| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Sicherheitswarnung Telekom wegen Zeus ZbotWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.04.2013, 20:21
| #1 |
 |  Sicherheitswarnung Telekom wegen Zeus Zbot Hallo, ich hoffe, ihr könnt mir weiterhelfen... Meine Eltern haben heute eine Email von der Telekom erhalten, die offenbar anderen Beiträgen nach zu urteilen, authentisch ist. Demzufolge liegt eine Infektion mit Zeus / Zbot vor. Ich versuche nun gerade per Telefonanweisung mit ihnen herauszufinden, was da los ist. Es handelt sich um zwei Laptops, die an einem Router hängen. Die Email hat meine Mutter erhalten, die auch als einzige die betreffende Email-Adresse der Telekom verwendet. Der Rechner meiner Mutter ist allerdings ganz frisch aufgesetzt (ca. eine Woche), auf aktuellstem Stand (Windows 8) und mit Avira Premium geschützt. Avira findet nichts, Malwarebytes ebensowenig. Hijackthis moniert, der Internet Explorer sei nicht aktuell (müsste er aber sein), und gibt dreimal Warnungen bei Systemdateien, bei denen es aber wohl nur nicht erkennt, dass sie im windows32-Ordner liegen. Neben dem roten Kreuz steht als Wertung dort jeweils auch "sicher". Bei meinem Vater, der eigentlich schludriger ist, findet Malwarebytes auch nicht, Hijackthis ist wie bei Muttern, nur mit der Ausnahme, dass dort wextract_cleanuop0 als schädlich tituliert wird. (Ganze Logfiles posten würde in Riesenstress ausarten... Ich hoffe, das ist so auch schon aufschlussreich.) Meine Fragen: - Kann das Problem von beiden Rechnern ausgehen, oder lässt sich klar bestimmen, welcher es ist? (Haben beide dieselbe IP? Ich habe keine Ahnung...) - Wie aussagekräftig ist es, wenn HJT und MB nichts finden? - Ist es sinnvoll, ein Removal-Tool einzusetzen? (Sprich: Würde es den Verursacher ausfindig machen?) Bei dem schuldigen Rechner würde ich auf jeden Fall das System plätten, aber ich würde halt gern herausbekommen, welcher es ist... Habt ihr sonst Ratschläge, wie ich vorgehen kann? Meine Eltern brauchen den Rechner dringend, und ich stehe gewaltig unter Strom hier... Danke!!! Update: Das Removal-Tool von Bitdefender sagt, beide Rechner seien sauber. Lasse jetzt gerade auch das von AVG noch drüberlaufen. Geändert von aethelstan (08.04.2013 um 20:54 Uhr) |
|
09.04.2013, 02:22
| #2 | ||||
| /// TB-Ausbilder   | Sicherheitswarnung Telekom wegen Zeus Zbot Hi,
__________________Zitat:
Zitat:
Zitat:
 Zitat:
Wenn du einen Weg findest, auf beiden Rechnern einen OTL-Scan durchführen zu lassen und dann die Logs hier zu posten, kann ich eine Aussage wagen. Du kannst doch deinen Eltern folgende Anleitung mitteilen und sie schicken dir dann die Logs zurück und du postest sie hier.. Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
__________________ |
|
09.04.2013, 06:02
| #3 |
| | Sicherheitswarnung Telekom wegen Zeus Zbot Hallo, und schon einmal vielen Dank so weit und dafür, dass ihr euch hier die ganze Mühe macht!
__________________Ich lasse mir nachher beide Rechner vorbeibringen und mache das dann sofort. Muss allerdings erst arbeiten, aber da müssen meine Eltern dann halt mal durch... Die Removal Tools von Bitdefender und AVG habe ich übrigens noch testen lassen, die haben jeweils nicht entdeckt, auch ein Eset-Onlinescan war ohne Befund. Aber das dann nur als Randnotiz. |
|
09.04.2013, 13:39
| #4 | |
| /// TB-Ausbilder | Sicherheitswarnung Telekom wegen Zeus ZbotZitat:
 Sobald die OTL-Logs da sind, werf ich mal einen Blick rein.
__________________ cheers, Leo |
|
09.04.2013, 19:05
| #5 |
| | Sicherheitswarnung Telekom wegen Zeus Zbot --- Geändert von aethelstan (09.04.2013 um 19:27 Uhr) Grund: doppelt |
|
09.04.2013, 19:06
| #6 |
| | Sicherheitswarnung Telekom wegen Zeus Zbot So, da bin ich wieder. Zwischenzeitlich hat mein Vater sich daran erinnert, dass er im fraglichen Zeitraum mit seinem alten Laptop rumgespielt hat, das wir deshalb nun als Hauptverdächtigen ausgemacht haben. Nichtsdestotrotz möchte ich natürlich in Erfahrung bringen, ob die anderen beiden okay sind. Daher hier die OTL-Logfiles - ich füge sie mal als Anhang an, und hoffe das ist okay so. (Die Rechner- und Benutzernamen habe ich jeweils anonymisiert. Mehr persönliche Daten stehen ja nicht drin, oder?) Vorher hier auch noch kurz der Inhalt der Mail von der Telekom: Code:
ATTFilter Kundennummer:
| Anschlussinhaber:
Sehr geehrte Kundin,
sehr geehrter Kunde,
unsere Sicherheitsexperten haben zuverlässige Hinweise, dass sich über
Ihren Internetanschluss, ein Computer ins Internet einwählt, der mit
dem Schadprogramm "ZeuS/ZBot" (Online-Banking-Trojaner) infiziert wurde.
Dadurch stellt für Sie zur Zeit jeder Online-Einkauf, jeder
Geldtransfer per Onlinebanking und jeder Austausch in sozialen
Netzwerken ein erhebliches Sicherheitsrisiko dar.
Den Hinweis auf Ihren Anschluss und die IP-Adresse haben wir von
externen Sicherheitsexperten erhalten, mit denen wir zusammenarbeiten,
um unsere Kunden zu schützen. Folgende IP-Adresse war zum Zeitpunkt des
Versands von schädlichen E-Mails Ihrer Zugangsnummer zugeordnet...
Rechner 1 - OTL.exe OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.04.2013 19:41:42 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,48 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 52,39% Memory free 6,96 Gb Paging File | 4,95 Gb Available in Paging File | 71,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 653,00 Gb Total Space | 621,46 Gb Free Space | 95,17% Space Free | Partition Type: NTFS Drive D: | 24,14 Gb Total Space | 21,28 Gb Free Space | 88,19% Space Free | Partition Type: NTFS Computer Name: MICKMETT-PC | User Name: mickmett | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.09 19:41:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mickmett\Desktop\OTL.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe PRC - [2011.11.03 19:33:06 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe PRC - [2011.10.12 09:53:36 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe PRC - [2011.09.28 01:23:10 | 005,458,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe PRC - [2011.09.21 08:28:30 | 002,793,040 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe PRC - [2011.09.06 10:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe PRC - [2011.09.06 10:35:54 | 001,087,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe PRC - [2011.08.19 06:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe PRC - [2011.08.17 09:19:18 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011.06.24 10:52:30 | 004,403,280 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe PRC - [2010.11.24 04:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe PRC - [2010.09.20 05:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe PRC - [2009.11.02 07:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe ========== Modules (No Company Name) ========== MOD - [2011.02.16 18:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll MOD - [2010.05.07 16:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll MOD - [2009.11.02 07:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 07:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.10.13 22:30:44 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.09.22 11:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.03.28 21:56:38 | 000,116,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate) SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc) SRV - [2010.11.24 04:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS) SRV - [2010.06.01 08:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.03 19:42:24 | 000,174,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2011.10.13 23:37:30 | 010,496,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.10.13 21:52:50 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.10.12 09:53:50 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2011.08.31 20:02:36 | 000,197,416 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011.08.17 22:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2011.08.17 09:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2011.08.03 13:57:04 | 002,768,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.07.06 07:16:24 | 000,289,704 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.06.16 21:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2011.06.16 21:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2011.05.17 08:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.04.11 12:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.01 07:24:00 | 000,382,072 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symnets.sys -- (SymNetS) DRV:64bit: - [2010.11.23 06:08:32 | 000,735,864 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtsp64.sys -- (SRTSP) DRV:64bit: - [2010.11.23 06:08:32 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.18 07:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.11.18 04:59:55 | 000,802,864 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SymEFA64.sys -- (SymEFA) DRV:64bit: - [2010.11.16 03:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\Ironx64.sys -- (SymIRON) DRV:64bit: - [2010.10.21 04:28:36 | 000,450,608 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SymDS64.sys -- (SymDS) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2011.08.10 18:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110811.024\ex64.sys -- (NAVEX15) DRV - [2011.08.10 18:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110811.024\eng64.sys -- (NAVENG) DRV - [2010.11.23 06:21:16 | 000,953,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys -- (BHDrvx64) DRV - [2010.11.11 03:46:29 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSviA64.sys -- (IDSVia64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-983883370-204824152-491102941-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\mickmett\Desktop IE - HKU\S-1-5-21-983883370-204824152-491102941-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKU\S-1-5-21-983883370-204824152-491102941-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-983883370-204824152-491102941-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-983883370-204824152-491102941-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2013.04.08 23:44:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011.11.03 19:41:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.08 19:51:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.04.08 19:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mickmett\AppData\Roaming\mozilla\Extensions O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll (Symantec Corporation) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-983883370-204824152-491102941-1000..\Run: [BrowserChoice] "C:\Windows\System32\browserchoice.exe" /run File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D96E33C9-9C49-41B5-9CCB-F54ED90CC9D8}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.09 19:41:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mickmett\Desktop\OTL.exe [2013.04.09 19:18:45 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys [2013.04.09 19:18:45 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll [2013.04.09 19:15:14 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browserchoice.exe [2013.04.09 19:07:58 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll [2013.04.09 19:07:58 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll [2013.04.09 19:07:58 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll [2013.04.09 19:07:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll [2013.04.09 19:06:37 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll [2013.04.09 19:06:37 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe [2013.04.09 19:06:37 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll [2013.04.09 19:06:37 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll [2013.04.09 19:04:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2013.04.09 19:04:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2013.04.09 19:04:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2013.04.09 19:04:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2013.04.09 19:04:22 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2013.04.09 19:04:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2013.04.09 19:04:21 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2013.04.09 19:04:21 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2013.04.09 19:04:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2013.04.09 19:04:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2013.04.09 19:04:20 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2013.04.09 19:04:20 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2013.04.09 19:04:19 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2013.04.09 19:04:19 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2013.04.09 19:04:18 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2013.04.09 19:03:29 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll [2013.04.09 19:03:29 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys [2013.04.09 06:40:28 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2013.04.09 06:40:27 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2013.04.09 06:40:27 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2013.04.09 06:40:20 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll [2013.04.09 06:40:20 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll [2013.04.09 06:40:19 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll [2013.04.09 06:40:08 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\poqexec.exe [2013.04.09 06:40:08 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\poqexec.exe [2013.04.09 06:40:07 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll [2013.04.09 06:40:07 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll [2013.04.09 06:40:07 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll [2013.04.09 06:39:50 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\quartz.dll [2013.04.09 06:39:50 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\quartz.dll [2013.04.09 06:39:50 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll [2013.04.09 06:39:50 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll [2013.04.09 06:39:47 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntshrui.dll [2013.04.09 06:39:45 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll [2013.04.09 06:39:45 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll [2013.04.09 06:39:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\csrsrv.dll [2013.04.09 06:39:39 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\timedate.cpl [2013.04.09 06:39:39 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\timedate.cpl [2013.04.09 06:39:34 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\RNDISMP.sys [2013.04.09 06:39:33 