| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Rechner mit Spyhunter 4 infiziertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.06.2013, 10:49
| #16 |
 |  Rechner mit Spyhunter 4 infiziert hier dann eset, hat etwas gedauert, sorry, bin ja bei der Arbeit ;-) ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=12 ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=12 Security folgt Security-Check: Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 11 Java version out of Date! Adobe Reader 10.1.7 Adobe Reader out of Date! Google Chrome 26.0.1410.64 Google Chrome 27.0.1453.94 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Frisches otl folgt OTL 1:OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.06.2013 11:54:18 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\StrolchePC\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 55,23% Memory free
7,80 Gb Paging File | 5,77 Gb Available in Paging File | 73,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 277,83 Gb Total Space | 198,28 Gb Free Space | 71,37% Space Free | Partition Type: NTFS
Drive D: | 19,97 Gb Total Space | 2,14 Gb Free Space | 10,70% Space Free | Partition Type: NTFS
Computer Name: STROLCHEPC-HP | User Name: StrolchePC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\StrolchePC\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\StrolchePC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass\TouchControl.exe (AuthenTec Inc.)
PRC - C:\Program Files (x86)\HP SimplePass\BioMonitor.exe (HP)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
========== Modules (No Company Name) ==========
MOD - C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
MOD - C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll ()
MOD - C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll ()
MOD - C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
========== Services (SafeList) ==========
SRV - (ZuneWlanCfgSvc) -- C:\Programme\ZuneWlanCfgSvc.exe File not found
SRV - (ZuneNetworkSvc) -- C:\Programme\ZuneNss.exe File not found
SRV - (WMZuneComm) -- C:\Programme\WMZuneComm.exe File not found
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe (Microsoft Corporation.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP)
SRV - (TrueService) -- C:\Programme\Common Files\AuthenTec\TrueService.exe (AuthenTec, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (EsgScanner) -- C:\Windows\SysNative\drivers\EsgScanner.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (andnetndis) -- C:\Windows\SysNative\drivers\lgandnetndis64.sys (LG Electronics Inc.)
DRV:64bit: - (ANDNetModem) -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys (LG Electronics Inc.)
DRV:64bit: - (AndNetDiag) -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys (LG Electronics Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\drivers\Smb_driver.sys (Synaptics Incorporated)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RSP2STOR) -- C:\Windows\SysNative\drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (esgiguard) -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\StrolchePC\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\StrolchePC\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
[2013.04.30 15:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\StrolchePC\AppData\Roaming\mozilla\Firefox\profiles\extensions
[2013.04.30 15:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\StrolchePC\AppData\Roaming\mozilla\Firefox\profiles\[ofr2][opt]rs0\extensions
[2012.07.31 13:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\StrolchePC\AppData\Roaming\mozilla\firefox\profiles\extensions\gophoto@gophoto.it.xpi
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: Google
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll
CHR - plugin: Simple Pass (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfgjjhcgfbfkkoelpepohanhmbhdanh\1.5_0\npwebsitelogon.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: AdBlock = C:\Users\StrolchePC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: Website Logon = C:\Users\StrolchePC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfgjjhcgfbfkkoelpepohanhmbhdanh\1.5_0\
CHR - Extension: FreeHDSport TV = C:\Users\StrolchePC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkfggacklibaabdomphfdpcodjgihgon\1.0_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - Startup: C:\Users\StrolchePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\StrolchePC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82EF9A0B-919D-4E2F-9115-8B1B0E5CEB34}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3CE36F7-58C2-4146-89E8-AD98A439D1A2}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.05.03 08:21:47 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6371615c-a8c3-11e2-b2c8-b4b52f2a232e}\Shell - "" = AutoRun
O33 - MountPoints2\{6371615c-a8c3-11e2-b2c8-b4b52f2a232e}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.06.03 10:28:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.06.03 09:56:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.03 09:55:41 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.27 11:32:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.05.15 13:49:52 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 13:49:38 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 13:49:38 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 13:49:37 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 13:49:37 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.15 13:49:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.13 15:31:43 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.13 15:31:43 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.13 15:31:43 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.13 15:31:43 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.13 15:31:43 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.13 15:31:43 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.13 15:31:43 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.13 15:31:43 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.13 15:31:43 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.13 15:31:43 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.13 15:31:43 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.13 15:31:43 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.13 15:31:43 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.13 15:31:43 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.13 15:31:43 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.13 15:31:43 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.13 15:31:43 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.13 15:31:43 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.13 15:31:43 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.13 15:31:43 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.13 15:31:43 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.13 15:31:43 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.13 15:31:43 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.13 15:31:43 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.13 15:31:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.13 15:31:43 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.13 15:31:43 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.13 15:31:43 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.13 15:31:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.13 15:31:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.13 15:31:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.13 15:31:43 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.13 15:31:43 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.13 15:31:43 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.13 15:31:43 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.13 15:31:43 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.13 15:31:43 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.13 15:31:43 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.13 15:31:43 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.13 15:31:43 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.13 15:31:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.13 15:31:43 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.13 15:31:43 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.13 15:31:43 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.13 15:31:43 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.13 15:31:43 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.13 15:31:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.13 15:31:43 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.13 15:31:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.13 15:31:43 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.13 15:31:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.13 15:31:43 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.13 15:31:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.13 15:31:43 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.13 15:31:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.13 15:31:43 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.13 15:31:43 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.13 15:31:43 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.13 15:31:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.13 15:31:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.13 15:31:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.13 15:31:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.13 15:31:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.13 15:31:43 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.13 15:31:43 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.13 15:31:43 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.13 15:31:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.05.13 15:31:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.05.08 15:05:02 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.05.07 13:43:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.08.05 13:56:34 | 001,530,592 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIX.dll
[2011.08.05 13:56:34 | 001,288,928 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXcontrols.dll
[2011.08.05 13:56:34 | 001,272,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShell.dll
[2011.08.05 13:56:34 | 001,175,264 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDBApi.dll
[2011.08.05 13:56:34 | 000,645,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIX.renderapi.dll
[2011.08.05 13:53:12 | 016,921,312 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShellResources.dll
[2011.08.05 13:53:12 | 004,020,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSetup.exe
[2011.08.05 13:53:12 | 000,863,968 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWmdu.dll
[2011.08.05 13:53:12 | 000,507,104 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSP.dll
[2011.08.05 13:53:12 | 000,467,680 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWlanCfgSvc.exe
[2011.08.05 13:53:12 | 000,366,816 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSrcWrp.dll
[2011.08.05 13:53:12 | 000,306,400 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneComm.exe
[2011.08.05 13:53:12 | 000,196,832 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Mobile.dll
[2011.08.05 13:53:12 | 000,157,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Library.dll
[2011.08.05 13:53:12 | 000,157,408 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.ZuneHD.dll
[2011.08.05 13:53:12 | 000,152,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Classic.dll
[2011.08.05 13:53:12 | 000,100,064 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneTaskbar.dll
[2011.08.05 13:53:12 | 000,074,464 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShellExt.dll
[2011.08.05 13:53:12 | 000,027,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneTCP2UDP.dll
[2011.08.05 13:53:12 | 000,021,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneDTPTDNS.dll
[2011.08.05 13:53:12 | 000,018,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneCommProxyStub.dll
[2011.08.05 13:53:12 | 000,017,632 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShare.exe
[2011.08.05 13:53:12 | 000,009,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWmduResources.dll
[2011.08.05 13:53:10 | 003,889,376 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneResources.dll
[2011.08.05 13:53:10 | 001,257,184 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneService.dll
[2011.08.05 13:53:10 | 000,916,704 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneQP.dll
[2011.08.05 13:53:10 | 000,683,744 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSH.dll
[2011.08.05 13:53:10 | 000,514,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSE.dll
[2011.08.05 13:53:10 | 000,155,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSA.dll
[2011.08.05 13:53:06 | 010,061,536 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNativeLib.dll
[2011.08.05 13:53:06 | 008,277,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNss.exe
[2011.08.05 13:53:06 | 002,110,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEncEng.dll
[2011.08.05 13:53:06 | 001,752,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXrender.dll
[2011.08.05 13:53:06 | 001,481,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneCore.dll
[2011.08.05 13:53:06 | 001,184,480 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneH264Dec.dll
[2011.08.05 13:53:06 | 001,161,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMde.dll
[2011.08.05 13:53:06 | 001,096,928 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMarketplaceResources.dll
[2011.08.05 13:53:06 | 000,879,328 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMBR.dll
[2011.08.05 13:53:06 | 000,707,808 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZUNEMP4SDECD.dll
[2011.08.05 13:53:06 | 000,376,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEvr.dll
[2011.08.05 13:53:06 | 000,347,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNssci.dll
[2011.08.05 13:53:06 | 000,223,968 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Zune.exe
[2011.08.05 13:53:06 | 000,218,848 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneHost.exe
[2011.08.05 13:53:06 | 000,212,192 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDB.dll
[2011.08.05 13:53:06 | 000,163,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneLauncher.exe
[2011.08.05 13:53:06 | 000,131,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZunePresenter.dll
[2011.08.05 13:53:06 | 000,129,248 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEffects.dll
[2011.08.05 13:53:06 | 000,121,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneAACDec.dll
[2011.08.05 13:53:06 | 000,072,928 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDXVA2.dll
[2011.08.05 13:53:06 | 000,061,664 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneCfg.dll
[2011.08.05 13:53:06 | 000,056,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneConfig.exe
[2011.08.05 13:53:06 | 000,038,624 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEnc.exe
[2011.08.05 13:53:06 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXsup.dll
[2011.08.05 13:53:06 | 000,020,704 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZunePS.dll
[2011.08.05 13:31:32 | 000,182,784 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Program Files\l3codecp.acm
[2011.06.06 14:48:50 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp90.dll
