.05.19 21:12:10.761|000015B4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 20.05.2012 06:21:41 | Computer Name = Frankie-HP | Source = CaslWmi | ID = 5
Description = 2012.05.20 12:21:41.055|0000098C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 21.05.2012 08:17:04 | Computer Name = Frankie-HP | Source = CaslWmi | ID = 5
Description = 2012.05.21 14:17:04.308|000008CC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 22.05.2012 08:25:42 | Computer Name = Frankie-HP | Source = CaslWmi | ID = 5
Description = 2012.05.22 14:25:42.461|00000B28|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 22.05.2012 08:35:48 | Computer Name = Frankie-HP | Source = CaslWmi | ID = 5
Description = 2012.05.22 14:35:48.928|00000E78|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 22.05.2012 08:35:51 | Computer Name = Frankie-HP | Source = CaslWmi | ID = 5
Description = 2012.05.22 14:35:51.989|00000F64|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
[ System Events ]
Error - 26.03.2013 11:51:19 | Computer Name = Frankie-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
Error - 26.03.2013 11:57:54 | Computer Name = Frankie-HP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
< End of report >
|
|
26.03.2013, 21:39
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Adware Win32 Pricegong Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2013, 17:24
| #15 |
| | Adware Win32 Pricegong Das freut mich, aber der ESET Online Scanner hat nochmal zwei Funde gemacht. Keine Ahnung, ob da jetzt noch Bedarf besteht bzw. die gefährlich sind. Aber sind nur zwei Zip Dateien, die ich für mein Handy mal brauchte ^^ Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.27.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Frankie :: FRANKIE-HP [Administrator] 27.03.2013 13:17:08 mbam-log-2013-03-27 (13-17-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213507 Laufzeit: 3 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9229f02505aef5428514b4236859ec17
# engine=13495
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-27 04:17:39
# local_time=2013-03-27 05:17:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1286 16777213 100 98 19042 19167381 0 0
# compatibility_mode=5893 16776573 100 94 92330 116030909 0 0
# scanned=207033
# found=2
# cleaned=0
# scan_time=13707
sh=2C5639BF9C885B8C19902816CDAA4FAA3320D174 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Frankie\Downloads\SuperOneClickv2.2-ShortFuse(1).zip"
sh=DABC496087B7222617D5EB655D492C15988AEBAD ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Frankie\Downloads\SuperOneClickv2.2-ShortFuse.zip"
|
|
| Themen zu Adware Win32 Pricegong |
| adware, anhang, bildschirmschoner, einfach, files, gmer, herunterfahren, hängen, kaspersky, klicke, laptop, löschen, meldet, neustarten, notebook, online, passwörter, problem, win, win32, windows, woche, wochen, zuviel |
Linear-Darstellung