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys [2013.04.09 06:39:32 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll [2013.04.09 06:39:32 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll [2013.04.09 06:39:32 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe [2013.04.09 06:39:31 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll [2013.04.09 06:39:31 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll [2013.04.09 06:39:31 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll [2013.04.09 06:39:31 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll [2013.04.09 06:39:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll [2013.04.09 06:39:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll [2013.04.09 06:39:27 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll [2013.04.09 06:39:27 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll [2013.04.09 06:39:27 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll [2013.04.09 06:39:27 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll [2013.04.09 06:39:26 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll [2013.04.09 06:39:26 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll [2013.04.09 06:38:58 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll [2013.04.09 06:38:58 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll [2013.04.09 06:38:58 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2013.04.09 06:38:57 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll [2013.04.09 06:38:56 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll [2013.04.09 06:38:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe [2013.04.09 06:38:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll [2013.04.09 06:38:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe [2013.04.09 06:38:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll [2013.04.09 06:38:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe [2013.04.09 06:38:53 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OxpsConverter.exe [2013.04.09 06:38:06 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll [2013.04.09 06:38:05 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys [2013.04.09 06:38:05 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS [2013.04.09 06:38:03 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll [2013.04.09 06:38:03 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs [2013.04.09 06:38:03 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs [2013.04.09 06:38:03 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs [2013.04.09 06:38:03 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs [2013.04.09 06:38:03 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs [2013.04.09 06:38:03 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs [2013.04.09 06:38:03 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs [2013.04.09 06:38:03 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs [2013.04.09 06:38:03 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs [2013.04.09 06:38:03 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs [2013.04.09 06:38:03 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs [2013.04.09 06:38:03 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs [2013.04.09 06:38:03 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs [2013.04.09 06:38:03 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs [2013.04.09 06:38:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs [2013.04.09 06:38:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs [2013.04.09 06:38:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs [2013.04.09 06:38:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs [2013.04.09 06:38:03 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs [2013.04.09 06:38:03 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs [2013.04.09 06:38:02 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll [2013.04.09 06:38:02 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll [2013.04.09 06:38:02 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll [2013.04.09 06:38:02 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs [2013.04.09 06:38:02 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs [2013.04.09 06:38:02 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs [2013.04.09 06:38:02 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs [2013.04.09 06:38:02 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs [2013.04.09 06:38:02 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs [2013.04.09 06:38:02 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs [2013.04.09 06:38:02 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs [2013.04.09 06:37:51 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisdecd.dll [2013.04.09 06:37:51 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisdecd.dll [2013.04.09 06:37:51 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\psisrndr.ax [2013.04.09 06:37:50 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\psisrndr.ax [2013.04.09 06:37:04 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll [2013.04.09 06:36:58 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll [2013.04.09 06:36:58 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2013.04.09 06:36:58 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe [2013.04.09 06:36:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.04.09 06:36:57 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll [2013.04.09 06:36:57 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll [2013.04.09 06:36:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll [2013.04.09 06:36:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll [2013.04.09 06:36:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.04.09 06:36:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.04.09 06:36:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.04.09 06:36:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.04.09 06:36:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.04.09 06:36:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.04.09 06:36:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.04.09 06:36:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.04.09 06:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.04.09 06:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.04.09 06:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.04.09 06:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.04.09 06:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.04.09 06:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.04.09 06:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.04.09 06:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.04.09 06:36:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.04.09 06:36:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.04.09 06:36:40 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll [2013.04.09 06:36:40 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll [2013.04.09 06:36:40 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe [2013.04.09 06:36:34 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netapi32.dll [2013.04.09 06:36:34 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browcli.dll [2013.04.09 06:36:34 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\browcli.dll [2013.04.09 06:36:33 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\srcore.dll [2013.04.09 06:36:14 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvcrt.dll [2013.04.09 06:36:12 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll [2013.04.09 06:36:09 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll [2013.04.09 06:36:09 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleacc.dll [2013.04.09 06:36:08 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDec.dll [2013.04.09 06:36:08 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\EncDec.dll [2013.04.09 06:36:04 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll [2013.04.09 06:36:04 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll [2013.04.09 06:36:00 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntdll.dll [2013.04.09 06:35:59 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\splwow64.exe [2013.04.09 06:35:56 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll [2013.04.09 06:35:56 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll [2013.04.09 06:35:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll [2013.04.09 06:35:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll [2013.04.08 23:57:20 | 000,000,000 | ---D | C] -- C:\Users\mickmett\Documents\mbar-1.01.0.1022 [2013.04.08 23:48:35 | 000,000,000 | ---D | C] -- C:\Users\mickmett\AppData\Local\CrashDumps [2013.04.08 23:32:12 | 000,000,000 | ---D | C] -- C:\Users\mickmett\AppData\Local\Samsung [2013.04.08 22:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.04.08 20:33:44 | 000,000,000 | ---D | C] -- C:\Users\mickmett\AppData\Roaming\Malwarebytes [2013.04.08 20:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.08 20:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.08 20:33:38 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.04.08 20:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.08 20:33:06 | 000,000,000 | ---D | C] -- C:\Users\mickmett\AppData\Local\Programs [2013.04.08 19:44:58 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcore.dll [2013.04.08 19:44:58 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdpcore.dll [2013.04.08 19:40:40 | 000,000,000 | ---D | C] -- C:\Users\mickmett\AppData\Roaming\Thunderbird [2013.04.08 19:40:40 | 000,000,000 | ---D | C] -- C:\Users\mickmett\AppData\Local\Thunderbird [2013.04.08 19:40:40 | 000,000,000 | ---D | C] -- C:\Users\mickmett\AppData\Roaming\Mozilla [2013.04.08 19:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.04.08 19:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.04.08 19:40:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.04.08 19:38:36 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll [2013.04.08 19:38:36 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe [2013.04.08 19:38:36 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll [2013.04.08 19:38:29 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll [2013.04.08 19:38:29 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll [2013.04.08 19:38:29 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll [2013.04.08 19:38:23 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll [2013.04.08 19:38:23 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe [2013.04.08 19:30:36 | 000,000,000 | ---D | C] -- C:\Users\mickmett\AppData\Roaming\Macromedia [2013.04.08 19:30:35 | 000,000,000 | ---D | C] -- C:\Users\mickmett\AppData\Roaming\Adobe [2013.04.08 19:27:30 | 000,000,000 | ---D | C] -- C:\Users\mickmett\AppData\Roaming\ATI [2013.04.08 19:27:30 | 000,000,000 | ---D | C] -- C:\Users\mickmett\AppData\Local\ATI [2013.04.08 19:26:31 | 000,000,000 | ---D | C] -- C:\Users\mickmett\AppData\Local\Power2Go [2013.04.08 19:26:06 | 000,000,000 | R--D | C] -- C:\Users\mickmett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.04.08 19:26:06 | 000,000,000 | R--D | C] -- C:\Users\mickmett\Searches [2013.04.08 19:26:06 | 000,000,000 | R--D | C] -- C:\Users\mickmett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.04.08 19:25:57 | 000,000,000 | ---D | C] -- C:\Users\mickmett\AppData\Roaming\Identities [2013.04.08 19:25:55 | 000,000,000 | R--D | C] -- C:\Users\mickmett\Contacts [2013.04.08 19:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.04.08 19:25:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.08 19:25:33 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.04.08 19:25:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.04.08 19:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech [2013.04.08 19:25:06 | 000,000,000 | ---D | C] -- C:\Users\mickmett\AppData\Local\VirtualStore [2013.04.08 19:24:33 | 000,000,000 | --SD | C] -- C:\Users\mickmett\AppData\Roaming\Microsoft [2013.04.08 19:24:33 | 000,000,000 | R--D | C] -- C:\Users\mickmett\Videos [2013.04.08 19:24:33 | 000,000,000 | R--D | C] -- C:\Users\mickmett\Saved Games [2013.04.08 19:24:33 | 000,000,000 | R--D | C] -- C:\Users\mickmett\Pictures [2013.04.08 19:24:33 | 000,000,000 | R--D | C] -- C:\Users\mickmett\Music [2013.04.08 19:24:33 | 000,000,000 | R--D | C] -- C:\Users\mickmett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.04.08 19:24:33 | 000,000,000 | R--D | C] -- C:\Users\mickmett\Links [2013.04.08 19:24:33 | 000,000,000 | R--D | C] -- C:\Users\mickmett\Favorites [2013.04.08 19:24:33 | 000,000,000 | R--D | C] -- C:\Users\mickmett\Downloads [2013.04.08 19:24:33 | 000,000,000 | R--D | C] -- C:\Users\mickmett\Documents [2013.04.08 19:24:33 | 000,000,000 | R--D | C] -- C:\Users\mickmett\Desktop [2013.04.08 19:24:33 | 000,000,000 | R--D | C] -- C:\Users\mickmett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.04.08 19:24:33 | 000,000,000 | -HSD | C] -- C:\Users\mickmett\Vorlagen [2013.04.08 19:24:33 | 000,000,000 | -HSD | C] -- C:\Users\mickmett\AppData\Local\Verlauf [2013.04.08 19:24:33 | 000,000,000 | -HSD | C] -- C:\Users\mickmett\AppData\Local\Temporary Internet Files [2013.04.08 19:24:33 | 000,000,000 | -HSD | C] -- C:\Users\mickmett\Startmenü [2013.04.08 19:24:33 | 000,000,000 | -HSD | C] -- C:\Users\mickmett\SendTo [2013.04.08 19:24:33 | 000,000,000 | -HSD | C] -- C:\Users\mickmett\Recent [2013.04.08 19:24:33 | 000,000,000 | -HSD | C] -- C:\Users\mickmett\Netzwerkumgebung [2013.04.08 19:24:33 | 000,000,000 | -HSD | C] -- C:\Users\mickmett\Lokale Einstellungen [2013.04.08 19:24:33 | 000,000,000 | -HSD | C] -- C:\Users\mickmett\Documents\Eigene Videos [2013.04.08 19:24:33 | 000,000,000 | -HSD | C] -- C:\Users\mickmett\Documents\Eigene Musik [2013.04.08 19:24:33 | 000,000,000 | -HSD | C] -- C:\Users\mickmett\Eigene Dateien [2013.04.08 19:24:33 | 000,000,000 | -HSD | C] -- C:\Users\mickmett\Documents\Eigene Bilder [2013.04.08 19:24:33 | 000,000,000 | -HSD | C] -- C:\Users\mickmett\Druckumgebung [2013.04.08 19:24:33 | 000,000,000 | -HSD | C] -- C:\Users\mickmett\Cookies [2013.04.08 19:24:33 | 000,000,000 | -HSD | C] -- C:\Users\mickmett\AppData\Local\Anwendungsdaten [2013.04.08 19:24:33 | 000,000,000 | -HSD | C] -- C:\Users\mickmett\Anwendungsdaten [2013.04.08 19:24:33 | 000,000,000 | -H-D | C] -- C:\Users\mickmett\AppData [2013.04.08 19:24:33 | 000,000,000 | ---D | C] -- C:\Users\mickmett\AppData\Local\Temp [2013.04.08 19:24:33 | 000,000,000 | ---D | C] -- C:\Users\mickmett\AppData\Local\Microsoft [2013.04.08 19:24:33 | 000,000,000 | ---D | C] -- C:\Users\mickmett\AppData\Roaming\Media Center Programs [2013.04.08 19:22:56 | 000,000,000 | -HSD | C] -- C:\Recovery ========== Files - Modified Within 30 Days ========== [2013.04.09 