[2011.06.06 14:48:50 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr90.dll
[2011.06.06 14:48:50 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcm90.dll
[2007.10.02 15:12:44 | 001,642,568 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msidcrl40.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.06.03 11:42:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.03 11:38:18 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.03 11:13:05 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2781359-1254794159-3529466809-1000UA.job
[2013.06.03 10:32:15 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 10:32:15 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 10:29:48 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.03 10:29:48 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.03 10:29:48 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.03 10:29:48 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.03 10:29:48 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.03 10:25:06 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.03 10:24:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.03 10:24:52 | 3142,864,896 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.03 09:46:33 | 000,001,088 | ---- | M] () -- C:\Users\StrolchePC\Desktop\JRT.lnk
[2013.06.03 09:45:42 | 000,001,161 | ---- | M] () -- C:\Users\StrolchePC\Desktop\adwcleaner.lnk
[2013.06.03 09:44:29 | 000,001,256 | ---- | M] () -- C:\Users\StrolchePC\Desktop\RogueKiller_8.5.4 (1).lnk
[2013.05.31 10:59:04 | 000,001,197 | ---- | M] () -- C:\Users\StrolchePC\Desktop\gmer_2.1.19163.lnk
[2013.05.31 10:48:48 | 000,000,720 | ---- | M] () -- C:\Users\StrolchePC\Desktop\Defogger.lnk
[2013.05.31 10:47:44 | 000,000,000 | ---- | M] () -- C:\Users\StrolchePC\defogger_reenable
[2013.05.31 08:13:04 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2781359-1254794159-3529466809-1000Core.job
[2013.05.28 14:05:34 | 001,583,568 | ---- | M] () -- C:\Users\StrolchePC\Desktop\Gruppe 2013.JPG
[2013.05.27 19:42:13 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForStrolchePC.job
[2013.05.27 13:13:33 | 000,002,347 | ---- | M] () -- C:\Users\StrolchePC\Desktop\Google Chrome.lnk
[2013.05.27 08:29:02 | 000,001,016 | ---- | M] () -- C:\Users\StrolchePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.16 07:49:38 | 000,331,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.13 15:31:43 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.13 15:31:43 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.13 15:31:43 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.13 15:31:43 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.13 15:31:43 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.13 15:31:43 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.13 15:31:43 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.13 15:31:43 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.13 15:31:43 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.13 15:31:43 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.13 15:31:43 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.13 15:31:43 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.13 15:31:43 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.13 15:31:43 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.13 15:31:43 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.13 15:31:43 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.13 15:31:43 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.13 15:31:43 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.13 15:31:43 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.13 15:31:43 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.13 15:31:43 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.13 15:31:43 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.13 15:31:43 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.13 15:31:43 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.13 15:31:43 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.13 15:31:43 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.13 15:31:43 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.13 15:31:43 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.13 15:31:43 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.13 15:31:43 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.13 15:31:43 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.13 15:31:43 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.13 15:31:43 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.13 15:31:43 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.13 15:31:43 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.13 15:31:43 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.13 15:31:43 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.13 15:31:43 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.13 15:31:43 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.13 15:31:43 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.13 15:31:43 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.13 15:31:43 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.13 15:31:43 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.13 15:31:43 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.13 15:31:43 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.13 15:31:43 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.13 15:31:43 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.13 15:31:43 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.13 15:31:43 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.13 15:31:43 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.13 15:31:43 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.13 15:31:43 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.13 15:31:43 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.13 15:31:43 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.13 15:31:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.13 15:31:43 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.13 15:31:43 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.13 15:31:43 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.13 15:31:43 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.13 15:31:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.13 15:31:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.13 15:31:43 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.13 15:31:43 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.13 15:31:43 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.13 15:31:43 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.13 15:31:43 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.13 15:31:43 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.13 15:31:43 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.13 15:31:43 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.05.13 15:31:43 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.05.07 13:43:39 | 468,008,353 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.06.03 09:46:14 | 000,001,088 | ---- | C] () -- C:\Users\StrolchePC\Desktop\JRT.lnk
[2013.06.03 09:45:14 | 000,001,161 | ---- | C] () -- C:\Users\StrolchePC\Desktop\adwcleaner.lnk
[2013.06.03 09:44:01 | 000,001,256 | ---- | C] () -- C:\Users\StrolchePC\Desktop\RogueKiller_8.5.4 (1).lnk
[2013.05.31 10:58:49 | 000,001,197 | ---- | C] () -- C:\Users\StrolchePC\Desktop\gmer_2.1.19163.lnk
[2013.05.31 10:48:33 | 000,000,720 | ---- | C] () -- C:\Users\StrolchePC\Desktop\Defogger.lnk
[2013.05.31 10:47:44 | 000,000,000 | ---- | C] () -- C:\Users\StrolchePC\defogger_reenable
[2013.05.28 14:00:58 | 001,583,568 | ---- | C] () -- C:\Users\StrolchePC\Desktop\Gruppe 2013.JPG
[2013.05.27 08:29:02 | 000,001,016 | ---- | C] () -- C:\Users\StrolchePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.13 15:31:43 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.13 15:31:43 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.07 13:43:39 | 468,008,353 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.04.30 15:02:44 | 000,077,654 | ---- | C] () -- C:\Users\StrolchePC\AppData\Local\funmoods_2.3.crx
[2012.09.24 07:58:23 | 000,018,944 | ---- | C] () -- C:\Windows\eraser.exe
[2012.08.30 08:42:13 | 000,000,224 | ---- | C] () -- C:\Windows\Sierra.ini
[2012.08.09 11:24:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012.06.21 16:20:04 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2012.06.21 16:12:09 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.02.14 20:47:04 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.02.14 20:47:04 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.02.14 20:47:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.02.14 20:44:22 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.02.14 19:59:54 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.06.22 00:45:28 | 000,122,484 | ---- | C] () -- C:\Program Files\quickplaymap_msl.png
[2011.06.22 00:45:28 | 000,122,210 | ---- | C] () -- C:\Program Files\quickplaymap_ind.png
[2011.06.22 00:45:28 | 000,093,248 | ---- | C] () -- C:\Program Files\softwaremap_msl.png
[2011.06.22 00:45:28 | 000,092,713 | ---- | C] () -- C:\Program Files\softwaremap_ind.png
[2011.06.22 00:45:26 | 009,532,452 | ---- | C] () -- C:\Program Files\Meiryoz.ttc
[2011.06.06 14:50:40 | 000,000,659 | ---- | C] () -- C:\Program Files\Zune.exe.config
[2011.06.06 14:50:26 | 000,251,333 | ---- | C] () -- C:\Program Files\softwaremap.png
[2011.06.06 14:50:26 | 000,122,790 | ---- | C] () -- C:\Program Files\quickplaymap_rus.png
[2011.06.06 14:50:26 | 000,122,620 | ---- | C] () -- C:\Program Files\quickplaymap_ell.png
[2011.06.06 14:50:26 | 000,122,458 | ---- | C] () -- C:\Program Files\quickplaymap.png
[2011.06.06 14:50:26 | 000,122,414 | ---- | C] () -- C:\Program Files\quickplaymap_plk.png
[2011.06.06 14:50:26 | 000,122,134 | ---- | C] () -- C:\Program Files\quickplaymap_ptb.png
[2011.06.06 14:50:26 | 000,122,068 | ---- | C] () -- C:\Program Files\quickplaymap_csy.png
[2011.06.06 14:50:26 | 000,122,060 | ---- | C] () -- C:\Program Files\quickplaymap_jpn.png
[2011.06.06 14:50:26 | 000,122,053 | ---- | C] () -- C:\Program Files\quickplaymap_nld.png
[2011.06.06 14:50:26 | 000,121,952 | ---- | C] () -- C:\Program Files\quickplaymap_esp.png
[2011.06.06 14:50:26 | 000,121,837 | ---- | C] () -- C:\Program Files\quickplaymap_deu.png
[2011.06.06 14:50:26 | 000,121,834 | ---- | C] () -- C:\Program Files\quickplaymap_hun.png
[2011.06.06 14:50:26 | 000,121,635 | ---- | C] () -- C:\Program Files\quickplaymap_ptg.png
[2011.06.06 14:50:26 | 000,121,621 | ---- | C] () -- C:\Program Files\quickplaymap_ita.png
[2011.06.06 14:50:26 | 000,121,558 | ---- | C] () -- C:\Program Files\quickplaymap_sve.png
[2011.06.06 14:50:26 | 000,121,489 | ---- | C] () -- C:\Program Files\quickplaymap_dan.png
[2011.06.06 14:50:26 | 000,121,403 | ---- | C] () -- C:\Program Files\quickplaymap_fra.png
[2011.06.06 14:50:26 | 000,121,358 | ---- | C] () -- C:\Program Files\quickplaymap_chs.png
[2011.06.06 14:50:26 | 000,121,257 | ---- | C] () -- C:\Program Files\quickplaymap_fin.png
[2011.06.06 14:50:26 | 000,121,162 | ---- | C] () -- C:\Program Files\quickplaymap_cht.png
[2011.06.06 14:50:26 | 000,121,155 | ---- | C] () -- C:\Program Files\quickplaymap_nor.png
[2011.06.06 14:50:26 | 000,120,995 | ---- | C] () -- C:\Program Files\quickplaymap_kor.png
[2011.06.06 14:50:26 | 000,100,499 | ---- | C] () -- C:\Program Files\softwaremap_ell.png
[2011.06.06 14:50:26 | 000,099,979 | ---- | C] () -- C:\Program Files\softwaremap_rus.png
[2011.06.06 14:50:26 | 000,098,663 | ---- | C] () -- C:\Program Files\softwaremap_plk.png
[2011.06.06 14:50:26 | 000,098,431 | ---- | C] () -- C:\Program Files\softwaremap_ita.png
[2011.06.06 14:50:26 | 000,098,102 | ---- | C] () -- C:\Program Files\softwaremap_ptb.png
[2011.06.06 14:50:26 | 000,097,782 | ---- | C] () -- C:\Program Files\softwaremap_esp.png
[2011.06.06 14:50:26 | 000,097,716 | ---- | C] () -- C:\Program Files\softwaremap_ptg.png
[2011.06.06 14:50:26 | 000,097,580 | ---- | C] () -- C:\Program Files\softwaremap_deu.png
[2011.06.06 14:50:26 | 000,097,435 | ---- | C] () -- C:\Program Files\softwaremap_fra.png
[2011.06.06 14:50:26 | 000,097,298 | ---- | C] () -- C:\Program Files\softwaremap_csy.png
[2011.06.06 14:50:26 | 000,096,751 | ---- | C] () -- C:\Program Files\softwaremap_cht.png
[2011.06.06 14:50:26 | 000,096,737 | ---- | C] () -- C:\Program Files\softwaremap_hun.png
[2011.06.06 14:50:26 | 000,096,603 | ---- | C] () -- C:\Program Files\softwaremap_jpn.png
[2011.06.06 14:50:26 | 000,096,513 | ---- | C] () -- C:\Program Files\softwaremap_nld.png
[2011.06.06 14:50:26 | 000,096,441 | ---- | C] () -- C:\Program Files\softwaremap_fin.png
[2011.06.06 14:50:26 | 000,096,323 | ---- | C] () -- C:\Program Files\softwaremap_dan.png
[2011.06.06 14:50:26 | 000,095,912 | ---- | C] () -- C:\Program Files\softwaremap_chs.png
[2011.06.06 14:50:26 | 000,094,750 | ---- | C] () -- C:\Program Files\softwaremap_nor.png
[2011.06.06 14:50:26 | 000,094,597 | ---- | C] () -- C:\Program Files\softwaremap_sve.png
[2011.06.06 14:50:26 | 000,093,267 | ---- | C] () -- C:\Program Files\softwaremap_kor.png
[2011.06.06 14:50:26 | 000,001,922 | ---- | C] () -- C:\Program Files\TopBar.gif
[2011.06.06 14:50:26 | 000,000,988 | ---- | C] () -- C:\Program Files\ZuneLogo.gif
[2011.06.06 14:50:26 | 000,000,631 | ---- | C] () -- C:\Program Files\Background.jpg
[2011.06.06 14:50:26 | 000,000,054 | ---- | C] () -- C:\Program Files\Arrow.gif
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
|
|
03.06.2013, 11:01
| #17 |
| | Rechner mit Spyhunter 4 infiziert OTL 1:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 03.06.2013 11:54:18 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\StrolchePC\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 55,23% Memory free
7,80 Gb Paging File | 5,77 Gb Available in Paging File | 73,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 277,83 Gb Total Space | 198,28 Gb Free Space | 71,37% Space Free | Partition Type: NTFS
Drive D: | 19,97 Gb Total Space | 2,14 Gb Free Space | 10,70% Space Free | Partition Type: NTFS
Computer Name: STROLCHEPC-HP | User Name: StrolchePC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\StrolchePC\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Users\StrolchePC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass\TouchControl.exe (AuthenTec Inc.)
PRC - C:\Program Files (x86)\HP SimplePass\BioMonitor.exe (HP)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
========== Modules (No Company Name) ==========
MOD - C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
MOD - C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll ()
MOD - C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll ()
MOD - C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
========== Services (SafeList) ==========
SRV - (ZuneWlanCfgSvc) -- C:\Programme\ZuneWlanCfgSvc.exe File not found
SRV - (ZuneNetworkSvc) -- C:\Programme\ZuneNss.exe File not found
SRV - (WMZuneComm) -- C:\Programme\WMZuneComm.exe File not found
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe (Microsoft Corporation.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP)
SRV - (TrueService) -- C:\Programme\Common Files\AuthenTec\TrueService.exe (AuthenTec, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (EsgScanner) -- C:\Windows\SysNative\drivers\EsgScanner.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (andnetndis) -- C:\Windows\SysNative\drivers\lgandnetndis64.sys (LG Electronics Inc.)
DRV:64bit: - (ANDNetModem) -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys (LG Electronics Inc.)