19:42:02 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.09 19:42:02 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.09 19:41:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mickmett\Desktop\OTL.exe [2013.04.09 19:40:40 | 001,472,002 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.04.09 19:40:40 | 000,643,866 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.04.09 19:40:40 | 000,607,190 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.04.09 19:40:40 | 000,126,394 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.04.09 19:40:40 | 000,103,568 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.04.09 19:35:11 | 000,001,746 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2013.04.09 19:33:59 | 000,277,648 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.04.09 19:33:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.04.09 19:33:42 | 3736,993,792 | -HS- | M] () -- C:\hiberfil.sys [2013.04.08 20:33:40 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.08 19:51:58 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2013.04.08 19:25:43 | 000,001,076 | ---- | M] () -- C:\Users\mickmett\Desktop\Ihre Meinung ist wichtig.lnk [2013.04.08 19:24:44 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_305E4A_03QU.mrk [2013.04.08 12:22:48 | 000,159,772 | ---- | M] () -- C:\windows\SysWow64\license.rtf [2013.04.08 12:22:48 | 000,159,772 | ---- | M] () -- C:\windows\SysNative\license.rtf ========== Files Created - No Company Name ========== [2013.04.09 19:35:10 | 000,001,746 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk [2013.04.09 19:18:47 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.04.09 19:06:37 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.04.08 20:33:40 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.08 19:40:38 | 000,002,094 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2013.04.08 19:40:38 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2013.04.08 19:26:20 | 000,001,401 | ---- | C] () -- C:\Users\mickmett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.04.08 19:26:13 | 000,001,435 | ---- | C] () -- C:\Users\mickmett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.04.08 19:25:43 | 000,001,076 | ---- | C] () -- C:\Users\mickmett\Desktop\Ihre Meinung ist wichtig.lnk [2013.04.08 19:24:44 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_305E4A_03QU.mrk [2011.11.03 20:47:41 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2011.11.03 20:03:59 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2011.11.03 19:44:53 | 000,001,276 | ---- | C] () -- C:\windows\HotFixList.ini [2011.11.01 09:00:03 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat [2011.11.01 09:00:03 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat [2011.11.01 09:00:02 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011.10.13 09:53:18 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll [2011.10.13 09:53:02 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OVDecoder.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.04.2013 19:41:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mickmett\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,48 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 52,39% Memory free
6,96 Gb Paging File | 4,95 Gb Available in Paging File | 71,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 653,00 Gb Total Space | 621,46 Gb Free Space | 95,17% Space Free | Partition Type: NTFS
Drive D: | 24,14 Gb Total Space | 21,28 Gb Free Space | 88,19% Space Free | Partition Type: NTFS
Computer Name: MICKMETT-PC | User Name: mickmett | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1346A88D-3E5A-4077-AFAE-D3B072612B4D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{167A9C94-B1D1-493F-A7D3-A96213B1B060}" = rport=137 | protocol=17 | dir=out | app=system |
"{2B03C4FA-1831-456B-B958-C59567CF4C02}" = lport=137 | protocol=17 | dir=in | app=system |
"{2FCDDE62-B991-4196-BB6E-7F1F09BE93BE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{80230E3A-17FA-43A5-9AE0-45613A71E8DF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{867F8D4E-5C25-485A-99E8-D4790794F5C4}" = rport=445 | protocol=6 | dir=out | app=system |
"{87275CE3-E9DC-4AD3-9ABF-776C250529D6}" = lport=138 | protocol=17 | dir=in | app=system |
"{8769F3D2-FBEB-4F99-9ABD-E3D8B51A174C}" = lport=445 | protocol=6 | dir=in | app=system |
"{87C29AEC-A099-42DB-8A43-7C4B7E4FDF23}" = rport=138 | protocol=17 | dir=out | app=system |
"{8CB8640B-5C1D-444A-B969-A40FEEF028E5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9E0F0A2E-FE41-4456-B92E-9CF392063EAF}" = rport=139 | protocol=6 | dir=out | app=system |
"{D3A12754-2A57-4885-842D-8AA3ED44C871}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E282653C-9E48-4137-A835-27A429724CB7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E2D6FCAD-7909-47FA-B711-B741BC7452BC}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08632614-449D-46BF-9C7C-75993019DB5C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1C8CF527-3C14-4CB8-8032-EED52241BFE5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{26DAD5D1-F887-4289-A5FD-EC2CC7C7CC65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27897909-3333-4AB8-8321-4ED5F0AB237E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{300FFBFF-E81A-43F9-AA67-97CD43CFABCD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{39423708-A06D-4510-B154-77772713CC48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3DE67F7C-1488-4DB3-8A2A-45192F3C651A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{43A22EB1-9AB5-4AB2-9D11-159FD8B18279}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B62A0E8-45BC-49F9-BE74-CA06218D7D13}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{7A3A0B59-0B81-4F59-9472-AC71E2B6FA91}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{83E995D2-675E-4D91-AA65-FD55F6DAD774}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B643C5E9-D117-47DF-89E0-DC8BD5C27470}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C26A881E-9965-43B6-B429-38CD0A59E5F5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D2BB4FB1-3B6F-4E99-96DC-654F3AC31DD7}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe |
"{ED99F2DB-07DA-4FFD-B104-0C0FE1271583}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F69DF5DD-8950-4D21-B74F-1BE58D0BC312}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1B4ED54A-A741-5D36-40C6-0DA839CA033F}" = AMD Catalyst Install Manager
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{45E3D837-4855-7F41-A22E-D1D0AEA71EF8}" = AMD Steady Video Plug-In
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{804F1A38-3B3F-7C26-4706-43765849773E}" = ccc-utility64
"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Elantech" = ETDWare PS/2-X64 10.0.7.3_WHQL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{122800FE-3AAF-4974-9FBD-54B023FA756A}" = „Windows Live Messenger“
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17A9BA11-389A-C33D-508E-E0D05186FD2A}" = CCC Help Turkish
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{332C7CD9-34DF-0157-3CBB-B0CA0A3E9F9E}" = CCC Help Spanish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{343A6D63-E943-FFBE-C750-ED20422EC0EC}" = CCC Help Russian
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F357AC3-D10E-5F8E-5F0D-21813283A75B}" = CCC Help Greek
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4215D8AD-4EE5-0BFB-0D8A-A9B8134A2BA5}" = CCC Help English
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{4292173D-CDB8-7562-92FC-6ED59181D210}" = CCC Help German
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48DB5914-8772-472D-B8DF-E2092BE598F6}" = Adobe Flash Player 10 ActiveX
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4CBCDE18-2A92-5076-9C63-C3E70AA8D64F}" = CCC Help Italian
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4EA30BB1-DDB2-2B98-891E-CED9A8132A81}" = CCC Help Thai
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{50EE4129-2B14-D002-92A8-6A0503493B86}" = CCC Help Portuguese
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5E664F04-69B7-242E-E68B-BB1CCAB3836E}" = CCC Help Danish
"{5E8C456C-2FDD-AE39-B9A3-53149E25449B}" = CCC Help Norwegian
"{5F702CEA-61F2-103B-68BF-8B7D38BC55F9}" = Catalyst Control Center Localization All
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{66A98CB1-3256-1191-C302-D2F3FA9DD065}" = CCC Help Polish
"{66B0D063-011A-F89D-5628-F99D71FBD284}" = CCC Help Chinese Traditional
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6B77DDC6-93A8-4730-887E-C8F46728358F}" = Catalyst Control Center - Branding
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{76CD3D3A-3419-B56C-C9ED-49EC12F2520C}" = CCC Help Chinese Standard
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A9A723-239D-B643-C1E3-6F0D17A8F84C}" = Catalyst Control Center InstallProxy
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83D2FFB0-E378-49FE-8A53-580CA7B5761F}" = Windows Live Messenger
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{846267F2-A5EF-2CE6-9FC3-3D24FDE64A2E}" = CCC Help Dutch
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95BB7324-77D3-4BF3-8CF6-29F0857AC175}" = Easy File Share
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B750B5C2-CC17-4967-905B-29F4EB986131}" = Software Launcher
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B8BCB744-89CC-BD99-9740-E317835031C3}" = CCC Help Swedish
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C886C799-FBD0-0A18-E992-DE26B964D727}" = CCC Help French
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47C66BE-0EB5-4587-93FE-D1E176C4B25C}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D8281314-4EEA-B91B-18C7-8A5C37A3E634}" = CCC Help Czech
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE256D8B-D971-456D-BC02-CB64DA24F115}" = Easy Software Manager
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0BE1488-4FEA-43AC-EA7E-B22AB7016A7C}" = AMD VISION Engine Control Center
"{E2DD7CF7-478A-2139-F601-0621DC9F0FD2}" = CCC Help Korean
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA50969B-A027-5CC6-852A-31877EC40D92}" = CCC Help Hungarian
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F5FB1356-7F0A-0554-B287-336C3AF604B6}" = CCC Help Finnish
"{F5FE4120-A51D-997D-D313-D982B5336109}" = CCC Help Japanese
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Easy Support Center 1.0
"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA20D803-14E5-4B00-8F03-B519D46F9D4A}" = Windows Live Messenger
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"ESET Online Scanner" = ESET Online Scanner v3
"Game Console - WildGames" = WildTangent ORB Game Console
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live 程式集
"WT085559" = Diner Dash 2 Restaurant Rescue
"WT085567" = Chuzzle Deluxe
"WT085580" = John Deere Drive Green
"WT085581" = Penguins!
"WT085583" = Polar Golfer
"WT085587" = Agatha Christie - Death on the Nile
"WT085597" = Build-a-lot
"WT085618" = Farm Frenzy
"WT085622" = Insaniquarium Deluxe
"WT085663" = Peggle
"WT085669" = Plants vs. Zombies
"WT089285" = Zuma Deluxe
"WT089286" = Bejeweled 2 Deluxe
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.04.2013 00:23:21 | Computer Name = mickmett-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SWMAgent.exe, Version: 1.1.22.19,
Zeitstempel: 0x4e7983bf Name des fehlerhaften Moduls: SWMAgent.exe, Version: 1.1.22.19,
Zeitstempel: 0x4e7983bf Ausnahmecode: 0xc0000005 Fehleroffset: 0x00015ec8 ID des fehlerhaften
Prozesses: 0xec Startzeit der fehlerhaften Anwendung: 0x01ce34a6774f4cb8 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
Berichtskennung:
35e80d9e-a0cd-11e2-8079-e8039a34608f
Error - 09.04.2013 00:28:32 | Computer Name = mickmett-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SWMAgent.exe, Version: 1.1.22.19,
Zeitstempel: 0x4e7983bf Name des fehlerhaften Moduls: SWMAgent.exe, Version: 1.1.22.19,
Zeitstempel: 0x4e7983bf Ausnahmecode: 0xc0000005 Fehleroffset: 0x00015ec8 ID des fehlerhaften
Prozesses: 0x6d8 Startzeit der fehlerhaften Anwendung: 0x01ce34d9fc0dff5e Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
Berichtskennung:
ef417a9f-a0cd-11e2-8079-e8039a34608f
Error - 09.04.2013 00:33:50 | Computer Name = mickmett-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SWMAgent.exe, Version: 1.1.22.19,
Zeitstempel: 0x4e7983bf Name des fehlerhaften Moduls: SWMAgent.exe, Version: 1.1.22.19,
Zeitstempel: 0x4e7983bf Ausnahmecode: 0xc0000005 Fehleroffset: 0x00015ec8 ID des fehlerhaften
Prozesses: 0xe98 Startzeit der fehlerhaften Anwendung: 0x01ce34dab5de4a1c Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
Berichtskennung:
acdfe826-a0ce-11e2-8079-e8039a34608f
Error - 09.04.2013 00:39:03 | Computer Name = mickmett-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SWMAgent.exe, Version: 1.1.22.19,
Zeitstempel: 0x4e7983bf Name des fehlerhaften Moduls: SWMAgent.exe, Version: 1.1.22.19,
Zeitstempel: 0x4e7983bf Ausnahmecode: 0xc0000005 Fehleroffset: 0x00015ec8 ID des fehlerhaften
Prozesses: 0xf4c Startzeit der fehlerhaften Anwendung: 0x01ce34db730f3857 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
Berichtskennung:
6761e662-a0cf-11e2-8079-e8039a34608f
Error - 09.04.2013 12:56:08 | Computer Name = mickmett-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.04.2013 12:58:35 | Computer Name = mickmett-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.04.2013 13:32:59 | Computer Name = mickmett-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.04.2013 13:35:20 | Computer Name = mickmett-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.04.2013 13:40:37 | Computer Name = mickmett-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SWMAgent.exe, Version: 1.1.22.19,
Zeitstempel: 0x4e7983bf Name des fehlerhaften Moduls: SWMAgent.exe, Version: 1.1.22.19,
Zeitstempel: 0x4e7983bf Ausnahmecode: 0xc0000005 Fehleroffset: 0x00015ec8 ID des fehlerhaften
Prozesses: 0x8cc Startzeit der fehlerhaften Anwendung: 0x01ce3548996e5fc4 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
Berichtskennung:
961ad30f-a13c-11e2-a787-e8039a34608f
Error - 09.04.2013 13:45:56 | Computer Name = mickmett-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SWMAgent.exe, Version: 1.1.22.19,
Zeitstempel: 0x4e7983bf Name des fehlerhaften Moduls: SWMAgent.exe, Version: 1.1.22.19,
Zeitstempel: 0x4e7983bf Ausnahmecode: 0xc0000005 Fehleroffset: 0x00015ec8 ID des fehlerhaften
Prozesses: 0x1148 Startzeit der fehlerhaften Anwendung: 0x01ce35495c85a5a7 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
Berichtskennung:
54a876f5-a13d-11e2-a787-e8039a34608f
[ System Events ]
Error - 15.11.2011 04:05:16 | Computer Name = WIN-EJ2B6686MMS | Source = DCOM | ID = 10010
Description =
Error - 09.04.2013 12:54:54 | Computer Name = mickmett-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?04.?2013 um 06:44:57 unerwartet heruntergefahren.