DRV:64bit: - (AndNetDiag) -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys (LG Electronics Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\drivers\Smb_driver.sys (Synaptics Incorporated)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RSP2STOR) -- C:\Windows\SysNative\drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (esgiguard) -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\StrolchePC\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\StrolchePC\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
[2013.04.30 15:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\StrolchePC\AppData\Roaming\mozilla\Firefox\profiles\extensions
[2013.04.30 15:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\StrolchePC\AppData\Roaming\mozilla\Firefox\profiles\[ofr2][opt]rs0\extensions
[2012.07.31 13:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\StrolchePC\AppData\Roaming\mozilla\firefox\profiles\extensions\gophoto@gophoto.it.xpi
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: Google
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll
CHR - plugin: Simple Pass (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfgjjhcgfbfkkoelpepohanhmbhdanh\1.5_0\npwebsitelogon.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: AdBlock = C:\Users\StrolchePC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: Website Logon = C:\Users\StrolchePC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfgjjhcgfbfkkoelpepohanhmbhdanh\1.5_0\
CHR - Extension: FreeHDSport TV = C:\Users\StrolchePC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkfggacklibaabdomphfdpcodjgihgon\1.0_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - Startup: C:\Users\StrolchePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\StrolchePC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82EF9A0B-919D-4E2F-9115-8B1B0E5CEB34}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3CE36F7-58C2-4146-89E8-AD98A439D1A2}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.05.03 08:21:47 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6371615c-a8c3-11e2-b2c8-b4b52f2a232e}\Shell - "" = AutoRun
O33 - MountPoints2\{6371615c-a8c3-11e2-b2c8-b4b52f2a232e}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.06.03 10:28:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.06.03 09:56:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.03 09:55:41 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.27 11:32:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.05.15 13:49:52 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 13:49:38 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 13:49:38 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 13:49:37 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 13:49:37 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.15 13:49:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.13 15:31:43 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.13 15:31:43 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.13 15:31:43 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.13 15:31:43 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.13 15:31:43 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.13 15:31:43 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.13 15:31:43 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.13 15:31:43 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.13 15:31:43 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.13 15:31:43 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.13 15:31:43 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.13 15:31:43 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.13 15:31:43 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.13 15:31:43 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.13 15:31:43 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.13 15:31:43 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.13 15:31:43 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.13 15:31:43 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.13 15:31:43 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.13 15:31:43 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.13 15:31:43 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.13 15:31:43 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.13 15:31:43 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.13 15:31:43 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.13 15:31:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.13 15:31:43 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.13 15:31:43 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.13 15:31:43 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.13 15:31:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.13 15:31:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.13 15:31:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.13 15:31:43 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.13 15:31:43 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.13 15:31:43 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.13 15:31:43 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.13 15:31:43 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.13 15:31:43 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.13 15:31:43 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.13 15:31:43 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.13 15:31:43 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.13 15:31:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.13 15:31:43 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.13 15:31:43 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.13 15:31:43 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.13 15:31:43 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.13 15:31:43 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.13 15:31:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.13 15:31:43 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.13 15:31:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.13 15:31:43 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.13 15:31:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.13 15:31:43 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.13 15:31:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.13 15:31:43 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.13 15:31:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.13 15:31:43 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.13 15:31:43 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.13 15:31:43 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.13 15:31:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.13 15:31:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.13 15:31:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.13 15:31:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.13 15:31:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.13 15:31:43 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.13 15:31:43 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.13 15:31:43 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.13 15:31:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.05.13 15:31:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.05.08 15:05:02 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.05.07 13:43:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.08.05 13:56:34 | 001,530,592 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIX.dll
[2011.08.05 13:56:34 | 001,288,928 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXcontrols.dll
[2011.08.05 13:56:34 | 001,272,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShell.dll
[2011.08.05 13:56:34 | 001,175,264 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDBApi.dll
[2011.08.05 13:56:34 | 000,645,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIX.renderapi.dll
[2011.08.05 13:53:12 | 016,921,312 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShellResources.dll
[2011.08.05 13:53:12 | 004,020,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSetup.exe
[2011.08.05 13:53:12 | 000,863,968 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWmdu.dll
[2011.08.05 13:53:12 | 000,507,104 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSP.dll
[2011.08.05 13:53:12 | 000,467,680 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWlanCfgSvc.exe
[2011.08.05 13:53:12 | 000,366,816 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSrcWrp.dll
[2011.08.05 13:53:12 | 000,306,400 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneComm.exe
[2011.08.05 13:53:12 | 000,196,832 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Mobile.dll
[2011.08.05 13:53:12 | 000,157,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Library.dll
[2011.08.05 13:53:12 | 000,157,408 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.ZuneHD.dll
[2011.08.05 13:53:12 | 000,152,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Classic.dll
[2011.08.05 13:53:12 | 000,100,064 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneTaskbar.dll
[2011.08.05 13:53:12 | 000,074,464 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShellExt.dll
[2011.08.05 13:53:12 | 000,027,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneTCP2UDP.dll
[2011.08.05 13:53:12 | 000,021,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneDTPTDNS.dll
[2011.08.05 13:53:12 | 000,018,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneCommProxyStub.dll
[2011.08.05 13:53:12 | 000,017,632 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShare.exe
[2011.08.05 13:53:12 | 000,009,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWmduResources.dll
[2011.08.05 13:53:10 | 003,889,376 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneResources.dll
[2011.08.05 13:53:10 | 001,257,184 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneService.dll
[2011.08.05 13:53:10 | 000,916,704 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneQP.dll
[2011.08.05 13:53:10 | 000,683,744 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSH.dll
[2011.08.05 13:53:10 | 000,514,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSE.dll
[2011.08.05 13:53:10 | 000,155,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSA.dll
[2011.08.05 13:53:06 | 010,061,536 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNativeLib.dll
[2011.08.05 13:53:06 | 008,277,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNss.exe
[2011.08.05 13:53:06 | 002,110,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEncEng.dll
[2011.08.05 13:53:06 | 001,752,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXrender.dll
[2011.08.05 13:53:06 | 001,481,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneCore.dll
[2011.08.05 13:53:06 | 001,184,480 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneH264Dec.dll
[2011.08.05 13:53:06 | 001,161,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMde.dll
[2011.08.05 13:53:06 | 001,096,928 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMarketplaceResources.dll
[2011.08.05 13:53:06 | 000,879,328 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMBR.dll
[2011.08.05 13:53:06 | 000,707,808 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZUNEMP4SDECD.dll
[2011.08.05 13:53:06 | 000,376,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEvr.dll
[2011.08.05 13:53:06 | 000,347,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNssci.dll
[2011.08.05 13:53:06 | 000,223,968 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Zune.exe
[2011.08.05 13:53:06 | 000,218,848 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneHost.exe
[2011.08.05 13:53:06 | 000,212,192 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDB.dll
[2011.08.05 13:53:06 | 000,163,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneLauncher.exe
[2011.08.05 13:53:06 | 000,131,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZunePresenter.dll
[2011.08.05 13:53:06 | 000,129,248 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEffects.dll
[2011.08.05 13:53:06 | 000,121,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneAACDec.dll
[2011.08.05 13:53:06 | 000,072,928 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDXVA2.dll
[2011.08.05 13:53:06 | 000,061,664 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneCfg.dll
[2011.08.05 13:53:06 | 000,056,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneConfig.exe
[2011.08.05 13:53:06 | 000,038,624 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEnc.exe
[2011.08.05 13:53:06 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXsup.dll
[2011.08.05 13:53:06 | 000,020,704 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZunePS.dll
[2011.08.05 13:31:32 | 000,182,784 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Program Files\l3codecp.acm
[2011.06.06 14:48:50 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp90.dll
[2011.06.06 14:48:50 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr90.dll
[2011.06.06 14:48:50 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcm90.dll
[2007.10.02 15:12:44 | 001,642,568 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msidcrl40.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.06.03 11:42:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.03 11:38:18 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.03 11:13:05 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2781359-1254794159-3529466809-1000UA.job
[2013.06.03 10:32:15 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 10:32:15 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 10:29:48 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.03 10:29:48 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.03 10:29:48 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.03 10:29:48 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.03 10:29:48 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.03 10:25:06 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.03 10:24:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.03 10:24:52 | 3142,864,896 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.03 09:46:33 | 000,001,088 | ---- | M] () -- C:\Users\StrolchePC\Desktop\JRT.lnk
[2013.06.03 09:45:42 | 000,001,161 | ---- | M] () -- C:\Users\StrolchePC\Desktop\adwcleaner.lnk
[2013.06.03 09:44:29 | 000,001,256 | ---- | M] () -- C:\Users\StrolchePC\Desktop\RogueKiller_8.5.4 (1).lnk
[2013.05.31 10:59:04 | 000,001,197 | ---- | M] () -- C:\Users\StrolchePC\Desktop\gmer_2.1.19163.lnk
[2013.05.31 10:48:48 | 000,000,720 | ---- | M] () -- C:\Users\StrolchePC\Desktop\Defogger.lnk
[2013.05.31 10:47:44 | 000,000,000 | ---- | M] () -- C:\Users\StrolchePC\defogger_reenable
[2013.05.31 08:13:04 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2781359-1254794159-3529466809-1000Core.job
[2013.05.28 14:05:34 | 001,583,568 | ---- | M] () -- C:\Users\StrolchePC\Desktop\Gruppe 2013.JPG
[2013.05.27 19:42:13 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForStrolchePC.job
[2013.05.27 13:13:33 | 000,002,347 | ---- | M] () -- C:\Users\StrolchePC\Desktop\Google Chrome.lnk
[2013.05.27 08:29:02 | 000,001,016 | ---- | M] () -- C:\Users\StrolchePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.16 07:49:38 | 000,331,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.13 15:31:43 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.13 15:31:43 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.13 15:31:43 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.13 15:31:43 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.13 15:31:43 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.13 15:31:43 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.13 15:31:43 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.13 15:31:43 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.13 15:31:43 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.13 15:31:43 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.13 15:31:43 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.13 15:31:43 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.13 15:31:43 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.13 15:31:43 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.13 15:31:43 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.13 15:31:43 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.13 15:31:43 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.13 15:31:43 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.13 15:31:43 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.13 15:31:43 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.13 15:31:43 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.13 15:31:43 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.13 15:31:43 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.13 15:31:43 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.13 15:31:43 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.13 15:31:43 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.13 15:31:43 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.13 15:31:43 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.13 15:31:43 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.13 15:31:43 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.13 15:31:43 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.13 15:31:43 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.13 15:31:43 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.13 15:31:43 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.13 15:31:43 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.13 15:31:43 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.13 15:31:43 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.13 15:31:43 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.13 15:31:43 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.13 15:31:43 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.13 15:31:43 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.13 15:31:43 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.13 15:31:43 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.13 15:31:43 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.13 15:31:43 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.13 15:31:43 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.13 15:31:43 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.13 15:31:43 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.13 15:31:43 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.13 15:31:43 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.13 15:31:43 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.13 15:31:43 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.13 15:31:43 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.13 15:31:43 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.13 15:31:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.13 15:31:43 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.13 15:31:43 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.13 15:31:43 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.13 15:31:43 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.13 15:31:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.13 15:31:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.13 15:31:43 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.13 15:31:43 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.13 15:31:43 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.13 15:31:43 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.13 15:31:43 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.13 15:31:43 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.13 15:31:43 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.13 15:31:43 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.05.13 15:31:43 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.05.07 13:43:39 | 468,008,353 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.06.03 09:46:14 | 000,001,088 | ---- | C] () -- C:\Users\StrolchePC\Desktop\JRT.lnk
[2013.06.03 09:45:14 | 000,001,161 | ---- | C] () -- C:\Users\StrolchePC\Desktop\adwcleaner.lnk
[2013.06.03 09:44:01 | 000,001,256 | ---- | C] () -- C:\Users\StrolchePC\Desktop\RogueKiller_8.5.4 (1).lnk
[2013.05.31 10:58:49 | 000,001,197 | ---- | C] () -- C:\Users\StrolchePC\Desktop\gmer_2.1.19163.lnk
[2013.05.31 10:48:33 | 000,000,720 | ---- | C] () -- C:\Users\StrolchePC\Desktop\Defogger.lnk
[2013.05.31 10:47:44 | 000,000,000 | ---- | C] () -- C:\Users\StrolchePC\defogger_reenable
[2013.05.28 14:00:58 | 001,583,568 | ---- | C] () -- C:\Users\StrolchePC\Desktop\Gruppe 2013.JPG
[2013.05.27 08:29:02 | 000,001,016 | ---- | C] () -- C:\Users\StrolchePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.05.13 15:31:43 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.13 15:31:43 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.07 13:43:39 | 468,008,353 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.04.30 15:02:44 | 000,077,654 | ---- | C] () -- C:\Users\StrolchePC\AppData\Local\funmoods_2.3.crx
[2012.09.24 07:58:23 | 000,018,944 | ---- | C] () -- C:\Windows\eraser.exe
[2012.08.30 08:42:13 | 000,000,224 | ---- | C] () -- C:\Windows\Sierra.ini
[2012.08.09 11:24:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012.06.21 16:20:04 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2012.06.21 16:12:09 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.02.14 20:47:04 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.02.14 20:47:04 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.02.14 20:47:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.02.14 20:44:22 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.02.14 19:59:54 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.06.22 00:45:28 | 000,122,484 | ---- | C] () -- C:\Program Files\quickplaymap_msl.png
[2011.06.22 00:45:28 | 000,122,210 | ---- | C] () -- C:\Program Files\quickplaymap_ind.png
[2011.06.22 00:45:28 | 000,093,248 | ---- | C] () -- C:\Program Files\softwaremap_msl.png
[2011.06.22 00:45:28 | 000,092,713 | ---- | C] () -- C:\Program Files\softwaremap_ind.png
[2011.06.22 00:45:26 | 009,532,452 | ---- | C] () -- C:\Program Files\Meiryoz.ttc
[2011.06.06 14:50:40 | 000,000,659 | ---- | C] () -- C:\Program Files\Zune.exe.config
[2011.06.06 14:50:26 | 000,251,333 | ---- | C] () -- C:\Program Files\softwaremap.png
[2011.06.06 14:50:26 | 000,122,790 | ---- | C] () -- C:\Program Files\quickplaymap_rus.png
[2011.06.06 14:50:26 | 000,122,620 | ---- | C] () -- C:\Program Files\quickplaymap_ell.png
[2011.06.06 14:50:26 | 000,122,458 | ---- | C] () -- C:\Program Files\quickplaymap.png
[2011.06.06 14:50:26 | 000,122,414 | ---- | C] () -- C:\Program Files\quickplaymap_plk.png
[2011.06.06 14:50:26 | 000,122,134 | ---- | C] () -- C:\Program Files\quickplaymap_ptb.png
[2011.06.06 14:50:26 | 000,122,068 | ---- | C] () -- C:\Program Files\quickplaymap_csy.png
[2011.06.06 14:50:26 | 000,122,060 | ---- | C] () -- C:\Program Files\quickplaymap_jpn.png
[2011.06.06 14:50:26 | 000,122,053 | ---- | C] () -- C:\Program Files\quickplaymap_nld.png
[2011.06.06 14:50:26 | 000,121,952 | ---- | C] () -- C:\Program Files\quickplaymap_esp.png
[2011.06.06 14:50:26 | 000,121,837 | ---- | C] () -- C:\Program Files\quickplaymap_deu.png
[2011.06.06 14:50:26 | 000,121,834 | ---- | C] () -- C:\Program Files\quickplaymap_hun.png
[2011.06.06 14:50:26 | 000,121,635 | ---- | C] () -- C:\Program Files\quickplaymap_ptg.png
[2011.06.06 14:50:26 | 000,121,621 | ---- | C] () -- C:\Program Files\quickplaymap_ita.png
[2011.06.06 14:50:26 | 000,121,558 | ---- | C] () -- C:\Program Files\quickplaymap_sve.png
[2011.06.06 14:50:26 | 000,121,489 | ---- | C] () -- C:\Program Files\quickplaymap_dan.png
[2011.06.06 14:50:26 | 000,121,403 | ---- | C] () -- C:\Program Files\quickplaymap_fra.png
[2011.06.06 14:50:26 | 000,121,358 | ---- | C] () -- C:\Program Files\quickplaymap_chs.png
[2011.06.06 14:50:26 | 000,121,257 | ---- | C] () -- C:\Program Files\quickplaymap_fin.png
[2011.06.06 14:50:26 | 000,121,162 | ---- | C] () -- C:\Program Files\quickplaymap_cht.png
[2011.06.06 14:50:26 | 000,121,155 | ---- | C] () -- C:\Program Files\quickplaymap_nor.png
[2011.06.06 14:50:26 | 000,120,995 | ---- | C] () -- C:\Program Files\quickplaymap_kor.png
[2011.06.06 14:50:26 | 000,100,499 | ---- | C] () -- C:\Program Files\softwaremap_ell.png
[2011.06.06 14:50:26 | 000,099,979 | ---- | C] () -- C:\Program Files\softwaremap_rus.png
[2011.06.06 14:50:26 | 000,098,663 | ---- | C] () -- C:\Program Files\softwaremap_plk.png
[2011.06.06 14:50:26 | 000,098,431 | ---- | C] () -- C:\Program Files\softwaremap_ita.png
[2011.06.06 14:50:26 | 000,098,102 | ---- | C] () -- C:\Program Files\softwaremap_ptb.png
[2011.06.06 14:50:26 | 000,097,782 | ---- | C] () -- C:\Program Files\softwaremap_esp.png
[2011.06.06 14:50:26 | 000,097,716 | ---- | C] () -- C:\Program Files\softwaremap_ptg.png
[2011.06.06 14:50:26 | 000,097,580 | ---- | C] () -- C:\Program Files\softwaremap_deu.png
[2011.06.06 14:50:26 | 000,097,435 | ---- | C] () -- C:\Program Files\softwaremap_fra.png
[2011.06.06 14:50:26 | 000,097,298 | ---- | C] () -- C:\Program Files\softwaremap_csy.png
[2011.06.06 14:50:26 | 000,096,751 | ---- | C] () -- C:\Program Files\softwaremap_cht.png
[2011.06.06 14:50:26 | 000,096,737 | ---- | C] () -- C:\Program Files\softwaremap_hun.png
[2011.06.06 14:50:26 | 000,096,603 | ---- | C] () -- C:\Program Files\softwaremap_jpn.png
[2011.06.06 14:50:26 | 000,096,513 | ---- | C] () -- C:\Program Files\softwaremap_nld.png
[2011.06.06 14:50:26 | 000,096,441 | ---- | C] () -- C:\Program Files\softwaremap_fin.png
[2011.06.06 14:50:26 | 000,096,323 | ---- | C] () -- C:\Program Files\softwaremap_dan.png
[2011.06.06 14:50:26 | 000,095,912 | ---- | C] () -- C:\Program Files\softwaremap_chs.png
[2011.06.06 14:50:26 | 000,094,750 | ---- | C] () -- C:\Program Files\softwaremap_nor.png
[2011.06.06 14:50:26 | 000,094,597 | ---- | C] () -- C:\Program Files\softwaremap_sve.png
[2011.06.06 14:50:26 | 000,093,267 | ---- | C] () -- C:\Program Files\softwaremap_kor.png
[2011.06.06 14:50:26 | 000,001,922 | ---- | C] () -- C:\Program Files\TopBar.gif
[2011.06.06 14:50:26 | 000,000,988 | ---- | C] () -- C:\Program Files\ZuneLogo.gif
[2011.06.06 14:50:26 | 000,000,631 | ---- | C] () -- C:\Program Files\Background.jpg
[2011.06.06 14:50:26 | 000,000,054 | ---- | C] () -- C:\Program Files\Arrow.gif
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
un der zweite:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.06.2013 11:54:18 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\StrolchePC\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 55,23% Memory free
7,80 Gb Paging File | 5,77 Gb Available in Paging File | 73,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 277,83 Gb Total Space | 198,28 Gb Free Space | 71,37% Space Free | Partition Type: NTFS
Drive D: | 19,97 Gb Total Space | 2,14 Gb Free Space | 10,70% Space Free | Partition Type: NTFS
Computer Name: STROLCHEPC-HP | User Name: StrolchePC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{095DDED8-6666-4589-A4FB-5A28EA510261}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{39EB4F7F-9228-42DD-B662-26894387ACE0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002267FC-37F3-4C7E-885F-C04913F741F7}" = protocol=17 | dir=in | app=c:\users\strolchepc\appdata\roaming\dropbox\bin\dropbox.exe |
"{384957F8-4411-46CE-B357-3325157D8A98}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{41D2F08B-4550-422D-A358-FA3A3A2E7703}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B87AA04-4059-42B3-ABFA-E298FB2427E1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{62187711-6B52-48F1-9069-44A5EC897445}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{733D2563-1AD6-4027-8C14-5DC2016494B2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9D76C1CC-DFF4-43DA-A483-6EEF5B1EE06C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D97C5CB9-CFEA-4CE2-9E80-997C18A3E1B7}" = protocol=6 | dir=in | app=c:\users\strolchepc\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{2B6F8AFD-8B5B-4A74-A7F8-381E479118BD}C:\users\strolchepc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\strolchepc\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{CC152954-71D4-4928-933C-3AD18359E215}C:\program files (x86)\leechftp\leechftp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe |
"TCP Query User{D1239CD5-4C65-4F37-875E-B4EB59D21D6B}C:\program files (x86)\leechftp\leechftp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe |
"UDP Query User{788F4FCD-A818-4193-9039-85B7278D8638}C:\program files (x86)\leechftp\leechftp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe |
"UDP Query User{C6920D7F-B57B-42BF-9227-175C0CEAE4C0}C:\users\strolchepc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\strolchepc\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{DBBECB31-72A4-4EF0-B0BD-A828F26C00F7}C:\program files (x86)\leechftp\leechftp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}" = SpyHunter
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D3AA8FD3-5FFA-4CFC-BA8E-99BFC6A41943}" = HP Security Assistant
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F9E64F70-9BE4-4ECD-9B83-09E74CF5B6C3}" = AuthenTec TrueAPI 64-bit
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1879C1-B74A-4C6D-8880-E3F54B78E816}" = LG United Mobile Drivers
"{16793295-2366-40F7-A045-A3E42A81365E}" = Bing Bar
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{438363A8-F486-4C37-834C-4955773CB3D3}" = HP Setup
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7CE979C6-E5FF-41C5-B6CC-4EE18071563B}" = SierraAddressBook 3.0
"{7DA9DD7F-F4D9-40FB-BD27-69B7731DEDD9}" = ESU for Microsoft Windows 7 SP1
"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{880B5A98-B242-4B53-BD6F-41EA17495EAD}" = HP SimplePass PE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390R 802.11b/g/n 1x1 Wi-Fi Adapter
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}" = HP Software Framework
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB183033-C2DD-4A37-B43C-943DD4B28C77}" = HP Documentation
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DCD01638-C22B-4AA1-ACCE-1C7150B02076}" = HP Software Framework
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer
"EasyBits Magic Desktop" = Magic Desktop
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"LeechFTP" = LeechFTP YOUCA
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Print Artist 10" = SierraHome Print Artist 10
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0a635999-4c20-4c67-8b20-5f516430ef6e" = Bejeweled 3
"WTA-1d8b9c93-6d8b-416d-a73b-ae9f241d9ba2" = Zuma's Revenge
"WTA-2752719c-9ebe-4277-af83-1a83cf4de91b" = Insaniquarium Deluxe
"WTA-28f2bd99-7211-42ad-8009-806e92b6dc72" = Jewel Quest II
"WTA-42e39ee3-f5cb-4429-a1b8-cc2474c2b701" = Jewel Match 3
"WTA-4a425888-f437-4fc5-851a-c69aff623f35" = Chuzzle Deluxe
"WTA-51d1c301-11eb-4563-be1a-882f88f8a205" = Polar Bowler
"WTA-6b592628-07ef-4777-8deb-634bda19e9e7" = Mahjongg Artifacts
"WTA-6c24dcb9-2912-4235-a067-bdccf94e1c38" = Torchlight
"WTA-76cafd05-b4a8-4e84-a4ab-16f24b11947b" = Wedding Dash
"WTA-82e7c6f2-0d81-49c9-879a-7592c95391b2" = Cradle of Rome 2
"WTA-8a30bbe6-0e4f-4d2d-aa51-72999f0863c9" = Virtual Villagers 4 - The Tree of Life
"WTA-8b70ec5f-71d3-4333-aab9-1a4dc3f9851b" = Mystery of Mortlake Mansion
"WTA-968f6f9f-a625-41f7-b0d4-36210a563666" = Virtual Families
"WTA-9fa713a1-edb0-4c1d-8ba8-c31ef7bbfeb2" = Jewel Quest Solitaire 2
"WTA-aa1f9db5-e5f0-4a9e-89b2-a0e0e205608e" = Final Drive Fury
"WTA-c317e616-f7eb-4aa5-aafc-106bc7f10a65" = Farm Frenzy
"WTA-cf26fad7-d74e-4ecb-bdb6-7f4de5d441ad" = Plants vs. Zombies - Game of the Year
"WTA-d7f4b557-29e8-4e7b-966b-e0fddd07e071" = Cake Mania
"WTA-e974bfb2-778f-4bf1-a97b-b2a9c49c9c3d" = Farmscapes
"WTA-fb23d625-6426-4e28-b952-f51cad06b932" = Fishdom (TM) 2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.06.2013 04:25:15 | Computer Name = StrolchePC-HP | Source = WinMgmt | ID = 10
Description =
Error - 03.06.2013 04:28:45 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\StrolchePC\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 04:28:55 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\StrolchePC\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 05:42:22 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\StrolchePC\Downloads\esetsmartinstaller_enu
(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung
erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven
Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 05:42:26 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\StrolchePC\Downloads\esetsmartinstaller_enu
(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung
erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven
Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 05:45:11 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 05:45:22 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 05:45:26 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder
Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 05:54:02 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\StrolchePC\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 05:54:02 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\StrolchePC\Downloads\esetsmartinstaller_enu
(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung
erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven
Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ Hewlett-Packard Events ]
Error - 16.08.2012 01:28:09 | Computer Name = StrolchePC-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 3996 Ram
Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
[ HP Software Framework Events ]
Error - 14.03.2012 17:34:03 | Computer Name = E4V3U6QM61RIF | Source = CaslSmBios | ID = 5
Description = 2012.03.14 22:34:03.840|000009E0|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
[ System Events ]
Error - 03.06.2013 04:06:01 | Computer Name = StrolchePC-HP | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
03.06.2013, 11:16
| #18 |
| /// the machine /// TB-Ausbilder    | Rechner mit Spyhunter 4 infiziert Hi,
__________________Java und Adobe bitte updaten. Fixen mit OTL
Code:
ATTFilter :OTL
SRV - (SpyHunter 4 Service) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.)
DRV:64bit: - (EsgScanner) -- C:\Windows\SysNative\drivers\EsgScanner.sys ()
DRV - (esgiguard) -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys ()
:files
C:\Programme\Enigma Software Group
:commands
[emptytemp]
Und ein frisches OTL log. Spyhunter weg?