Error - 09.04.2013 13:33:00 | Computer Name = mickmett-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b
Error - 09.04.2013 13:34:49 | Computer Name = mickmett-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%16405
Error - 09.04.2013 13:35:11 | Computer Name = mickmett-PC | Source = DCOM | ID = 10010
Description =
Error - 09.04.2013 13:35:11 | Computer Name = mickmett-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005
Error - 09.04.2013 13:35:11 | Computer Name = mickmett-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = Fehler beim Starten des Assistenten für das Sprachpaket-Setup. Führen
Sie einen Neustart des Systems aus, und führen Sie den Assistenten erneut aus.
< End of report >
[/code] Geändert von aethelstan (09.04.2013 um 19:18 Uhr) Grund: Ergänzungen Logfiles |
|
09.04.2013, 19:23
| #7 |
| | Sicherheitswarnung Telekom wegen Zeus Zbot Rechner 2: OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.04.2013 19:00:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16519) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,88 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 37,34% Memory free 4,63 Gb Paging File | 1,60 Gb Available in Paging File | 34,61% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 90,00 Gb Total Space | 56,09 Gb Free Space | 62,32% Space Free | Partition Type: NTFS Drive E: | 197,25 Gb Total Space | 151,54 Gb Free Space | 76,83% Space Free | Partition Type: NTFS Computer Name: LORA | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.09 18:58:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2013.03.27 23:02:04 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.27 23:01:40 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.03.27 23:01:36 | 000,374,496 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2013.03.27 23:01:34 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.27 23:01:33 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.03.07 16:29:07 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.12.29 10:55:32 | 000,068,608 | ---- | M] (IvoSoft) -- C:\Program Files\Classic Shell\ClassicShellService.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.11.29 10:32:16 | 002,086,984 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe PRC - [2012.07.18 00:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.07.18 00:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2012.06.27 22:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.06.25 20:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe ========== Modules (No Company Name) ========== MOD - [2013.03.07 16:29:21 | 003,069,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.01.29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.12.29 10:55:32 | 000,068,608 | ---- | M] (IvoSoft) [Auto | Running] -- C:\Program Files\Classic Shell\ClassicShellService.exe -- (ClassicShellService) SRV:64bit: - [2012.12.06 06:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012.12.06 06:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012.11.06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 10:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.08.31 16:24:58 | 000,201,360 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService) SRV:64bit: - [2012.08.25 03:33:20 | 000,291,240 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Teco\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2012.07.28 19:20:44 | 000,458,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2012.07.28 00:35:00 | 000,053,384 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2012.04.21 00:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:64bit: - [2009.07.28 16:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV - [2013.03.27 23:02:04 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.27 23:01:40 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.03.27 23:01:36 | 000,374,496 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2013.03.27 23:01:34 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.16 00:48:28 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.07 16:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.03.06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013.02.06 11:58:26 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\***\AppData\Local\Temp\7zS73FE\hpslpsvc64.dll -- (HPSLPSVC) SRV - [2012.12.26 11:42:28 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.25 11:50:40 | 000,114,656 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) SRV - [2012.09.20 10:18:03 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.18 00:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.07.18 00:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2012.06.27 22:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.06.25 20:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2011.10.14 00:38:46 | 000,156,672 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe -- (GFNEXSrv) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.27 23:02:16 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.27 23:02:16 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\Drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.27 23:02:16 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.03.16 12:49:12 | 000,048,200 | ---- | M] () [Kernel | Disabled | Running] -- C:\Windows\SysNative\Drivers\EUBKMON.sys -- (EUBKMON) DRV:64bit: - [2013.03.16 12:40:42 | 000,058,952 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Disabled | Running] -- C:\Windows\SysNative\Drivers\eubakup.sys -- (EUBAKUP) DRV:64bit: - [2013.03.15 16:00:06 | 000,633,680 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\Uim_IMx64.sys -- (Uim_IM) DRV:64bit: - [2013.03.15 16:00:06 | 000,390,352 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\uim_vimx64.sys -- (Uim_VIM) DRV:64bit: - [2013.03.15 16:00:06 | 000,090,960 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\uimx64.sys -- (UimBus) DRV:64bit: - [2013.02.07 06:09:56 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.01.22 10:52:08 | 000,075,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2013.01.11 20:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2013.01.10 03:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012.12.26 11:42:14 | 005,332,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.12.21 13:53:58 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv) DRV:64bit: - [2012.12.21 13:53:58 | 000,009,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv) DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.09.28 19:49:12 | 000,021,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tosrfec.sys -- (tosrfec) DRV:64bit: - [2012.09.20 09:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.20 09:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012.08.29 10:37:18 | 001,498,256 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTWlanE) DRV:64bit: - [2012.08.29 10:37:18 | 001,498,256 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rtwlane.sys -- (RTL8192Ce) DRV:64bit: - [2012.08.16 15:24:06 | 000,447,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.08.16 15:24:06 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2012.07.31 22:28:54 | 000,028,632 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Thotkey.sys -- (Thotkey) DRV:64bit: - [2012.07.31 21:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012.07.31 01:04:12 | 000,690,832 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 07:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012.07.26 07:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 04:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum) DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.26 02:34:42 | 000,032,832 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2012.07.25 02:54:00 | 000,031,184 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2012.07.22 01:59:02 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2012.07.11 14:49:34 | 000,024,208 | ---- | M] (Realtek Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtkBtfilter.sys -- (RtkBtFilter) DRV:64bit: - [2012.06.19 08:40:50 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.06.18 20:30:56 | 000,499,096 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\tos_sps64.sys -- (tos_sps64) DRV:64bit: - [2012.06.13 19:24:00 | 000,252,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2011.04.09 00:00:20 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\nuidfltr.sys -- (NuidFltr) DRV - [2013.03.19 18:28:31 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\windows\SysWow64\drivers\AFS.SYS -- (AFS) DRV - [2012.12.21 13:54:00 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2012.12.21 13:53:58 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2009.09.12 00:11:46 | 000,014,344 | ---- | M] (PEGATRON) [Kernel | Auto | Running] -- C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys -- (PEGAGFN) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7109AE4-289E-414D-B1FF-C4B966EB8BC4} IE:64bit: - HKLM\..\SearchScopes\{B7109AE4-289E-414D-B1FF-C4B966EB8BC4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {B7109AE4-289E-414D-B1FF-C4B966EB8BC4} IE - HKLM\..\SearchScopes\{B7109AE4-289E-414D-B1FF-C4B966EB8BC4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4162805617-1865846540-2667320734-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com IE - HKU\S-1-5-21-4162805617-1865846540-2667320734-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com IE - HKU\S-1-5-21-4162805617-1865846540-2667320734-1001\..\SearchScopes,DefaultScope = {B7109AE4-289E-414D-B1FF-C4B966EB8BC4} IE - HKU\S-1-5-21-4162805617-1865846540-2667320734-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.ebay.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.15 19:42:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.04 10:24:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.04 10:24:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.03.15 19:43:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.03.16 01:28:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\9uctzmi7.default\extensions [2013.03.16 01:28:45 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\9uctzmi7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.15 19:42:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.07 16:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SRS Premium Sound HD] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.) O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe () O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe () O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe (CHENGDU YIWO Tech Development Co., Ltd) O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [TPUReg] C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe (Pegatron Corporation) O4 - HKLM..\Run: [TPUReg(x86)] "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft) O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB6E1456-2C50-425C-8713-30D6A0597196}: DhcpNameServer = 192.168.0.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.09 18:59:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.08 23:56:03 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\mbar-1.01.0.1022 [2013.04.08 22:01:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.04.08 20:09:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.04.08 20:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.08 20:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.08 20:09:39 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.04.08 20:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.05 12:15:00 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2013.04.05 12:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Paint Shop Pro X [2013.04.05 12:14:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Corel [2013.04.05 12:14:26 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Spool [2013.04.05 12:14:25 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Meine PSP-Dateien [2013.04.05 12:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel [2013.04.05 12:12:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel [2013.04.04 10:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.04.02 19:26:28 | 000,000,000 | ---D | C] -- C:\archive_db [2013.04.02 19:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\backup [2013.04.02 19:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher [2013.04.02 19:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher [2013.04.02 19:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup & Recovery™ 2013 Free [2013.04.02 19:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paragon Software [2013.04.02 17:43:56 | 000,000,000 | -HSD | C] -- C:\BOOT [2013.04.02 17:41:23 | 000,189,000 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\windows\SysNative\drivers\EuFdDisk.sys [2013.04.02 17:41:23 | 000,058,952 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\windows\SysNative\drivers\eubakup.sys [2013.04.02 17:41:23 | 000,018,504 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\windows\SysNative\drivers\eudskacs.sys [2013.04.02 17:40:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.04.01 13:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TOSHIBA Tempro [2013.04.01 13:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage [2013.04.01 12:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.2.1 Home Edition [2013.04.01 12:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS [2013.03.27 23:02:23 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2013.03.27 23:02:23 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2013.03.27 23:02:23 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys [2013.03.19 18:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard [2013.03.19 18:28:31 | 000,077,004 | ---- | C] (Oak Technology Inc.) -- C:\windows\SysWow64\drivers\AFS.SYS [2013.03.19 18:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard [2013.03.19 18:24:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap [2013.03.19 18:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard [2013.03.18 18:58:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2013.03.17 21:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2013.03.17 15:20:35 | 000,000,000 | ---D | C] -- C:\sources [2013.03.16 09:23:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe [2013.03.16 01:27:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia [2013.03.16 01:13:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Thunderbird [2013.03.16 01:13:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Thunderbird [2013.03.16 00:54:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.03.16 00:54:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.03.16 00:50:15 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Adobe [2013.03.16 00:46:25 