__________________ |
|
03.06.2013, 11:59
| #19 |
| | Rechner mit Spyhunter 4 infiziert Here we are: All processes killed ========== OTL ========== Service SpyHunter 4 Service stopped successfully! Service SpyHunter 4 Service deleted successfully! C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe moved successfully. Service EsgScanner stopped successfully! Service EsgScanner deleted successfully! C:\Windows\SysNative\drivers\EsgScanner.sys moved successfully. Error: Unable to stop service esgiguard! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\esgiguard deleted successfully. C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys moved successfully. ========== FILES ========== File\Folder C:\Programme\Enigma Software Group not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: StrolchePC ->Temp folder emptied: 433059098 bytes ->Temporary Internet Files folder emptied: 86934541 bytes ->Java cache emptied: 6959762 bytes ->Google Chrome cache emptied: 122067554 bytes ->Flash cache emptied: 456 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 190411 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 413399449 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42287614 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1.054,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 06032013_125303 Files\Folders moved on Reboot... C:\Users\StrolchePC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\StrolchePC\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Frisches otl folgt, Spyhunter hat sich noch geöffnet Nummer 1OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.06.2013 13:00:12 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\StrolchePC\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 59,52% Memory free 7,80 Gb Paging File | 6,05 Gb Available in Paging File | 77,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 277,83 Gb Total Space | 199,11 Gb Free Space | 71,67% Space Free | Partition Type: NTFS Drive D: | 19,97 Gb Total Space | 2,14 Gb Free Space | 10,70% Space Free | Partition Type: NTFS Computer Name: STROLCHEPC-HP | User Name: StrolchePC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\StrolchePC\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\StrolchePC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass\TouchControl.exe (AuthenTec Inc.) PRC - C:\Program Files (x86)\HP SimplePass\BioMonitor.exe (HP) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) ========== Modules (No Company Name) ========== MOD - C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll () MOD - C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll () MOD - C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll () MOD - C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll () ========== Services (SafeList) ========== SRV - (ZuneWlanCfgSvc) -- C:\Programme\ZuneWlanCfgSvc.exe File not found SRV - (ZuneNetworkSvc) -- C:\Programme\ZuneNss.exe File not found SRV - (WMZuneComm) -- C:\Programme\WMZuneComm.exe File not found SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe (Microsoft Corporation.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP) SRV - (TrueService) -- C:\Programme\Common Files\AuthenTec\TrueService.exe (AuthenTec, Inc.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (andnetndis) -- C:\Windows\SysNative\drivers\lgandnetndis64.sys (LG Electronics Inc.) DRV:64bit: - (ANDNetModem) -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys (LG Electronics Inc.) DRV:64bit: - (AndNetDiag) -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys (LG Electronics Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\drivers\Smb_driver.sys (Synaptics Incorporated) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (RSP2STOR) -- C:\Windows\SysNative\drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\StrolchePC\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\StrolchePC\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) [2013.04.30 15:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\StrolchePC\AppData\Roaming\mozilla\Firefox\profiles\extensions [2013.04.30 15:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\StrolchePC\AppData\Roaming\mozilla\Firefox\profiles\[ofr2][opt]rs0\extensions [2012.07.31 13:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\StrolchePC\AppData\Roaming\mozilla\firefox\profiles\extensions\gophoto@gophoto.it.xpi ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: Google CHR - plugin: Shockwave Flash (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll CHR - plugin: Simple Pass (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfgjjhcgfbfkkoelpepohanhmbhdanh\1.5_0\npwebsitelogon.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: AdBlock = C:\Users\StrolchePC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\ CHR - Extension: Website Logon = C:\Users\StrolchePC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfgjjhcgfbfkkoelpepohanhmbhdanh\1.5_0\ CHR - Extension: FreeHDSport TV = C:\Users\StrolchePC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkfggacklibaabdomphfdpcodjgihgon\1.0_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3:64bit: - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - Startup: C:\Users\StrolchePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\StrolchePC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82EF9A0B-919D-4E2F-9115-8B1B0E5CEB34}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3CE36F7-58C2-4146-89E8-AD98A439D1A2}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.05.03 08:21:47 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6371615c-a8c3-11e2-b2c8-b4b52f2a232e}\Shell - "" = AutoRun O33 - MountPoints2\{6371615c-a8c3-11e2-b2c8-b4b52f2a232e}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.03 12:53:03 | 000,000,000 | ---D | C] -- C:\_OTL [2013.06.03 10:28:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.06.03 09:56:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.03 09:55:41 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.27 11:32:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.05.15 13:49:52 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.15 13:49:38 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.15 13:49:38 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.15 13:49:37 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.15 13:49:37 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.15 13:49:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.13 15:31:43 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.13 15:31:43 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.13 15:31:43 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.13 15:31:43 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.05.13 15:31:43 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.05.13 15:31:43 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.05.13 15:31:43 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.05.13 15:31:43 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.13 15:31:43 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.05.13 15:31:43 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.05.13 15:31:43 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.13 15:31:43 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.05.13 15:31:43 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.13 15:31:43 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.13 15:31:43 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.13 15:31:43 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.05.13 15:31:43 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.05.13 15:31:43 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.13 15:31:43 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.05.13 15:31:43 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.05.13 15:31:43 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.13 15:31:43 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.13 15:31:43 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.05.13 15:31:43 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.05.13 15:31:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.05.13 15:31:43 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.05.13 15:31:43 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.13 15:31:43 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.05.13 15:31:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.05.13 15:31:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.05.13 15:31:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.05.13 15:31:43 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.05.13 15:31:43 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.05.13 15:31:43 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.13 15:31:43 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.05.13 15:31:43 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.05.13 15:31:43 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.05.13 15:31:43 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.05.13 15:31:43 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.05.13 15:31:43 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.05.13 15:31:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.05.13 15:31:43 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.05.13 15:31:43 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.13 15:31:43 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.05.13 15:31:43 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.05.13 15:31:43 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.05.13 15:31:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.05.13 15:31:43 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.13 15:31:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.05.13 15:31:43 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.05.13 15:31:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.05.13 15:31:43 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.05.13 15:31:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.05.13 15:31:43 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.05.13 15:31:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.05.13 15:31:43 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.05.13 15:31:43 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.05.13 15:31:43 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.05.13 15:31:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.05.13 15:31:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.05.13 15:31:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.05.13 15:31:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.05.13 15:31:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.05.13 15:31:43 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.05.13 15:31:43 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.05.13 15:31:43 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.05.13 15:31:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.05.13 15:31:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.05.08 15:05:02 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.05.07 13:43:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.08.05 13:56:34 | 001,530,592 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIX.dll [2011.08.05 13:56:34 | 001,288,928 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXcontrols.dll [2011.08.05 13:56:34 | 001,272,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShell.dll [2011.08.05 13:56:34 | 001,175,264 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDBApi.dll [2011.08.05 13:56:34 | 000,645,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIX.renderapi.dll [2011.08.05 13:53:12 | 016,921,312 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShellResources.dll [2011.08.05 13:53:12 | 004,020,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSetup.exe [2011.08.05 13:53:12 | 000,863,968 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWmdu.dll [2011.08.05 13:53:12 | 000,507,104 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSP.dll [2011.08.05 13:53:12 | 000,467,680 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWlanCfgSvc.exe [2011.08.05 13:53:12 | 000,366,816 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSrcWrp.dll [2011.08.05 13:53:12 | 000,306,400 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneComm.exe [2011.08.05 13:53:12 | 000,196,832 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Mobile.dll [2011.08.05 13:53:12 | 000,157,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Library.dll [2011.08.05 13:53:12 | 000,157,408 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.ZuneHD.dll [2011.08.05 13:53:12 | 000,152,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Classic.dll [2011.08.05 13:53:12 | 000,100,064 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneTaskbar.dll [2011.08.05 13:53:12 | 000,074,464 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShellExt.dll [2011.08.05 13:53:12 | 000,027,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneTCP2UDP.dll [2011.08.05 13:53:12 | 000,021,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneDTPTDNS.dll [2011.08.05 13:53:12 | 000,018,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneCommProxyStub.dll [2011.08.05 13:53:12 | 000,017,632 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShare.exe [2011.08.05 13:53:12 | 000,009,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWmduResources.dll [2011.08.05 13:53:10 | 003,889,376 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneResources.dll [2011.08.05 13:53:10 | 001,257,184 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneService.dll [2011.08.05 13:53:10 | 000,916,704 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneQP.dll [2011.08.05 13:53:10 | 000,683,744 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSH.dll [2011.08.05 13:53:10 | 000,514,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSE.dll [2011.08.05 13:53:10 | 000,155,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSA.dll [2011.08.05 13:53:06 | 010,061,536 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNativeLib.dll [2011.08.05 13:53:06 | 008,277,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNss.exe [2011.08.05 13:53:06 | 002,110,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEncEng.dll [2011.08.05 13:53:06 | 001,752,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXrender.dll [2011.08.05 13:53:06 | 001,481,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneCore.dll [2011.08.05 13:53:06 | 001,184,480 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneH264Dec.dll [2011.08.05 13:53:06 | 001,161,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMde.dll [2011.08.05 13:53:06 | 001,096,928 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMarketplaceResources.dll [2011.08.05 13:53:06 | 000,879,328 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMBR.dll [2011.08.05 13:53:06 | 000,707,808 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZUNEMP4SDECD.dll [2011.08.05 13:53:06 | 000,376,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEvr.dll [2011.08.05 13:53:06 | 000,347,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNssci.dll [2011.08.05 13:53:06 | 000,223,968 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Zune.exe [2011.08.05 13:53:06 | 000,218,848 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneHost.exe [2011.08.05 13:53:06 | 000,212,192 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDB.dll [2011.08.05 13:53:06 | 000,163,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneLauncher.exe [2011.08.05 13:53:06 | 000,131,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZunePresenter.dll [2011.08.05 13:53:06 | 000,129,248 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEffects.dll [2011.08.05 13:53:06 | 000,121,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneAACDec.dll [2011.08.05 13:53:06 | 000,072,928 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDXVA2.dll [2011.08.05 13:53:06 | 000,061,664 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneCfg.dll [2011.08.05 13:53:06 | 000,056,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneConfig.exe [2011.08.05 13:53:06 | 000,038,624 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEnc.exe [2011.08.05 13:53:06 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXsup.dll [2011.08.05 13:53:06 | 000,020,704 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZunePS.dll [2011.08.05 13:31:32 | 000,182,784 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Program Files\l3codecp.acm [2011.06.06 14:48:50 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp90.dll [2011.06.06 14:48:50 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr90.dll [2011.06.06 14:48:50 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcm90.dll [2007.10.02 15:12:44 | 001,642,568 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msidcrl40.dll ========== Files - Modified Within 30 Days ========== [2013.06.03 12:56:40 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.03 12:56:35 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.03 12:56:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.03 12:56:27 | 3142,864,896 | -HS- | M] () -- C:\hiberfil.sys [2013.06.03 12:42:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.03 12:13:00 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2781359-1254794159-3529466809-1000UA.job [2013.06.03 10:32:15 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.03 10:32:15 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.03 10:29:48 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.03 10:29:48 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.03 10:29:48 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.03 10:29:48 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.03 10:29:48 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.03 09:46:33 | 000,001,088 | ---- | M] () -- C:\Users\StrolchePC\Desktop\JRT.lnk [2013.06.03 09:45:42 | 000,001,161 | ---- | M] () -- C:\Users\StrolchePC\Desktop\adwcleaner.lnk [2013.06.03 09:44:29 | 000,001,256 | ---- | M] () -- C:\Users\StrolchePC\Desktop\RogueKiller_8.5.4 (1).lnk [2013.05.31 10:59:04 | 000,001,197 | ---- | M] () -- C:\Users\StrolchePC\Desktop\gmer_2.1.19163.lnk [2013.05.31 10:48:48 | 000,000,720 | ---- | M] () -- C:\Users\StrolchePC\Desktop\Defogger.lnk [2013.05.31 10:47:44 | 000,000,000 | ---- | M] () -- C:\Users\StrolchePC\defogger_reenable [2013.05.31 08:13:04 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2781359-1254794159-3529466809-1000Core.job [2013.05.28 14:05:34 | 001,583,568 | ---- | M] () -- C:\Users\StrolchePC\Desktop\Gruppe 2013.JPG [2013.05.27 19:42:13 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForStrolchePC.job [2013.05.27 13:13:33 | 000,002,347 | ---- | M] () -- C:\Users\StrolchePC\Desktop\Google Chrome.lnk [2013.05.27 08:29:02 | 000,001,016 | ---- | M] () -- C:\Users\StrolchePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.16 07:49:38 | 000,331,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.13 15:31:43 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.13 15:31:43 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.13 15:31:43 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.13 15:31:43 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.05.13 15:31:43 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.05.13 15:31:43 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.05.13 15:31:43 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.05.13 15:31:43 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.13 15:31:43 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.05.13 15:31:43 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.05.13 15:31:43 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.13 15:31:43 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.05.13 15:31:43 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.13 15:31:43 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.13 15:31:43 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.13 15:31:43 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.05.13 15:31:43 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.05.13 15:31:43 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.13 15:31:43 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.05.13 15:31:43 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.05.13 15:31:43 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.13 15:31:43 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.13 15:31:43 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.05.13 15:31:43 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.05.13 15:31:43 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.05.13 15:31:43 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.05.13 15:31:43 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.13 15:31:43 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.05.13 15:31:43 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.05.13 15:31:43 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.05.13 15:31:43 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.05.13 15:31:43 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.05.13 15:31:43 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.05.13 15:31:43 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.13 15:31:43 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.05.13 15:31:43 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.05.13 15:31:43 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.05.13 15:31:43 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.05.13 15:31:43 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.05.13 15:31:43 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.05.13 15:31:43 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.05.13 15:31:43 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.05.13 15:31:43 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.13 15:31:43 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.05.13 15:31:43 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.05.13 15:31:43 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.05.13 15:31:43 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.05.13 15:31:43 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.13 15:31:43 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.05.13 15:31:43 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.05.13 15:31:43 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.05.13 15:31:43 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.05.13 15:31:43 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.05.13 15:31:43 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.05.13 15:31:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.05.13 15:31:43 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.05.13 15:31:43 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.05.13 15:31:43 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.05.13 15:31:43 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.05.13 15:31:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.05.13 15:31:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.05.13 15:31:43 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.05.13 15:31:43 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.05.13 15:31:43 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.05.13 15:31:43 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.13 15:31:43 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.13 15:31:43 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.05.13 15:31:43 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.05.13 15:31:43 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.05.13 15:31:43 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.05.07 13:43:39 | 468,008,353 | ---- | M] () -- C:\Windows\MEMORY.DMP ========== Files Created - No Company Name ========== [2013.06.03 09:46:14 | 000,001,088 | ---- | C] () -- C:\Users\StrolchePC\Desktop\JRT.lnk [2013.06.03 09:45:14 | 000,001,161 | ---- | C] () -- C:\Users\StrolchePC\Desktop\adwcleaner.lnk [2013.06.03 09:44:01 | 000,001,256 | ---- | C] () -- C:\Users\StrolchePC\Desktop\RogueKiller_8.5.4 (1).lnk [2013.05.31 10:58:49 | 000,001,197 | ---- | C] () -- C:\Users\StrolchePC\Desktop\gmer_2.1.19163.lnk [2013.05.31 10:48:33 | 000,000,720 | ---- | C] () -- C:\Users\StrolchePC\Desktop\Defogger.lnk [2013.05.31 10:47:44 | 000,000,000 | ---- | C] () -- C:\Users\StrolchePC\defogger_reenable [2013.05.28 14:00:58 | 001,583,568 | ---- | C] () -- C:\Users\StrolchePC\Desktop\Gruppe 2013.JPG [2013.05.27 08:29:02 | 000,001,016 | ---- | C] () -- C:\Users\StrolchePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.13 15:31:43 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.13 15:31:43 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.07 13:43:39 | 468,008,353 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.04.30 15:02:44 | 000,077,654 | ---- | C] () -- C:\Users\StrolchePC\AppData\Local\funmoods_2.3.crx [2012.09.24 07:58:23 | 000,018,944 | ---- | C] () -- C:\Windows\eraser.exe [2012.08.30 08:42:13 | 000,000,224 | ---- | C] () -- C:\Windows\Sierra.ini [2012.08.09 11:24:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2012.06.21 16:20:04 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2012.06.21 16:12:09 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.02.14 20:47:04 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.02.14 20:47:04 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.02.14 20:47:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.02.14 20:44:22 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.02.14 19:59:54 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.06.22 00:45:28 | 000,122,484 | ---- | C] () -- C:\Program Files\quickplaymap_msl.png [2011.06.22 00:45:28 | 000,122,210 | ---- | C] () -- C:\Program Files\quickplaymap_ind.png [2011.06.22 00:45:28 | 000,093,248 | ---- | C] () -- C:\Program Files\softwaremap_msl.png [2011.06.22 00:45:28 | 000,092,713 | ---- | C] () -- C:\Program Files\softwaremap_ind.png [2011.06.22 00:45:26 | 009,532,452 | ---- | C] () -- C:\Program Files\Meiryoz.ttc [2011.06.06 14:50:40 | 000,000,659 | ---- | C] () -- C:\Program Files\Zune.exe.config [2011.06.06 14:50:26 | 000,251,333 | ---- | C] () -- C:\Program Files\softwaremap.png [2011.06.06 14:50:26 | 000,122,790 | ---- | C] () -- C:\Program Files\quickplaymap_rus.png [2011.06.06 14:50:26 | 000,122,620 | ---- | C] () -- C:\Program Files\quickplaymap_ell.png [2011.06.06 14:50:26 | 000,122,458 | ---- | C] () -- C:\Program Files\quickplaymap.png [2011.06.06 14:50:26 | 000,122,414 | ---- | C] () -- C:\Program Files\quickplaymap_plk.png [2011.06.06 14:50:26 | 000,122,134 | ---- | C] () -- C:\Program Files\quickplaymap_ptb.png [2011.06.06 14:50:26 | 000,122,068 | ---- | C] () -- C:\Program Files\quickplaymap_csy.png [2011.06.06 14:50:26 | 000,122,060 | ---- | C] () -- C:\Program Files\quickplaymap_jpn.png [2011.06.06 14:50:26 | 000,122,053 | ---- | C] () -- C:\Program Files\quickplaymap_nld.png [2011.06.06 14:50:26 | 000,121,952 | ---- | C] () -- C:\Program Files\quickplaymap_esp.png [2011.06.06 14:50:26 | 000,121,837 | ---- | C] () -- C:\Program Files\quickplaymap_deu.png [2011.06.06 14:50:26 | 000,121,834 | ---- | C] () -- C:\Program Files\quickplaymap_hun.png [2011.06.06 14:50:26 | 000,121,635 | ---- | C] () -- C:\Program Files\quickplaymap_ptg.png [2011.06.06 14:50:26 | 000,121,621 | ---- | C] () -- C:\Program Files\quickplaymap_ita.png [2011.06.06 14:50:26 | 000,121,558 | ---- | C] () -- C:\Program Files\quickplaymap_sve.png [2011.06.06 14:50:26 | 000,121,489 | ---- | C] () -- C:\Program Files\quickplaymap_dan.png [2011.06.06 14:50:26 | 000,121,403 | ---- | C] () -- C:\Program Files\quickplaymap_fra.png [2011.06.06 14:50:26 | 000,121,358 | ---- | C] () -- C:\Program Files\quickplaymap_chs.png [2011.06.06 14:50:26 | 000,121,257 | ---- | C] () -- C:\Program Files\quickplaymap_fin.png [2011.06.06 14:50:26 | 000,121,162 | ---- | C] () -- C:\Program Files\quickplaymap_cht.png [2011.06.06 14:50:26 | 000,121,155 | ---- | C] () -- C:\Program Files\quickplaymap_nor.png [2011.06.06 14:50:26 | 000,120,995 | ---- | C] () -- C:\Program Files\quickplaymap_kor.png [2011.06.06 14:50:26 | 000,100,499 | ---- | C] () -- C:\Program Files\softwaremap_ell.png [2011.06.06 14:50:26 | 000,099,979 | ---- | C] () -- C:\Program Files\softwaremap_rus.png [2011.06.06 14:50:26 | 000,098,663 | ---- | C] () -- C:\Program Files\softwaremap_plk.png [2011.06.06 14:50:26 | 000,098,431 | ---- | C] () -- C:\Program Files\softwaremap_ita.png [2011.06.06 14:50:26 | 000,098,102 | ---- | C] () -- C:\Program Files\softwaremap_ptb.png [2011.06.06 14:50:26 | 000,097,782 | ---- | C] () -- C:\Program Files\softwaremap_esp.png [2011.06.06 14:50:26 | 000,097,716 | ---- | C] () -- C:\Program Files\softwaremap_ptg.png [2011.06.06 14:50:26 | 000,097,580 | ---- | C] () -- C:\Program Files\softwaremap_deu.png [2011.06.06 14:50:26 | 000,097,435 | ---- | C] () -- C:\Program Files\softwaremap_fra.png [2011.06.06 14:50:26 | 000,097,298 | ---- | C] () -- C:\Program Files\softwaremap_csy.png [2011.06.06 14:50:26 | 000,096,751 | ---- | C] () -- C:\Program Files\softwaremap_cht.png [2011.06.06 14:50:26 | 000,096,737 | ---- | C] () -- C:\Program Files\softwaremap_hun.png [2011.06.06 14:50:26 | 000,096,603 | ---- | C] () -- C:\Program Files\softwaremap_jpn.png [2011.06.06 14:50:26 | 000,096,513 | ---- | C] () -- C:\Program Files\softwaremap_nld.png [2011.06.06 14:50:26 | 000,096,441 | ---- | C] () -- C:\Program Files\softwaremap_fin.png [2011.06.06 14:50:26 | 000,096,323 | ---- | C] () -- C:\Program Files\softwaremap_dan.png [2011.06.06 14:50:26 | 000,095,912 | ---- | C] () -- C:\Program Files\softwaremap_chs.png [2011.06.06 14:50:26 | 000,094,750 | ---- | C] () -- C:\Program Files\softwaremap_nor.png [2011.06.06 14:50:26 | 000,094,597 | ---- | C] () -- C:\Program Files\softwaremap_sve.png [2011.06.06 14:50:26 | 000,093,267 | ---- | C] () -- C:\Program Files\softwaremap_kor.png [2011.06.06 14:50:26 | 000,001,922 | ---- | C] () -- C:\Program Files\TopBar.gif [2011.06.06 14:50:26 | 000,000,988 | ---- | C] () -- C:\Program Files\ZuneLogo.gif [2011.06.06 14:50:26 | 000,000,631 | ---- | C] () -- C:\Program Files\Background.jpg [2011.06.06 14:50:26 | 000,000,054 | ---- | C] () -- C:\Program Files\Arrow.gif ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > und Nummer 2:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.06.2013 13:00:12 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\StrolchePC\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 59,52% Memory free
7,80 Gb Paging File | 6,05 Gb Available in Paging File | 77,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 277,83 Gb Total Space | 199,11 Gb Free Space | 71,67% Space Free | Partition Type: NTFS
Drive D: | 19,97 Gb Total Space | 2,14 Gb Free Space | 10,70% Space Free | Partition Type: NTFS
Computer Name: STROLCHEPC-HP | User Name: StrolchePC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{095DDED8-6666-4589-A4FB-5A28EA510261}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{39EB4F7F-9228-42DD-B662-26894387ACE0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002267FC-37F3-4C7E-885F-C04913F741F7}" = protocol=17 | dir=in | app=c:\users\strolchepc\appdata\roaming\dropbox\bin\dropbox.exe |
"{384957F8-4411-46CE-B357-3325157D8A98}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{41D2F08B-4550-422D-A358-FA3A3A2E7703}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B87AA04-4059-42B3-ABFA-E298FB2427E1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{62187711-6B52-48F1-9069-44A5EC897445}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{733D2563-1AD6-4027-8C14-5DC2016494B2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9D76C1CC-DFF4-43DA-A483-6EEF5B1EE06C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D97C5CB9-CFEA-4CE2-9E80-997C18A3E1B7}" = protocol=6 | dir=in | app=c:\users\strolchepc\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{2B6F8AFD-8B5B-4A74-A7F8-381E479118BD}C:\users\strolchepc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\strolchepc\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{CC152954-71D4-4928-933C-3AD18359E215}C:\program files (x86)\leechftp\leechftp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe |
"TCP Query User{D1239CD5-4C65-4F37-875E-B4EB59D21D6B}C:\program files (x86)\leechftp\leechftp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe |
"UDP Query User{788F4FCD-A818-4193-9039-85B7278D8638}C:\program files (x86)\leechftp\leechftp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe |
"UDP Query User{C6920D7F-B57B-42BF-9227-175C0CEAE4C0}C:\users\strolchepc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\strolchepc\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{DBBECB31-72A4-4EF0-B0BD-A828F26C00F7}C:\program files (x86)\leechftp\leechftp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}" = SpyHunter
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D3AA8FD3-5FFA-4CFC-BA8E-99BFC6A41943}" = HP Security Assistant
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F9E64F70-9BE4-4ECD-9B83-09E74CF5B6C3}" = AuthenTec TrueAPI 64-bit
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1879C1-B74A-4C6D-8880-E3F54B78E816}" = LG United Mobile Drivers
"{16793295-2366-40F7-A045-A3E42A81365E}" = Bing Bar
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{438363A8-F486-4C37-834C-4955773CB3D3}" = HP Setup
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7CE979C6-E5FF-41C5-B6CC-4EE18071563B}" = SierraAddressBook 3.0
"{7DA9DD7F-F4D9-40FB-BD27-69B7731DEDD9}" = ESU for Microsoft Windows 7 SP1
"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{880B5A98-B242-4B53-BD6F-41EA17495EAD}" = HP SimplePass PE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390R 802.11b/g/n 1x1 Wi-Fi Adapter
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}" = HP Software Framework
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB183033-C2DD-4A37-B43C-943DD4B28C77}" = HP Documentation
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DCD01638-C22B-4AA1-ACCE-1C7150B02076}" = HP Software Framework
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer
"EasyBits Magic Desktop" = Magic Desktop
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"LeechFTP" = LeechFTP YOUCA
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Print Artist 10" = SierraHome Print Artist 10
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0a635999-4c20-4c67-8b20-5f516430ef6e" = Bejeweled 3
"WTA-1d8b9c93-6d8b-416d-a73b-ae9f241d9ba2" = Zuma's Revenge
"WTA-2752719c-9ebe-4277-af83-1a83cf4de91b" = Insaniquarium Deluxe
"WTA-28f2bd99-7211-42ad-8009-806e92b6dc72" = Jewel Quest II
"WTA-42e39ee3-f5cb-4429-a1b8-cc2474c2b701" = Jewel Match 3
"WTA-4a425888-f437-4fc5-851a-c69aff623f35" = Chuzzle Deluxe
"WTA-51d1c301-11eb-4563-be1a-882f88f8a205" = Polar Bowler
"WTA-6b592628-07ef-4777-8deb-634bda19e9e7" = Mahjongg Artifacts
"WTA-6c24dcb9-2912-4235-a067-bdccf94e1c38" = Torchlight
"WTA-76cafd05-b4a8-4e84-a4ab-16f24b11947b" = Wedding Dash
"WTA-82e7c6f2-0d81-49c9-879a-7592c95391b2" = Cradle of Rome 2
"WTA-8a30bbe6-0e4f-4d2d-aa51-72999f0863c9" = Virtual Villagers 4 - The Tree of Life
"WTA-8b70ec5f-71d3-4333-aab9-1a4dc3f9851b" = Mystery of Mortlake Mansion
"WTA-968f6f9f-a625-41f7-b0d4-36210a563666" = Virtual Families
"WTA-9fa713a1-edb0-4c1d-8ba8-c31ef7bbfeb2" = Jewel Quest Solitaire 2
"WTA-aa1f9db5-e5f0-4a9e-89b2-a0e0e205608e" = Final Drive Fury
"WTA-c317e616-f7eb-4aa5-aafc-106bc7f10a65" = Farm Frenzy
"WTA-cf26fad7-d74e-4ecb-bdb6-7f4de5d441ad" = Plants vs. Zombies - Game of the Year
"WTA-d7f4b557-29e8-4e7b-966b-e0fddd07e071" = Cake Mania
"WTA-e974bfb2-778f-4bf1-a97b-b2a9c49c9c3d" = Farmscapes
"WTA-fb23d625-6426-4e28-b952-f51cad06b932" = Fishdom (TM) 2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.06.2013 06:34:43 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\strolchepc\downloads\esetsmartinstaller_enu
(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung
erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven
Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 06:34:43 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\strolchepc\downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 06:34:43 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\strolchepc\downloads\esetsmartinstaller_enu
(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung
erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven
Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 06:34:44 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\strolchepc\downloads\esetsmartinstaller_enu
(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung
erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven
Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 06:34:45 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\strolchepc\downloads\esetsmartinstaller_enu
(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung
erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven
Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 06:34:45 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\strolchepc\downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 06:34:45 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\strolchepc\downloads\esetsmartinstaller_enu
(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung
erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven
Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 06:34:46 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\strolchepc\downloads\esetsmartinstaller_enu
(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung
erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven
Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 06:34:46 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\strolchepc\downloads\esetsmartinstaller_enu
(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung
erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven
Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 06:56:50 | Computer Name = StrolchePC-HP | Source = WinMgmt | ID = 10
Description =
[ Hewlett-Packard Events ]
Error - 16.08.2012 01:28:09 | Computer Name = StrolchePC-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 3996 Ram
Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
[ HP Software Framework Events ]
Error - 14.03.2012 17:34:03 | Computer Name = E4V3U6QM61RIF | Source = CaslSmBios | ID = 5
Description = 2012.03.14 22:34:03.840|000009E0|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
[ System Events ]
Error - 03.06.2013 04:06:01 | Computer Name = StrolchePC-HP | Source = DCOM | ID = 10010
Description =
Error - 03.06.2013 06:53:03 | Computer Name = StrolchePC-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 03.06.2013 06:56:57 | Computer Name = StrolchePC-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "esgiguard" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
|
|
03.06.2013, 12:07
| #20 |
| | Rechner mit Spyhunter 4 infiziert Nummer 1OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.06.2013 13:00:12 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\StrolchePC\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 59,52% Memory free 7,80 Gb Paging File | 6,05 Gb Available in Paging File | 77,55% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 277,83 Gb Total Space | 199,11 Gb Free Space | 71,67% Space Free | Partition Type: NTFS Drive D: | 19,97 Gb Total Space | 2,14 Gb Free Space | 10,70% Space Free | Partition Type: NTFS Computer Name: STROLCHEPC-HP | User Name: StrolchePC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\StrolchePC\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\StrolchePC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe (Microsoft Corporation.) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass\TouchControl.exe (AuthenTec Inc.) PRC - C:\Program Files (x86)\HP SimplePass\BioMonitor.exe (HP) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) ========== Modules (No Company Name) ========== MOD - C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll () MOD - C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\libglesv2.dll () MOD - C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\libegl.dll () MOD - C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll () ========== Services (SafeList) ========== SRV - (ZuneWlanCfgSvc) -- C:\Programme\ZuneWlanCfgSvc.exe File not found SRV - (ZuneNetworkSvc) -- C:\Programme\ZuneNss.exe File not found SRV - (WMZuneComm) -- C:\Programme\WMZuneComm.exe File not found SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe (Microsoft Corporation.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP) SRV - (TrueService) -- C:\Programme\Common Files\AuthenTec\TrueService.exe (AuthenTec, Inc.) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (andnetndis) -- C:\Windows\SysNative\drivers\lgandnetndis64.sys (LG Electronics Inc.) DRV:64bit: - (ANDNetModem) -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys (LG Electronics Inc.) DRV:64bit: - (AndNetDiag) -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys (LG Electronics Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\drivers\Smb_driver.sys (Synaptics Incorporated) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (RSP2STOR) -- C:\Windows\SysNative\drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://www.ebay.de/sch/i.html?_nkw={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\StrolchePC\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\StrolchePC\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) [2013.04.30 15:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\StrolchePC\AppData\Roaming\mozilla\Firefox\profiles\extensions [2013.04.30 15:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\StrolchePC\AppData\Roaming\mozilla\Firefox\profiles\[ofr2][opt]rs0\extensions [2012.07.31 13:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\StrolchePC\AppData\Roaming\mozilla\firefox\profiles\extensions\gophoto@gophoto.it.xpi ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: Google CHR - plugin: Shockwave Flash (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll CHR - plugin: Simple Pass (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfgjjhcgfbfkkoelpepohanhmbhdanh\1.5_0\npwebsitelogon.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\StrolchePC\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - Extension: AdBlock = C:\Users\StrolchePC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\ CHR - Extension: Website Logon = C:\Users\StrolchePC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfgjjhcgfbfkkoelpepohanhmbhdanh\1.5_0\ CHR - Extension: FreeHDSport TV = C:\Users\StrolchePC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkfggacklibaabdomphfdpcodjgihgon\1.0_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3:64bit: - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.DLL (HP) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - Startup: C:\Users\StrolchePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\StrolchePC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82EF9A0B-919D-4E2F-9115-8B1B0E5CEB34}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3CE36F7-58C2-4146-89E8-AD98A439D1A2}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.05.03 08:21:47 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6371615c-a8c3-11e2-b2c8-b4b52f2a232e}\Shell - "" = AutoRun O33 - MountPoints2\{6371615c-a8c3-11e2-b2c8-b4b52f2a232e}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.03 12:53:03 | 000,000,000 | ---D | C] -- C:\_OTL [2013.06.03 10:28:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.06.03 09:56:09 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.06.03 09:55:41 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.27 11:32:34 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.05.15 13:49:52 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.15 13:49:38 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.15 13:49:38 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.15 13:49:37 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.15 13:49:37 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.15 13:49:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.13 15:31:43 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.13 15:31:43 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.13 15:31:43 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.13 15:31:43 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.05.13 15:31:43 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.05.13 15:31:43 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.05.13 15:31:43 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.05.13 15:31:43 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.13 15:31:43 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.05.13 15:31:43 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.05.13 15:31:43 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.13 15:31:43 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.05.13 15:31:43 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.13 15:31:43 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.13 15:31:43 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.13 15:31:43 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.05.13 15:31:43 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.05.13 15:31:43 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.13 15:31:43 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.05.13 15:31:43 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.05.13 15:31:43 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.13 15:31:43 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.13 15:31:43 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.05.13 15:31:43 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.05.13 15:31:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.05.13 15:31:43 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.05.13 15:31:43 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.13 15:31:43 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.05.13 15:31:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.05.13 15:31:43 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.05.13 15:31:43 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.05.13 15:31:43 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.05.13 15:31:43 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.05.13 15:31:43 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.13 15:31:43 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.05.13 15:31:43 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.05.13 15:31:43 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.05.13 15:31:43 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.05.13 15:31:43 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.05.13 15:31:43 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.05.13 15:31:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.05.13 15:31:43 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.05.13 15:31:43 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.13 15:31:43 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.05.13 15:31:43 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.05.13 15:31:43 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.05.13 15:31:43 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.05.13 15:31:43 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.13 15:31:43 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.05.13 15:31:43 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.05.13 15:31:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.05.13 15:31:43 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.05.13 15:31:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.05.13 15:31:43 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.05.13 15:31:43 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.05.13 15:31:43 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.05.13 15:31:43 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.05.13 15:31:43 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.05.13 15:31:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.05.13 15:31:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.05.13 15:31:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.05.13 15:31:43 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.05.13 15:31:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.05.13 15:31:43 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.05.13 15:31:43 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.05.13 15:31:43 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.05.13 15:31:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.05.13 15:31:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.05.08 15:05:02 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.05.07 13:43:43 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.08.05 13:56:34 | 001,530,592 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIX.dll [2011.08.05 13:56:34 | 001,288,928 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXcontrols.dll [2011.08.05 13:56:34 | 001,272,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShell.dll [2011.08.05 13:56:34 | 001,175,264 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDBApi.dll [2011.08.05 13:56:34 | 000,645,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIX.renderapi.dll [2011.08.05 13:53:12 | 016,921,312 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShellResources.dll [2011.08.05 13:53:12 | 004,020,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSetup.exe [2011.08.05 13:53:12 | 000,863,968 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWmdu.dll [2011.08.05 13:53:12 | 000,507,104 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSP.dll [2011.08.05 13:53:12 | 000,467,680 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWlanCfgSvc.exe [2011.08.05 13:53:12 | 000,366,816 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSrcWrp.dll [2011.08.05 13:53:12 | 000,306,400 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneComm.exe [2011.08.05 13:53:12 | 000,196,832 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Mobile.dll [2011.08.05 13:53:12 | 000,157,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Library.dll [2011.08.05 13:53:12 | 000,157,408 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.ZuneHD.dll [2011.08.05 13:53:12 | 000,152,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneZMDB.Classic.dll [2011.08.05 13:53:12 | 000,100,064 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneTaskbar.dll [2011.08.05 13:53:12 | 000,074,464 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShellExt.dll [2011.08.05 13:53:12 | 000,027,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneTCP2UDP.dll [2011.08.05 13:53:12 | 000,021,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneDTPTDNS.dll [2011.08.05 13:53:12 | 000,018,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WMZuneCommProxyStub.dll [2011.08.05 13:53:12 | 000,017,632 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneShare.exe [2011.08.05 13:53:12 | 000,009,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneWmduResources.dll [2011.08.05 13:53:10 | 003,889,376 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneResources.dll [2011.08.05 13:53:10 | 001,257,184 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneService.dll [2011.08.05 13:53:10 | 000,916,704 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneQP.dll [2011.08.05 13:53:10 | 000,683,744 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSH.dll [2011.08.05 13:53:10 | 000,514,272 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSE.dll [2011.08.05 13:53:10 | 000,155,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneSA.dll [2011.08.05 13:53:06 | 010,061,536 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNativeLib.dll [2011.08.05 13:53:06 | 008,277,728 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNss.exe [2011.08.05 13:53:06 | 002,110,176 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEncEng.dll [2011.08.05 13:53:06 | 001,752,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXrender.dll [2011.08.05 13:53:06 | 001,481,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneCore.dll [2011.08.05 13:53:06 | 001,184,480 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneH264Dec.dll [2011.08.05 13:53:06 | 001,161,440 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMde.dll [2011.08.05 13:53:06 | 001,096,928 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMarketplaceResources.dll [2011.08.05 13:53:06 | 000,879,328 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneMBR.dll [2011.08.05 13:53:06 | 000,707,808 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZUNEMP4SDECD.dll [2011.08.05 13:53:06 | 000,376,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEvr.dll [2011.08.05 13:53:06 | 000,347,872 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneNssci.dll [2011.08.05 13:53:06 | 000,223,968 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Zune.exe [2011.08.05 13:53:06 | 000,218,848 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneHost.exe [2011.08.05 13:53:06 | 000,212,192 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDB.dll [2011.08.05 13:53:06 | 000,163,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneLauncher.exe [2011.08.05 13:53:06 | 000,131,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZunePresenter.dll [2011.08.05 13:53:06 | 000,129,248 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEffects.dll [2011.08.05 13:53:06 | 000,121,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneAACDec.dll [2011.08.05 13:53:06 | 000,072,928 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneDXVA2.dll [2011.08.05 13:53:06 | 000,061,664 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneCfg.dll [2011.08.05 13:53:06 | 000,056,544 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneConfig.exe [2011.08.05 13:53:06 | 000,038,624 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZuneEnc.exe [2011.08.05 13:53:06 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Program Files\UIXsup.dll [2011.08.05 13:53:06 | 000,020,704 | ---- | C] (Microsoft Corporation) -- C:\Program Files\ZunePS.dll [2011.08.05 13:31:32 | 000,182,784 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Program Files\l3codecp.acm [2011.06.06 14:48:50 | 000,856,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp90.dll [2011.06.06 14:48:50 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr90.dll [2011.06.06 14:48:50 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcm90.dll [2007.10.02 15:12:44 | 001,642,568 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msidcrl40.dll ========== Files - Modified Within 30 Days ========== [2013.06.03 12:56:40 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.03 12:56:35 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.03 12:56:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.03 12:56:27 | 3142,864,896 | -HS- | M] () -- C:\hiberfil.sys [2013.06.03 12:42:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.03 12:13:00 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2781359-1254794159-3529466809-1000UA.job [2013.06.03 10:32:15 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.03 10:32:15 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.03 10:29:48 