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcr100_clr0400.dll [2013.03.16 00:42:34 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvcr100_clr0400.dll [2013.03.16 00:17:33 | 011,459,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\glcndFilter.dll [2013.03.16 00:17:30 | 008,552,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\glcndFilter.dll [2013.03.16 00:17:28 | 001,566,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ole32.dll [2013.03.16 00:17:28 | 001,526,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfcore.dll [2013.03.16 00:17:28 | 001,451,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfcore.dll [2013.03.16 00:17:28 | 000,976,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2013.03.16 00:17:27 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll [2013.03.16 00:17:26 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\windows\HelpPane.exe [2013.03.16 00:17:26 | 000,490,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEng.dll [2013.03.16 00:17:26 | 000,447,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioSes.dll [2013.03.16 00:17:26 | 000,253,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\audiodg.exe [2013.03.16 00:17:25 | 000,767,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll [2013.03.16 00:17:23 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drvstore.dll [2013.03.16 00:17:21 | 000,549,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\drvstore.dll [2013.03.16 00:17:17 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DevicePairing.dll [2013.03.16 00:17:16 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll [2013.03.16 00:17:16 | 000,522,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AUDIOKSE.dll [2013.03.16 00:17:16 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlanmsm.dll [2013.03.16 00:17:16 | 000,463,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AUDIOKSE.dll [2013.03.16 00:17:16 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\bthprops.cpl [2013.03.16 00:17:16 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dafWCN.dll [2013.03.16 00:17:15 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DevicePairing.dll [2013.03.16 00:17:15 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlanmsm.dll [2013.03.16 00:17:15 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpclip.exe [2013.03.16 00:17:15 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\bthprops.cpl [2013.03.16 00:17:15 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MFCaptureEngine.dll [2013.03.16 00:17:15 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll [2013.03.16 00:17:15 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll [2013.03.16 00:17:14 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll [2013.03.16 00:17:14 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ubpm.dll [2013.03.16 00:17:14 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfreadwrite.dll [2013.03.16 00:17:14 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlanapi.dll [2013.03.16 00:17:14 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUSettingsProvider.dll [2013.03.16 00:17:14 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ubpm.dll [2013.03.16 00:17:14 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfreadwrite.dll [2013.03.16 00:17:14 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFCaptureEngine.dll [2013.03.16 00:17:14 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll [2013.03.16 00:17:14 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe [2013.03.16 00:17:14 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe [2013.03.16 00:17:12 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlansec.dll [2013.03.16 00:17:12 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlanapi.dll [2013.03.16 00:17:12 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEndpointBuilder.dll [2013.03.16 00:17:12 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WcnApi.dll [2013.03.16 00:17:12 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll [2013.03.16 00:17:12 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WcnApi.dll [2013.03.16 00:17:12 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe [2013.03.16 00:17:12 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhostex.exe [2013.03.16 00:17:11 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlansec.dll [2013.03.16 00:17:11 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fdWCN.dll [2013.03.16 00:17:11 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wfdprov.dll [2013.03.16 00:17:11 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WcnEapPeerProxy.dll [2013.03.16 00:17:11 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WcnEapAuthProxy.dll [2013.03.16 00:17:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wfdprov.dll [2013.03.16 00:17:10 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDump.dll [2013.03.16 00:17:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll [2013.03.16 00:17:09 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wups.dll [2013.03.16 00:17:09 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuaext.dll [2013.03.16 00:17:07 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fxppm.sys [2013.03.16 00:17:06 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iscsilog.dll [2013.03.16 00:17:06 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlanhlp.dll [2013.03.16 00:17:06 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlanhlp.dll [2013.03.16 00:17:05 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wushareduxresources.dll [2013.03.15 23:50:38 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mmc.exe [2013.03.15 23:50:37 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlidsvc.dll [2013.03.15 23:50:35 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msctf.dll [2013.03.15 23:50:34 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mmc.exe [2013.03.15 23:50:30 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\setupapi.dll [2013.03.15 23:50:29 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsm.dll [2013.03.15 23:50:29 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Media.dll [2013.03.15 23:50:29 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\sdbus.sys [2013.03.15 23:50:29 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dumpsd.sys [2013.03.15 23:50:29 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\msgpiowin32.sys [2013.03.15 23:50:28 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\samsrv.dll [2013.03.15 23:50:28 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MP4SDECD.DLL [2013.03.15 23:50:28 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.dll [2013.03.15 23:50:28 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MP4SDECD.DLL [2013.03.15 23:50:28 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.dll [2013.03.15 23:50:28 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys [2013.03.15 23:50:28 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.dll [2013.03.15 23:50:28 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSDMon.dll [2013.03.15 23:50:28 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fsquirt.exe [2013.03.15 23:50:28 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncbservice.dll [2013.03.15 23:50:28 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetpp.dll [2013.03.15 23:50:28 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\httpprxm.dll [2013.03.15 23:50:28 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wiaacmgr.exe [2013.03.15 23:50:28 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wiaacmgr.exe [2013.03.15 23:50:28 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adhsvc.dll [2013.03.15 23:50:27 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adhapi.dll [2013.03.15 23:50:27 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\httpprxp.dll [2013.03.15 23:50:27 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\keepaliveprovider.dll [2013.03.15 23:41:50 | 001,096,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmpmde.dll [2013.03.15 23:41:49 | 001,145,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winmde.dll [2013.03.15 23:41:48 | 003,245,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll [2013.03.15 23:41:47 | 001,536,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\storagewmi.dll [2013.03.15 23:41:47 | 001,122,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Taskmgr.exe [2013.03.15 23:41:47 | 001,027,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Taskmgr.exe [2013.03.15 23:41:47 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WebcamUi.dll [2013.03.15 23:41:47 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WebcamUi.dll [2013.03.15 23:41:46 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winmde.dll [2013.03.15 23:41:46 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UserLanguagesCpl.dll [2013.03.15 23:41:46 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usbmon.dll [2013.03.15 23:41:46 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpnapps.dll [2013.03.15 23:41:45 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe [2013.03.15 23:41:45 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UserLanguagesCpl.dll [2013.03.15 23:41:45 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wpnapps.dll [2013.03.15 23:41:45 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe [2013.03.15 23:41:44 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\storagewmi.dll [2013.03.15 23:41:44 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe [2013.03.15 23:41:44 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll [2013.03.15 23:41:44 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll [2013.03.15 23:41:43 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL [2013.03.15 23:41:43 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL [2013.03.15 23:41:43 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vdsutil.dll [2013.03.15 23:41:43 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\storewuauth.dll [2013.03.15 23:41:43 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vds_ps.dll [2013.03.15 23:41:43 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\vds_ps.dll [2013.03.15 23:41:43 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vdsldr.exe [2013.03.15 23:39:23 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdFilter.sys [2013.03.15 23:39:22 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdBoot.sys [2013.03.15 23:39:19 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentServer.dll [2013.03.15 23:39:18 | 000,707,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentExtensions.dll [2013.03.15 23:38:01 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppwinob.dll [2013.03.15 23:37:58 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Display.dll [2013.03.15 23:37:58 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Display.dll [2013.03.15 23:37:58 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DevDispItemProvider.dll [2013.03.15 23:37:58 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DevDispItemProvider.dll [2013.03.15 23:37:58 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDKURD.DLL [2013.03.15 23:37:58 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDKURD.DLL [2013.03.15 23:37:57 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSShared.dll [2013.03.15 23:37:57 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSShared.dll [2013.03.15 23:37:57 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.dll [2013.03.15 23:37:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll [2013.03.15 23:37:57 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll [2013.03.15 23:37:57 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll [2013.03.15 23:37:53 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SystemEventsBrokerServer.dll [2013.03.15 23:37:53 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TimeBrokerServer.dll [2013.03.15 23:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.03.15 23:25:57 | 003,554,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tquery.dll [2013.03.15 23:25:54 | 002,116,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssrch.dll [2013.03.15 23:25:51 | 002,380,944 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe [2013.03.15 23:25:51 | 002,206,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dwmcore.dll [2013.03.15 23:25:51 | 002,115,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\explorer.exe [2013.03.15 23:25:50 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Immersive.dll [2013.03.15 23:25:49 | 001,610,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssrch.dll [2013.03.15 23:25:49 | 001,265,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll [2013.03.15 23:25:48 | 001,226,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Immersive.dll [2013.03.15 23:25:48 | 000,579,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\StructuredQuery.dll [2013.03.15 23:25:47 | 001,841,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dwmcore.dll [2013.03.15 23:25:47 | 000,793,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfplat.dll [2013.03.15 23:25:46 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SHCore.dll [2013.03.15 23:25:45 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.efi [2013.03.15 23:25:45 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchProtocolHost.exe [2013.03.15 23:25:44 | 000,612,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfplat.dll [2013.03.15 23:25:44 | 000,561,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfmp4srcsnk.dll [2013.03.15 23:25:44 | 000,517,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winlogon.exe [2013.03.15 23:25:44 | 000,441,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys [2013.03.15 23:25:43 | 001,045,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usercpl.dll [2013.03.15 23:25:43 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ci.dll [2013.03.15 23:25:43 | 000,336,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Classpnp.sys [2013.03.15 23:25:43 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\portcls.sys [2013.03.15 23:25:43 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Storage.Compression.dll [2013.03.15 23:25:42 | 002,764,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll [2013.03.15 23:25:42 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfmp4srcsnk.dll [2013.03.15 23:25:42 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll [2013.03.15 23:25:42 | 000,058,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dam.sys [2013.03.15 23:25:41 | 000,962,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\usercpl.dll [2013.03.15 23:25:41 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SpaceControl.dll [2013.03.15 23:25:41 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll [2013.03.15 23:25:41 | 000,056,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\sdstor.sys [2013.03.15 23:25:41 | 000,033,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\battc.sys [2013.03.15 23:25:40 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.exe [2013.03.15 23:25:40 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.efi [2013.03.15 23:25:40 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.exe [2013.03.15 23:25:40 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SHCore.dll [2013.03.15 23:25:40 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\input.dll [2013.03.15 23:25:40 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Storage.Compression.dll [2013.03.15 23:25:39 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\input.dll [2013.03.15 23:25:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll [2013.03.15 23:25:38 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssvp.dll [2013.03.15 23:25:38 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssvp.dll [2013.03.15 23:25:38 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PCPKsp.dll [2013.03.15 23:25:38 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\microsoft-windows-pdc.dll [2013.03.15 23:25:37 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll [2013.03.15 23:25:36 | 000,757,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FirewallAPI.dll [2013.03.15 23:25:36 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssph.dll [2013.03.15 23:25:36 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssph.dll [2013.03.15 23:25:36 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AppxSip.dll [2013.03.15 23:25:35 | 001,836,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll [2013.03.15 23:25:35 | 000,370,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SysFxUI.dll [2013.03.15 23:25:35 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchFilterHost.exe [2013.03.15 23:25:35 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppxSip.dll [2013.03.15 23:25:34 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssphtb.dll [2013.03.15 23:25:34 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icfupgd.dll [2013.03.15 23:25:34 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssitlb.dll [2013.03.15 23:25:34 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PCPKsp.dll [2013.03.15 23:25:34 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\BdeUISrv.exe [2013.03.15 23:25:33 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssprxy.dll [2013.03.15 23:25:33 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssitlb.dll [2013.03.15 23:25:33 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msscntrs.dll [2013.03.15 23:25:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msscntrs.dll [2013.03.15 23:25:33 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wfapigp.dll [2013.03.15 23:25:33 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wfapigp.dll [2013.03.15 23:25:32 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\drmk.sys [2013.03.15 23:25:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msshooks.dll [2013.03.15 23:25:32 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msshooks.dll [2013.03.15 23:25:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kbdhebl3.dll [2013.03.15 23:25:32 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\kbdhebl3.dll [2013.03.15 23:18:49 | 000,396,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\hal.dll [2013.03.15 23:16:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Paint.NET [2013.03.15 23:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET [2013.03.15 23:15:13 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.03.15 23:14:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2013.03.15 23:09:45 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dskquota.dll [2013.03.15 23:09:45 | 000,027,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rdpvideominiport.sys [2013.03.15 23:09:44 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll [2013.03.15 23:09:44 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dskquota.dll [2013.03.15 23:09:44 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rfxvmt.dll [2013.03.15 23:09:29 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll [2013.03.15 23:07:33 | 001,172,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfnetsrc.dll [2013.03.15 23:07:33 | 000,929,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfnetsrc.dll [2013.03.15 23:07:33 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfnetcore.dll [2013.03.15 23:07:32 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfasfsrcsnk.dll [2013.03.15 23:07:32 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfasfsrcsnk.dll [2013.03.15 23:07:32 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfnetcore.dll [2013.03.15 23:07:32 | 000,673,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfmpeg2srcsnk.dll [2013.03.15 23:07:32 | 000,513,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfmpeg2srcsnk.dll [2013.03.15 22:51:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics [2013.03.15 22:43:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Diagnostics [2013.03.15 22:20:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TOSHIBA [2013.03.15 22:09:44 | 000,000,000 | R--D | C] -- C:\windows\BrowserChoice [2013.03.15 22:00:24 | 000,692,568 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013.03.15 22:00:24 | 000,078,168 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.15 21:48:10 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll [2013.03.15 21:48:10 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll [2013.03.15 21:48:09 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncryptsslp.dll [2013.03.15 21:48:09 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncryptsslp.dll [2013.03.15 21:48:07 | 006,967,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2013.03.15 21:47:48 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tssdisai.dll [2013.03.15 21:47:47 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\poqexec.exe [2013.03.15 21:47:47 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\appserverai.dll [2013.03.15 21:47:47 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\poqexec.exe [2013.03.15 21:47:47 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RDWebAI.dll [2013.03.15 21:47:47 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\VmHostAI.dll [2013.03.15 21:44:23 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinui.dll [2013.03.15 21:44:23 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll [2013.03.15 21:44:19 | 010,115,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\twinui.dll [2013.03.15 21:44:19 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\pdc.sys [2013.03.15 21:44:18 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\actxprxy.dll [2013.03.15 21:44:17 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll [2013.03.15 21:43:21 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2013.03.15 21:43:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll [2013.03.15 21:43:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2013.03.15 21:43:21 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll [2013.03.15 21:43:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2013.03.15 21:43:19 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2013.03.15 21:43:19 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll [2013.03.15 21:43:19 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2013.03.15 21:43:19 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll [2013.03.15 21:43:18 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll [2013.03.15 21:43:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2013.03.15 21:43:18 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2013.03.15 21:43:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2013.03.15 21:43:17 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2013.03.15 21:38:15 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys [2013.03.15 21:33:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeamViewer [2013.03.15 21:10:38 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Xaml.dll [2013.03.15 21:10:37 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.dll [2013.03.15 21:10:35 | 005,977,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll [2013.03.15 21:10:34 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll [2013.03.15 21:10:33 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\duser.dll [2013.03.15 21:10:33 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlroamextension.dll [2013.03.15 21:10:33 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WWanAPI.dll [2013.03.15 21:10:33 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netprofmsvc.dll [2013.03.15 21:10:33 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSync.dll [2013.03.15 21:10:33 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBHUB3.SYS [2013.03.15 21:10:33 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll [2013.03.15 21:10:33 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.Connectivity.dll [2013.03.15 21:10:33 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\hotspotauth.dll [2013.03.15 21:10:32 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll [2013.03.15 21:10:32 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpd_ci.dll [2013.03.15 21:10:32 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlroamextension.dll [2013.03.15 21:10:32 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WWanAPI.dll [2013.03.15 21:10:32 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSync.dll [2013.03.15 21:10:32 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys [2013.03.15 21:10:32 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsRasterService.dll [2013.03.15 21:10:32 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mbsmsapi.dll [2013.03.15 21:10:32 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.Connectivity.dll [2013.03.15 21:10:32 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mbsmsapi.dll [2013.03.15 21:10:32 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsRasterService.dll [2013.03.15 21:10:32 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskkill.exe [2013.03.15 21:10:32 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tasklist.exe [2013.03.15 21:10:32 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys [2013.03.15 21:10:32 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tasklist.exe [2013.03.15 21:10:32 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\taskkill.exe [2013.03.15 21:10:32 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\crashdmp.sys [2013.03.15 21:10:32 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidi2c.sys [2013.03.15 21:10:32 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BthAvrcpTg.sys [2013.03.15 21:10:31 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BthhfHid.sys [2013.03.15 21:10:31 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BtaMPM.sys [2013.03.15 21:10:31 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nlmproxy.dll [2013.03.15 21:10:31 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nlmsprep.dll [2013.03.15 21:09:45 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ReAgentc.exe [2013.03.15 21:09:45 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ReAgentc.exe [2013.03.15 21:09:44 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\reseteng.dll [2013.03.15 21:09:44 | 000,945,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\resetengmig.dll [2013.03.15 21:09:44 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ReAgent.dll [2013.03.15 21:09:44 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ReAgent.dll [2013.03.15 21:09:44 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sysreset.exe [2013.03.15 21:07:38 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MFMediaEngine.dll [2013.03.15 21:07:38 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFMediaEngine.dll [2013.03.15 21:07:36 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\GdiPlus.dll [2013.03.15 21:07:36 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\GdiPlus.dll [2013.03.15 21:04:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pcadm.dll [2013.03.15 21:04:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pcalua.exe [2013.03.15 21:04:52 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pcaevts.dll [2013.03.15 21:04:38 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll [2013.03.15 21:04:38 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll [2013.03.15 21:04:38 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnathlp.dll [2013.03.15 21:04:38 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnathlp.dll [2013.03.15 21:04:38 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnsvr.exe [2013.03.15 21:04:38 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnsvr.exe [2013.03.15 21:04:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnhupnp.dll [2013.03.15 21:04:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnhpast.dll [2013.03.15 21:04:38 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnhupnp.dll [2013.03.15 21:04:38 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnhpast.dll [2013.03.15 21:04:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnlobby.dll [2013.03.15 21:04:38 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnaddr.dll [2013.03.15 21:04:38 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnlobby.dll [2013.03.15 21:04:38 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnaddr.dll [2013.03.15 21:04:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml6r.dll [2013.03.15 21:04:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml6r.dll [2013.03.15 21:04:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll [2013.03.15 21:04:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll [2013.03.15 21:04:36 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll [2013.03.15 21:04:36 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll [2013.03.15 21:04:36 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fontsub.dll [2013.03.15 21:04:36 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fontsub.dll [2013.03.15 21:04:36 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll [2013.03.15 21:04:36 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll [2013.03.15 21:04:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dciman32.dll [2013.03.15 21:04:36 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lpk.dll [2013.03.15 20:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell [2013.03.15 20:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Classic Shell [2013.03.15 20:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2013.03.15 20:48:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2013.03.15 20:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.15 20:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.03.15 20:46:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.03.15 19:43:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla [2013.03.15 19:43:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla [2013.03.15 19:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.03.15 19:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.03.15 19:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.15 19:40:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia [2013.03.15 19:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\ToshibaEurope [2013.03.15 19:35:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SRS Labs [2013.03.15 19:34:35 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.03.15 19:34:35 | 000,000,000 | R--D | C] -- C:\Users\***\Searches [2013.03.15 19:34:35 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.03.15 19:34:34 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts [2013.03.15 19:34:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe [2013.03.15 19:33:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore [2013.03.15 19:33:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Packages [2013.03.15 19:32:49 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [2013.03.15 19:32:49 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.03.15 19:32:49 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [2013.03.15 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [2013.03.15 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [2013.03.15 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [2013.03.15 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [2013.03.15 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [2013.03.15 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [2013.03.15 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [2013.03.15 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [2013.03.15 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [2013.03.15 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [2013.03.15 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [2013.03.15 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [2013.03.15 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [2013.03.15 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [2013.03.15 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [2013.03.15 19:32:49 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [2013.03.15 19:32:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp [2013.03.15 19:32:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft [2013.03.15 19:32:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.03.15 19:32:48 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [2013.03.15 19:32:48 | 000,000,000 | R--D | C] -- C:\Users\***\Videos [2013.03.15 19:32:48 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games [2013.03.15 19:32:48 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures [2013.03.15 19:32:48 | 000,000,000 | R--D | C] -- C:\Users\***\Music [2013.03.15 19:32:48 | 000,000,000 | R--D | C] -- C:\Users\***\Links [2013.03.15 19:32:48 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [2013.03.15 19:32:48 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads [2013.03.15 19:32:48 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2013.03.15 19:32:48 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop [2013.03.15 19:32:48 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData [2013.03.15 19:31:14 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution [2013.03.15 16:00:08 | 000,251,728 | ---- | C] (Paragon Software Group) -- C:\windows\SysWow64\prgiso.dll [2013.03.15 16:00:06 | 000,633,680 | ---- | C] (Paragon) -- C:\windows\SysNative\drivers\Uim_IMx64.sys [2013.03.15 16:00:06 | 000,472,016 | ---- | C] (Paragon) -- C:\windows\SysNative\drivers\UimFIO.sys [2013.03.15 16:00:06 | 000,390,352 | ---- | C] (Paragon) -- C:\windows\SysNative\drivers\uim_vimx64.sys [2013.03.15 16:00:06 | 000,090,960 | ---- | C] (Windows (R) 2000 DDK provider) -- C:\windows\SysNative\drivers\uimx64.sys [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.09 18:58:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.09 18:53:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.04.09 00:24:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.04.08 20:09:41 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.05 15:51:08 | 000,000,952 | -HS- | M] () -- C:\windows\SysWow64\KGyGaAvL.sys [2013.04.05 12:32:33 | 001,745,416 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.04.05 12:32:33 | 000,753,134 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.04.05 12:32:33 | 000,710,244 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.04.05 12:32:33 | 000,155,826 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.04.05 12:32:33 | 000,132,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.04.05 12:14:41 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\Corel Paint Shop Pro X.lnk [2013.04.02 19:25:26 | 000,002,424 | ---- | M] () -- C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2013 Free.lnk [2013.04.01 21:03:21 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.04.01 21:02:58 | 3336,331,264 | -HS- | M] () -- C:\hiberfil.sys [2013.04.01 13:11:40 | 000,000,459 | ---- | M] () -- C:\Users\***\Desktop\E.lnk [2013.04.01 12:51:13 | 000,001,301 | -H-- | M] () -- C:\windows\EPMBatch.ept [2013.04.01 12:46:50 | 000,001,499 | ---- | M] () -- C:\Users\Public\Desktop\EaseUS Partition Master 9.2.1 Home Edition.lnk [2013.04.01 12:00:41 | 000,000,507 | ---- | M] () -- C:\Users\***\Desktop\C.lnk [2013.03.27 23:02:16 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys [2013.03.27 23:02:16 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys [2013.03.27 23:02:16 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys [2013.03.21 11:03:17 | 000,016,970 | ---- | M] () -- C:\Users\***\Documents\Unbenannt 1.odt [2013.03.20 12:07:07 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf [2013.03.19 18:28:39 | 000,021,674 | ---- | M] () -- C:\windows\hpoins01.dat [2013.03.19 18:28:31 | 000,077,004 | ---- | M] (Oak Technology Inc.) -- C:\windows\SysWow64\drivers\AFS.SYS [2013.03.19 18:25:02 | 000,001,042 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk [2013.03.18 18:58:18 | 000,001,250 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.03.16 12:52:22 | 000,189,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\windows\SysNative\drivers\EuFdDisk.sys [2013.03.16 12:49:12 | 000,048,200 | ---- | M] () -- C:\windows\SysNative\drivers\EUBKMON.sys [2013.03.16 12:43:54 | 000,018,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\windows\SysNative\drivers\eudskacs.sys [2013.03.16 12:40:42 | 000,058,952 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\windows\SysNative\drivers\eubakup.sys [2013.03.16 00:55:07 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.03.16 00:10:32 | 000,309,024 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.03.15 23:20:07 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2013.03.15 23:16:14 | 000,001,299 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk [2013.03.15 23:15:15 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.03.15 20:52:44 | 000,001,177 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.03.15 20:46:29 | 000,002,081 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.03.15 19:42:57 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.15 19:37:11 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf [2013.03.15 16:00:08 | 000,251,728 | ---- | M] (Paragon Software Group) -- C:\windows\SysWow64\prgiso.dll [2013.03.15 16:00:06 | 000,633,680 | ---- | M] (Paragon) -- C:\windows\SysNative\drivers\Uim_IMx64.sys [2013.03.15 16:00:06 | 000,472,016 | ---- | M] (Paragon) -- C:\windows\SysNative\drivers\UimFIO.sys [2013.03.15 16:00:06 | 000,390,352 | ---- | M] (Paragon) -- C:\windows\SysNative\drivers\uim_vimx64.sys [2013.03.15 16:00:06 | 000,090,960 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\windows\SysNative\drivers\uimx64.sys [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.08 20:09:41 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.05 13:05:58 | 000,000,952 | -HS- | C] () -- C:\windows\SysWow64\KGyGaAvL.sys [2013.04.05 12:14:41 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\Corel Paint Shop Pro X.lnk [2013.04.02 19:25:26 | 000,002,424 | ---- | C] () -- C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2013 Free.lnk [2013.04.02 17:41:22 | 000,048,200 | ---- | C] () -- C:\windows\SysNative\drivers\EUBKMON.sys [2013.04.01 13:11:40 | 000,000,459 | ---- | C] () -- C:\Users\***\Desktop\E.lnk [2013.04.01 12:50:33 | 000,001,301 | -H-- | C] () -- C:\windows\EPMBatch.ept [2013.04.01 12:46:50 | 000,001,499 | ---- | C] () -- C:\Users\Public\Desktop\EaseUS Partition Master 9.2.1 Home Edition.lnk [2013.04.01 12:46:46 | 003,376,640 | ---- | C] () -- C:\windows\SysNative\BootMan.exe [2013.04.01 12:46:46 | 003,316,736 | ---- | C] () -- C:\windows\SysNative\¸´¼þ BootMan.exe [2013.04.01 12:46:46 | 002,468,520 | ---- | C] () -- C:\windows\SysWow64\BootMan.exe [2013.04.01 12:46:46 | 000,100,936 | ---- | C] () -- C:\windows\SysNative\setupempdrvx64.exe [2013.04.01 12:46:46 | 000,087,112 | ---- | C] () -- C:\windows\SysWow64\setupempdrv03.exe [2013.04.01 12:46:46 | 000,019,840 | ---- | C] () -- C:\windows\SysWow64\EuEpmGdi.dll [2013.04.01 12:46:46 | 000,017,480 | ---- | C] () -- C:\windows\SysNative\epmntdrv.sys [2013.04.01 12:46:46 | 000,016,256 | ---- | C] () -- C:\windows\SysNative\EuEpmGdi.dll [2013.04.01 12:46:46 | 000,014,920 | ---- | C] () -- C:\windows\SysWow64\epmntdrv.sys [2013.04.01 12:46:46 | 000,009,800 | ---- | C] () -- C:\windows\SysNative\EuGdiDrv.sys [2013.04.01 12:46:46 | 000,009,160 | ---- | C] () -- C:\windows\SysWow64\EuGdiDrv.sys [2013.04.01 12:00:41 | 000,000,507 | ---- | C] () -- C:\Users\***\Desktop\C.lnk [2013.03.21 11:03:14 | 000,016,970 | ---- | C] () -- C:\Users\***\Documents\Unbenannt 1.odt [2013.03.20 12:07:07 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf [2013.03.19 18:25:02 | 000,001,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk [2013.03.19 18:23:18 | 000,021,674 | ---- | C] () -- C:\windows\hpoins01.dat [2013.03.19 18:23:18 | 000,016,622 | ---- | C] () -- C:\windows\hpomdl01.dat [2013.03.18 18:58:18 | 000,001,250 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.03.16 00:55:07 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.03.16 00:55:07 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.03.16 00:48:29 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.03.16 00:10:18 | 000,309,024 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.03.15 23:50:30 | 000,386,577 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml [2013.03.15 23:20:07 | 000,002,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2013.03.15 23:20:07 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2013.03.15 23:16:14 | 000,001,311 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk [2013.03.15 23:16:14 | 000,001,299 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk [2013.03.15 23:15:15 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.03.15 20:52:44 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.03.15 20:52:44 | 000,001,177 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.03.15 20:46:29 | 000,002,081 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.03.15 19:42:57 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.03.15 19:42:57 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.15 19:37:11 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf [2013.03.15 19:34:28 | 000,001,453 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.01.05 23:55:30 | 000,037,820 | ---- | C] () -- C:\windows\rlt8723a_chip_bt40_fw_asic_rom_patch.dll [2013.01.05 23:54:41 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe [2012.12.26 11:42:16 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin [2012.12.26 11:42:12 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012.11.13 19:18:06 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll [2012.08.06 07:36:22 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2012.07.25 22:22:56 | 000,733,840 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin [2012.07.25 22:22:56 | 000,492,340 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2012.04.20 23:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
09.04.2013, 19:26
| #8 |
| | Sicherheitswarnung Telekom wegen Zeus Zbot extras.txt: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.04.2013 19:00:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,88 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 37,34% Memory free
4,63 Gb Paging File | 1,60 Gb Available in Paging File | 34,61% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 90,00 Gb Total Space | 56,09 Gb Free Space | 62,32% Space Free | Partition Type: NTFS
Drive E: | 197,25 Gb Total Space | 151,54 Gb Free Space | 76,83% Space Free | Partition Type: NTFS
Computer Name: LORA | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4162805617-1865846540-2667320734-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0440D2BA-8762-41FB-ADBF-6771D8DCE769}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{0594561D-4C27-480E-98C1-7DA13D22636F}" = protocol=6 | dir=in | app=c:\users\***\appdata\local\temp\7zs73fe\hppiw.exe |
"{05F7A462-69B6-47DA-9227-33EE64389B7E}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{0831933B-1325-48B2-80C0-DF5560E3EB1E}" = dir=out | name=evernote |
"{0A07AC26-1CCA-4B55-BBE5-D94D3B6D48C1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{0B6BFA28-0A16-4877-A1FF-6EBF4A61ACF6}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{0FF23095-4BF1-4A51-83B1-8007695B04D4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{125F87FA-E575-4352-BE9B-71FD13C8976E}" = dir=out | name=toshiba places |
"{19FDCC11-BABA-45B6-B1FD-8AA6E57F7778}" = dir=out | name=fresh paint |
"{21E53E94-11EE-4E8C-B14D-AF0C45A2C044}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{334C97C0-8841-4C1C-999D-8156A66EF934}" = protocol=17 | dir=in | app=c:\users\***\appdata\local\temp\7zs73fe\hppiw.exe |
"{3690F456-4787-477C-9C3A-081A6F04B034}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{388EBD79-295D-4A61-ADFB-E69DE518EC1F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{45529284-E70A-4CE3-93FD-8318274B1A19}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{49091C43-F9F7-4EAB-89BF-937233AADD68}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{4CFC1D16-C447-4B02-9DB0-1C50470DA803}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe |
"{568CA4D9-179B-4E18-887A-852EC2B08D72}" = dir=in | name=toshiba media player by smedio truelink+ |
"{5AC383A1-73AD-4CCB-B4BE-3C4691328097}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{63792AA0-B92D-45C1-A416-473866AAAFEF}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{64AA386F-3EAB-49AC-9476-8C885A365C1B}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{697E422E-EA30-4E7A-BEBE-8C96C9B9C9F7}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{6EACA677-0312-4BE1-B04B-C1849BAEB9A5}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{76121F42-3056-439D-857E-181CF705A334}" = dir=in | name=skype |
"{7E3679E8-46C6-4F48-B2FB-F63002F7085B}" = dir=out | name=ebay |
"{7FA3F2AE-E4F2-479B-99A3-49A18D86FDAA}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8580411F-0168-47ED-913A-858793A13966}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe |
"{8E1853BB-69C3-4525-B591-A234836A4753}" = dir=out | name=windows_ie_ac_001 |
"{92D3F4AA-3DA1-40E1-85C4-0439EEA228B6}" = dir=out | name=microsoft solitaire collection |
"{95BAD791-721B-47B4-A452-512074D01C5F}" = dir=out | name=mcafee security advisor for toshiba |
"{9A173AC6-94D2-4E02-B325-2FF4D835D454}" = dir=out | name=skitch |
"{9AFC523B-32FB-4E70-BFAD-B8B367A65EF9}" = dir=out | name=toshiba media player by smedio truelink+ |
"{9C7715D1-1063-4ECC-95CA-1EB87A68422B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{A1AF53BC-8B3C-4F66-A9A6-301876A25673}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{A77AD4BD-FE33-4FAF-905B-5706E1F1FB49}" = dir=in | name=evernote |
"{AB7B4AE6-D046-4507-A5BA-1811065468B8}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{AE65A97B-A4AB-432C-B5E5-21517338692A}" = dir=in | name=ebay |
"{B3CEED7F-B26E-4A53-BD0B-C63CBF369CA3}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{C40F7FBF-ADB7-4CE3-8CAB-4FC78CBCA7FA}" = dir=out | name=- games app - |
"{CB301946-B1F3-408A-BEAD-786B722E2031}" = dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{D3568991-EB5D-4DC6-8A18-B86DED1D7595}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{DDB925F6-AC16-405E-B4E9-1C3523F74FDF}" = dir=out | name=skype |
"{E0FEDA5A-08F1-4523-A487-38CB1DD3A35F}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E7D52125-74B8-4B2D-979D-72272F152DBC}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{E9696A09-EA20-4527-B74B-DB457596FEB8}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{ECC1D7D8-AC17-43D7-9BA1-4F945EEADA91}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{F80D342E-E4CB-4009-A3D7-2850A4A24B49}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{F9D411DC-1F85-463B-B985-5BD36699DE19}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FE6A08EA-6D6F-4597-A1E6-E68E254795C1}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{16562A90-71BC-41A0-B890-D91B0C267120}" = TOSHIBA Function Key
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5944B9D4-3C2A-48DE-931E-26B31714A2F7}" = TOSHIBA eco Utility
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{94F03B8E-CB73-4653-AFE9-79112C01FED2}" = Premium Sound HD
"{95CCACF0-010D-45F0-82BF-858643D8BC02}" = TOSHIBA Desktop Assist
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B8C8422F-01F1-4791-B084-047AAFF9BFCC}" = TOSHIBA Service Station
"{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}" = Classic Shell
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{FF07604E-C860-40E9-A230-E37FA41F103A}" = TOSHIBA VIDEO PLAYER
"57F58DC141BEB353704E041792E5B00606694FEA" = Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth (07/11/2012 2.3.13.3)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0071820F-09B0-4998-8320-F89629DCBC99}" = Nero BackItUp
"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
"{05A55927-DB9B-4E26-BA44-828EBFF829F0}" = TOSHIBA System Settings
"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)
"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
"{0CC0980D-811D-43B8-A455-8D150EB5BC0D}" = Realtek Bluetooth Filter Driver Package
"{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher
"{1001266B-D4BB-46D9-B023-2612A8CE3A31}" = Nero BurnRights
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1E6A96A1-2BAB-43EF-8087-30437593C66C}" = TOSHIBA System Driver
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{2EF76291-8647-46F0-89D8-0AA8B72A5420}" = Nero 12 Essentials Toshiba
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{78931270-BC9E-441A-A52B-73ECD4ACFAB5}" = Toshiba Password Utility
"{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience)
"{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8E7EABFA-BF37-4824-B792-4220C9E04233}" = Nero BurnRights Help (CHM)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = TOSHIBA Manuals
"{949460AD-3C77-44FD-8D78-BF605EF28114}" = EMEA02
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2013 Free
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F76F5214-83A8-4030-80C9-1EF57391D72A}" = Toshiba TEMPRO
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Avira AntiVir Desktop" = Avira Antivirus Premium
"EaseUS Partition Master Home Edition_is1" = EaseUS Partition Master 9.2.1 Home Edition
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{0CC0980D-811D-43B8-A455-8D150EB5BC0D}" = Realtek Bluetooth Filter Driver Package
"InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}" = Toshiba Password Utility
"Intel AppUp(SM) center 33268" = Intel AppUp(SM) center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TeamViewer 8" = TeamViewer 8
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WTA-0374e90a-e19b-45d0-a626-132f321339de" = Chuzzle Deluxe
"WTA-0e8934c4-fbf5-4c5a-9d8b-3bb3681f9c41" = Plants vs. Zombies - Game of the Year
"WTA-24f13d0e-414a-4d20-9409-e4553836894d" = Jewel Quest Solitaire 2
"WTA-6ada0c5e-de04-4f27-ae34-7aaae7a83b96" = Aloha TriPeaks
"WTA-a5d4acc8-f1f1-4314-ad2e-1e0cb2a637be" = Virtual Villagers 4 - The Tree of Life
"WTA-a60bbaac-660e-4616-80cd-8016d11be7e7" = Empress of the Deep - The Darkest Secret
"WTA-aef20408-cd47-426f-8dc3-b72006d1f841" = Bejeweled 3
"WTA-b295d98a-100b-4953-8a7b-f4026a7699f7" = Polar Bowler
"WTA-b3c7f83d-bda4-437f-934a-ba77dfbc92e1" = Peggle Nights
"WTA-bcc29fbb-7d0d-4b8e-9a92-157fae3f6845" = Magic Academy
"WTA-cd51dd43-35e9-4fcb-9c61-f71dbe949c60" = Island Tribe
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.03.2013 16:46:11 | Computer Name = Lora | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TCrdMain_Win8.exe, Version: 2.0.4.64,
Zeitstempel: 0x50459b38 Name des fehlerhaften Moduls: SynCOM.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x502d552e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000001002038c
ID
des fehlerhaften Prozesses: 0x49c Startzeit der fehlerhaften Anwendung: 0x01ce21bbfee02fef
Pfad
der fehlerhaften Anwendung: C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe Pfad
des fehlerhaften Moduls: SynCOM.dll Berichtskennung: 5e3e88b1-8db1-11e2-be7b-2016d8c49567
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 15.03.2013 17:11:10 | Computer Name = Lora | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TCrdMain_Win8.exe, Version: 2.0.4.64,
Zeitstempel: 0x50459b38 Name des fehlerhaften Moduls: SynCOM.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x502d552e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000001002038c
ID
des fehlerhaften Prozesses: 0x714 Startzeit der fehlerhaften Anwendung: 0x01ce21bf81726921
Pfad
der fehlerhaften Anwendung: C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe Pfad
des fehlerhaften Moduls: SynCOM.dll Berichtskennung: dba88c38-8db4-11e2-be7c-2016d8c49567
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 15.03.2013 19:31:00 | Computer Name = Lora | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PortChanger.exe, Version: 0.0.0.0,
Zeitstempel: 0x50123cc9 Name des fehlerhaften Moduls: PortChanger.exe, Version:
0.0.0.0, Zeitstempel: 0x50123cc9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000004be7
ID
des fehlerhaften Prozesses: 0x1260 Startzeit der fehlerhaften Anwendung: 0x01ce21d4f3573b00
Pfad
der fehlerhaften Anwendung: C:\windows\system32\PortChanger.exe Pfad des fehlerhaften
Moduls: C:\windows\system32\PortChanger.exe Berichtskennung: 64cea066-8dc8-11e2-be84-2016d8c49567
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 16.03.2013 02:41:05 | Computer Name = Lora | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TCrdMain_Win8.exe, Version: 2.0.4.64,
Zeitstempel: 0x50459b38 Name des fehlerhaften Moduls: SynCOM.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x502d552e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000001002038c
ID
des fehlerhaften Prozesses: 0x7ac Startzeit der fehlerhaften Anwendung: 0x01ce220f1e97e3af
Pfad
der fehlerhaften Anwendung: C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe Pfad
des fehlerhaften Moduls: SynCOM.dll Berichtskennung: 794aa22f-8e04-11e2-be84-2016d8c49567
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 17.03.2013 15:46:12 | Computer Name = Lora | Source = Application Hang | ID = 1002
Description = Programm Taskmgr.exe, Version 6.2.9200.16465 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: c70 Startzeit: 01ce2347d8aa139d Endzeit: 15 Anwendungspfad:
C:\windows\System32\Taskmgr.exe Berichts-ID: 4e7319e9-8f3b-11e2-be86-2016d8c49567
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 17.03.2013 15:46:27 | Computer Name = Lora | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.2.9200.16433 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: fe8 Startzeit: 01ce23478f65d113 Endzeit: 0 Anwendungspfad: C:\windows\Explorer.EXE
Berichts-ID:
5960792c-8f3b-11e2-be86-2016d8c49567 Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
[ System Events ]
Error - 22.03.2013 18:39:36 | Computer Name = Lora | Source = DCOM | ID = 10010
Description =
Error - 22.03.2013 18:39:36 | Computer Name = Lora | Source = DCOM | ID = 10010
Description =
Error - 22.03.2013 18:39:36 | Computer Name = Lora | Source = DCOM | ID = 10010
Description =
Error - 28.03.2013 18:07:11 | Computer Name = Lora | Source = DCOM | ID = 10010
Description =
Error - 01.04.2013 06:52:18 | Computer Name = Lora | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =
Error - 01.04.2013 06:52:41 | Computer Name = Lora | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error - 01.04.2013 07:24:27 | Computer Name = Lora | Source = Microsoft-Windows-FilterManager | ID = 3
Description = Der Filter-Manager konnte keine Verbindung mit dem Volume "\Device\HarddiskVolume10"
herstellen. Dieses Volume ist erst nach einem Neustart für die Filterung verfügbar.
Der letzte Status war "0xc03a001c".
Error - 01.04.2013 07:24:30 | Computer Name = Lora | Source = Microsoft-Windows-FilterManager | ID = 3
Description = Der Filter-Manager konnte keine Verbindung mit dem Volume "\Device\HarddiskVolume12"
herstellen. Dieses Volume ist erst nach einem Neustart für die Filterung verfügbar.
Der letzte Status war "0xc03a001c".
Error - 01.04.2013 07:38:31 | Computer Name = Lora | Source = Microsoft-Windows-FilterManager | ID = 3
Description = Der Filter-Manager konnte keine Verbindung mit dem Volume "\Device\HarddiskVolume16"
herstellen. Dieses Volume ist erst nach einem Neustart für die Filterung verfügbar.
Der letzte Status war "0xc03a001c".
Error - 01.04.2013 09:28:43 | Computer Name = Lora | Source = DCOM | ID = 10010
Description =
< End of report >
Ich hoffe, das war so richtig? |
|
09.04.2013, 20:30
| #9 | ||||
| /// TB-Ausbilder | Sicherheitswarnung Telekom wegen Zeus Zbot Hi, Zitat:
Zitat:
 Zitat:
Zitat:
(Es kann übrigens auch vorkommen, dass sich die Telekom mal irrt...)
__________________ cheers, Leo |
|
09.04.2013, 22:29
| #10 |
| | Sicherheitswarnung Telekom wegen Zeus Zbot Ich dank Dir bis hierhin schon mal ganz herzlich für die Hilfe und freue mich über die positive Einschätzung. Was den alten Laptop angeht: Mein Vater wird den morgen interessehalber erst einmal selbst mit Avira Rescue System, Malwarebytes (kann er jetzt, also hatte es immerhin was Gutes...) etc. überprüfen, vielleicht finden die den Bösewicht schon und bestätigen die Vermutung - andernfalls würde ich mich sonst eventuell noch mal melden. Ich werde ihm aber eh eindringlich raten, das Ding einzumotten - das ist uralt und langsam, er braucht es eigentlich eh nicht, und wenn es jetzt wirklich auch noch verseucht sein sollte, dann sollte er es wirklich einfach in die ewigen Jagdgründe verbannen. Ich habe jedenfalls keine Lust, die alte Möhre noch mal neu aufzusetzen... ;-) Ich melde mich also vermutlich morgen oder spätestens übermorgen noch mal, ob wir noch mal Hilfe brauchen, bis dahin noch mal ganz vielen Dank für die Unterstützung!  |
|
09.04.2013, 22:38
| #11 | |
| /// TB-Ausbilder | Sicherheitswarnung Telekom wegen Zeus Zbot Hi, danke für die Mitteilung. Zitat:
__________________ cheers, Leo |
|
11.04.2013, 17:24
| #12 |
| | Sicherheitswarnung Telekom wegen Zeus Zbot Also, die Vermutung hat sich bestätigt, der Uralt-Laptop von meinem Vater war tatsächlich verseucht. Ich mache ihn nun sicherheitshalber platt, falls er doch noch mal zum Einsatz kommen soll, aber ich denke, meinem Vater ist jetzt auch die Lust an dem Apparat vergangen. ;-) Die beiden überprüften Rechner habe ich nun wieder "freigegeben". Noch einmal ganz herzlichen Dank für die super Unterstützung! Edit: Eine Frage hätte ich doch noch. In der Mail der Telekom stand ja "Folgende IP-Adresse war zum Zeitpunkt des Versands von schädlichen E-Mails Ihrer Zugangsnummer zugeordnet...". Wie habe ich mir das in der Praxis vorzustellen? Über welche Mailkonten wurde da Schadsoftware versendet? Und gehe ich recht in der Annahme, dass mein Vater besser alle Email-Passwörter (und sowieso alle Passwörter), die auf dem Rechner verwendet wurden, ändern sollte? Vermutlich könnten die Urheber ja immer noch Zugriff auf die Mailkonten meines Vaters haben, oder? Geändert von aethelstan (11.04.2013 um 17:32 Uhr) |
|
11.04.2013, 19:16
| #13 | |
| /// TB-Ausbilder | Sicherheitswarnung Telekom wegen Zeus Zbot Ok, danke für die Rückmeldung. Dann können wir dieses Thema hier beschliessen, wenn der verseuchte Rechner platt gemacht wurde.  Zitat:
 Warnung: InfostealerAus deinen Logs ist ersichtlich, dass du Malware eingefangen hast, die es speziell auf deine sensitiven Daten (Benutzernamen, Passwörter, Onlinebankingzugangsdaten, etc.) abgesehen hat. Man kann nicht genau wissen, was alles mitgeloggt wurde, aber sicherheitshalber würd ich alle auf diesem Rechner eingegebenen Daten und Passwörter als bekannt voraussetzen. Ich würde dir daher raten, zum Schluss oder von einem sauberen Rechner aus sämtliche Zugangsdaten, welche an diesem Rechner verwendet wurden, zu ändern. Freut mich, dass wir helfen konnten.  Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu Sicherheitswarnung Telekom wegen Zeus Zbot |
| avira, brauche, dringend, email, explorer, frage, hijackthis, infektion, internet, internet explorer, logfiles, malwarebytes, nichts, problem, rechner, router, sicherheitswarnung, systemdateien, telekom, warnungen, windows, zbot, zeus/zbot warnung von der telekom |
Linear-Darstellung