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.03 10:29:48 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.03 10:29:48 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.03 10:29:48 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.03 10:29:48 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.03 09:46:33 | 000,001,088 | ---- | M] () -- C:\Users\StrolchePC\Desktop\JRT.lnk [2013.06.03 09:45:42 | 000,001,161 | ---- | M] () -- C:\Users\StrolchePC\Desktop\adwcleaner.lnk [2013.06.03 09:44:29 | 000,001,256 | ---- | M] () -- C:\Users\StrolchePC\Desktop\RogueKiller_8.5.4 (1).lnk [2013.05.31 10:59:04 | 000,001,197 | ---- | M] () -- C:\Users\StrolchePC\Desktop\gmer_2.1.19163.lnk [2013.05.31 10:48:48 | 000,000,720 | ---- | M] () -- C:\Users\StrolchePC\Desktop\Defogger.lnk [2013.05.31 10:47:44 | 000,000,000 | ---- | M] () -- C:\Users\StrolchePC\defogger_reenable [2013.05.31 08:13:04 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2781359-1254794159-3529466809-1000Core.job [2013.05.28 14:05:34 | 001,583,568 | ---- | M] () -- C:\Users\StrolchePC\Desktop\Gruppe 2013.JPG [2013.05.27 19:42:13 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForStrolchePC.job [2013.05.27 13:13:33 | 000,002,347 | ---- | M] () -- C:\Users\StrolchePC\Desktop\Google Chrome.lnk [2013.05.27 08:29:02 | 000,001,016 | ---- | M] () -- C:\Users\StrolchePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.16 07:49:38 | 000,331,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.13 15:31:43 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.13 15:31:43 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.13 15:31:43 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.13 15:31:43 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.05.13 15:31:43 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.05.13 15:31:43 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.05.13 15:31:43 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.05.13 15:31:43 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.13 15:31:43 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.05.13 15:31:43 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.05.13 15:31:43 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.13 15:31:43 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.05.13 15:31:43 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.13 15:31:43 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.13 15:31:43 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.13 15:31:43 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.05.13 15:31:43 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.05.13 15:31:43 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.13 15:31:43 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.05.13 15:31:43 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.05.13 15:31:43 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.13 15:31:43 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.13 15:31:43 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.05.13 15:31:43 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.05.13 15:31:43 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.05.13 15:31:43 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.05.13 15:31:43 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.13 15:31:43 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.05.13 15:31:43 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.05.13 15:31:43 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.05.13 15:31:43 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.05.13 15:31:43 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.05.13 15:31:43 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.05.13 15:31:43 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.13 15:31:43 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.05.13 15:31:43 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.05.13 15:31:43 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.05.13 15:31:43 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.05.13 15:31:43 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.05.13 15:31:43 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.05.13 15:31:43 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.05.13 15:31:43 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.05.13 15:31:43 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.13 15:31:43 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.05.13 15:31:43 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.05.13 15:31:43 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.05.13 15:31:43 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.05.13 15:31:43 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.13 15:31:43 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.05.13 15:31:43 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.05.13 15:31:43 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.05.13 15:31:43 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.05.13 15:31:43 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.05.13 15:31:43 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.05.13 15:31:43 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.05.13 15:31:43 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.05.13 15:31:43 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.05.13 15:31:43 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.05.13 15:31:43 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.05.13 15:31:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.05.13 15:31:43 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.05.13 15:31:43 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.05.13 15:31:43 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.05.13 15:31:43 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.05.13 15:31:43 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.13 15:31:43 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.13 15:31:43 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.05.13 15:31:43 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.05.13 15:31:43 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.05.13 15:31:43 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.05.07 13:43:39 | 468,008,353 | ---- | M] () -- C:\Windows\MEMORY.DMP ========== Files Created - No Company Name ========== [2013.06.03 09:46:14 | 000,001,088 | ---- | C] () -- C:\Users\StrolchePC\Desktop\JRT.lnk [2013.06.03 09:45:14 | 000,001,161 | ---- | C] () -- C:\Users\StrolchePC\Desktop\adwcleaner.lnk [2013.06.03 09:44:01 | 000,001,256 | ---- | C] () -- C:\Users\StrolchePC\Desktop\RogueKiller_8.5.4 (1).lnk [2013.05.31 10:58:49 | 000,001,197 | ---- | C] () -- C:\Users\StrolchePC\Desktop\gmer_2.1.19163.lnk [2013.05.31 10:48:33 | 000,000,720 | ---- | C] () -- C:\Users\StrolchePC\Desktop\Defogger.lnk [2013.05.31 10:47:44 | 000,000,000 | ---- | C] () -- C:\Users\StrolchePC\defogger_reenable [2013.05.28 14:00:58 | 001,583,568 | ---- | C] () -- C:\Users\StrolchePC\Desktop\Gruppe 2013.JPG [2013.05.27 08:29:02 | 000,001,016 | ---- | C] () -- C:\Users\StrolchePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.13 15:31:43 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.13 15:31:43 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.07 13:43:39 | 468,008,353 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.04.30 15:02:44 | 000,077,654 | ---- | C] () -- C:\Users\StrolchePC\AppData\Local\funmoods_2.3.crx [2012.09.24 07:58:23 | 000,018,944 | ---- | C] () -- C:\Windows\eraser.exe [2012.08.30 08:42:13 | 000,000,224 | ---- | C] () -- C:\Windows\Sierra.ini [2012.08.09 11:24:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2012.06.21 16:20:04 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2012.06.21 16:12:09 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.02.14 20:47:04 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.02.14 20:47:04 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.02.14 20:47:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.02.14 20:44:22 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.02.14 19:59:54 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.06.22 00:45:28 | 000,122,484 | ---- | C] () -- C:\Program Files\quickplaymap_msl.png [2011.06.22 00:45:28 | 000,122,210 | ---- | C] () -- C:\Program Files\quickplaymap_ind.png [2011.06.22 00:45:28 | 000,093,248 | ---- | C] () -- C:\Program Files\softwaremap_msl.png [2011.06.22 00:45:28 | 000,092,713 | ---- | C] () -- C:\Program Files\softwaremap_ind.png [2011.06.22 00:45:26 | 009,532,452 | ---- | C] () -- C:\Program Files\Meiryoz.ttc [2011.06.06 14:50:40 | 000,000,659 | ---- | C] () -- C:\Program Files\Zune.exe.config [2011.06.06 14:50:26 | 000,251,333 | ---- | C] () -- C:\Program Files\softwaremap.png [2011.06.06 14:50:26 | 000,122,790 | ---- | C] () -- C:\Program Files\quickplaymap_rus.png [2011.06.06 14:50:26 | 000,122,620 | ---- | C] () -- C:\Program Files\quickplaymap_ell.png [2011.06.06 14:50:26 | 000,122,458 | ---- | C] () -- C:\Program Files\quickplaymap.png [2011.06.06 14:50:26 | 000,122,414 | ---- | C] () -- C:\Program Files\quickplaymap_plk.png [2011.06.06 14:50:26 | 000,122,134 | ---- | C] () -- C:\Program Files\quickplaymap_ptb.png [2011.06.06 14:50:26 | 000,122,068 | ---- | C] () -- C:\Program Files\quickplaymap_csy.png [2011.06.06 14:50:26 | 000,122,060 | ---- | C] () -- C:\Program Files\quickplaymap_jpn.png [2011.06.06 14:50:26 | 000,122,053 | ---- | C] () -- C:\Program Files\quickplaymap_nld.png [2011.06.06 14:50:26 | 000,121,952 | ---- | C] () -- C:\Program Files\quickplaymap_esp.png [2011.06.06 14:50:26 | 000,121,837 | ---- | C] () -- C:\Program Files\quickplaymap_deu.png [2011.06.06 14:50:26 | 000,121,834 | ---- | C] () -- C:\Program Files\quickplaymap_hun.png [2011.06.06 14:50:26 | 000,121,635 | ---- | C] () -- C:\Program Files\quickplaymap_ptg.png [2011.06.06 14:50:26 | 000,121,621 | ---- | C] () -- C:\Program Files\quickplaymap_ita.png [2011.06.06 14:50:26 | 000,121,558 | ---- | C] () -- C:\Program Files\quickplaymap_sve.png [2011.06.06 14:50:26 | 000,121,489 | ---- | C] () -- C:\Program Files\quickplaymap_dan.png [2011.06.06 14:50:26 | 000,121,403 | ---- | C] () -- C:\Program Files\quickplaymap_fra.png [2011.06.06 14:50:26 | 000,121,358 | ---- | C] () -- C:\Program Files\quickplaymap_chs.png [2011.06.06 14:50:26 | 000,121,257 | ---- | C] () -- C:\Program Files\quickplaymap_fin.png [2011.06.06 14:50:26 | 000,121,162 | ---- | C] () -- C:\Program Files\quickplaymap_cht.png [2011.06.06 14:50:26 | 000,121,155 | ---- | C] () -- C:\Program Files\quickplaymap_nor.png [2011.06.06 14:50:26 | 000,120,995 | ---- | C] () -- C:\Program Files\quickplaymap_kor.png [2011.06.06 14:50:26 | 000,100,499 | ---- | C] () -- C:\Program Files\softwaremap_ell.png [2011.06.06 14:50:26 | 000,099,979 | ---- | C] () -- C:\Program Files\softwaremap_rus.png [2011.06.06 14:50:26 | 000,098,663 | ---- | C] () -- C:\Program Files\softwaremap_plk.png [2011.06.06 14:50:26 | 000,098,431 | ---- | C] () -- C:\Program Files\softwaremap_ita.png [2011.06.06 14:50:26 | 000,098,102 | ---- | C] () -- C:\Program Files\softwaremap_ptb.png [2011.06.06 14:50:26 | 000,097,782 | ---- | C] () -- C:\Program Files\softwaremap_esp.png [2011.06.06 14:50:26 | 000,097,716 | ---- | C] () -- C:\Program Files\softwaremap_ptg.png [2011.06.06 14:50:26 | 000,097,580 | ---- | C] () -- C:\Program Files\softwaremap_deu.png [2011.06.06 14:50:26 | 000,097,435 | ---- | C] () -- C:\Program Files\softwaremap_fra.png [2011.06.06 14:50:26 | 000,097,298 | ---- | C] () -- C:\Program Files\softwaremap_csy.png [2011.06.06 14:50:26 | 000,096,751 | ---- | C] () -- C:\Program Files\softwaremap_cht.png [2011.06.06 14:50:26 | 000,096,737 | ---- | C] () -- C:\Program Files\softwaremap_hun.png [2011.06.06 14:50:26 | 000,096,603 | ---- | C] () -- C:\Program Files\softwaremap_jpn.png [2011.06.06 14:50:26 | 000,096,513 | ---- | C] () -- C:\Program Files\softwaremap_nld.png [2011.06.06 14:50:26 | 000,096,441 | ---- | C] () -- C:\Program Files\softwaremap_fin.png [2011.06.06 14:50:26 | 000,096,323 | ---- | C] () -- C:\Program Files\softwaremap_dan.png [2011.06.06 14:50:26 | 000,095,912 | ---- | C] () -- C:\Program Files\softwaremap_chs.png [2011.06.06 14:50:26 | 000,094,750 | ---- | C] () -- C:\Program Files\softwaremap_nor.png [2011.06.06 14:50:26 | 000,094,597 | ---- | C] () -- C:\Program Files\softwaremap_sve.png [2011.06.06 14:50:26 | 000,093,267 | ---- | C] () -- C:\Program Files\softwaremap_kor.png [2011.06.06 14:50:26 | 000,001,922 | ---- | C] () -- C:\Program Files\TopBar.gif [2011.06.06 14:50:26 | 000,000,988 | ---- | C] () -- C:\Program Files\ZuneLogo.gif [2011.06.06 14:50:26 | 000,000,631 | ---- | C] () -- C:\Program Files\Background.jpg [2011.06.06 14:50:26 | 000,000,054 | ---- | C] () -- C:\Program Files\Arrow.gif ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > und Nummer 2:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 03.06.2013 13:00:12 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\StrolchePC\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 59,52% Memory free
7,80 Gb Paging File | 6,05 Gb Available in Paging File | 77,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 277,83 Gb Total Space | 199,11 Gb Free Space | 71,67% Space Free | Partition Type: NTFS
Drive D: | 19,97 Gb Total Space | 2,14 Gb Free Space | 10,70% Space Free | Partition Type: NTFS
Computer Name: STROLCHEPC-HP | User Name: StrolchePC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{095DDED8-6666-4589-A4FB-5A28EA510261}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{39EB4F7F-9228-42DD-B662-26894387ACE0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002267FC-37F3-4C7E-885F-C04913F741F7}" = protocol=17 | dir=in | app=c:\users\strolchepc\appdata\roaming\dropbox\bin\dropbox.exe |
"{384957F8-4411-46CE-B357-3325157D8A98}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{41D2F08B-4550-422D-A358-FA3A3A2E7703}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B87AA04-4059-42B3-ABFA-E298FB2427E1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{62187711-6B52-48F1-9069-44A5EC897445}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{733D2563-1AD6-4027-8C14-5DC2016494B2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9D76C1CC-DFF4-43DA-A483-6EEF5B1EE06C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D97C5CB9-CFEA-4CE2-9E80-997C18A3E1B7}" = protocol=6 | dir=in | app=c:\users\strolchepc\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{2B6F8AFD-8B5B-4A74-A7F8-381E479118BD}C:\users\strolchepc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\strolchepc\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{CC152954-71D4-4928-933C-3AD18359E215}C:\program files (x86)\leechftp\leechftp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe |
"TCP Query User{D1239CD5-4C65-4F37-875E-B4EB59D21D6B}C:\program files (x86)\leechftp\leechftp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe |
"UDP Query User{788F4FCD-A818-4193-9039-85B7278D8638}C:\program files (x86)\leechftp\leechftp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe |
"UDP Query User{C6920D7F-B57B-42BF-9227-175C0CEAE4C0}C:\users\strolchepc\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\strolchepc\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{DBBECB31-72A4-4EF0-B0BD-A828F26C00F7}C:\program files (x86)\leechftp\leechftp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\leechftp\leechftp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}" = SpyHunter
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D3AA8FD3-5FFA-4CFC-BA8E-99BFC6A41943}" = HP Security Assistant
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F9E64F70-9BE4-4ECD-9B83-09E74CF5B6C3}" = AuthenTec TrueAPI 64-bit
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1879C1-B74A-4C6D-8880-E3F54B78E816}" = LG United Mobile Drivers
"{16793295-2366-40F7-A045-A3E42A81365E}" = Bing Bar
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 11
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{438363A8-F486-4C37-834C-4955773CB3D3}" = HP Setup
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7CE979C6-E5FF-41C5-B6CC-4EE18071563B}" = SierraAddressBook 3.0
"{7DA9DD7F-F4D9-40FB-BD27-69B7731DEDD9}" = ESU for Microsoft Windows 7 SP1
"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{880B5A98-B242-4B53-BD6F-41EA17495EAD}" = HP SimplePass PE
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390R 802.11b/g/n 1x1 Wi-Fi Adapter
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}" = HP Software Framework
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB183033-C2DD-4A37-B43C-943DD4B28C77}" = HP Documentation
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DCD01638-C22B-4AA1-ACCE-1C7150B02076}" = HP Software Framework
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer
"EasyBits Magic Desktop" = Magic Desktop
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"LeechFTP" = LeechFTP YOUCA
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Print Artist 10" = SierraHome Print Artist 10
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0a635999-4c20-4c67-8b20-5f516430ef6e" = Bejeweled 3
"WTA-1d8b9c93-6d8b-416d-a73b-ae9f241d9ba2" = Zuma's Revenge
"WTA-2752719c-9ebe-4277-af83-1a83cf4de91b" = Insaniquarium Deluxe
"WTA-28f2bd99-7211-42ad-8009-806e92b6dc72" = Jewel Quest II
"WTA-42e39ee3-f5cb-4429-a1b8-cc2474c2b701" = Jewel Match 3
"WTA-4a425888-f437-4fc5-851a-c69aff623f35" = Chuzzle Deluxe
"WTA-51d1c301-11eb-4563-be1a-882f88f8a205" = Polar Bowler
"WTA-6b592628-07ef-4777-8deb-634bda19e9e7" = Mahjongg Artifacts
"WTA-6c24dcb9-2912-4235-a067-bdccf94e1c38" = Torchlight
"WTA-76cafd05-b4a8-4e84-a4ab-16f24b11947b" = Wedding Dash
"WTA-82e7c6f2-0d81-49c9-879a-7592c95391b2" = Cradle of Rome 2
"WTA-8a30bbe6-0e4f-4d2d-aa51-72999f0863c9" = Virtual Villagers 4 - The Tree of Life
"WTA-8b70ec5f-71d3-4333-aab9-1a4dc3f9851b" = Mystery of Mortlake Mansion
"WTA-968f6f9f-a625-41f7-b0d4-36210a563666" = Virtual Families
"WTA-9fa713a1-edb0-4c1d-8ba8-c31ef7bbfeb2" = Jewel Quest Solitaire 2
"WTA-aa1f9db5-e5f0-4a9e-89b2-a0e0e205608e" = Final Drive Fury
"WTA-c317e616-f7eb-4aa5-aafc-106bc7f10a65" = Farm Frenzy
"WTA-cf26fad7-d74e-4ecb-bdb6-7f4de5d441ad" = Plants vs. Zombies - Game of the Year
"WTA-d7f4b557-29e8-4e7b-966b-e0fddd07e071" = Cake Mania
"WTA-e974bfb2-778f-4bf1-a97b-b2a9c49c9c3d" = Farmscapes
"WTA-fb23d625-6426-4e28-b952-f51cad06b932" = Fishdom (TM) 2
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.06.2013 06:34:43 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\strolchepc\downloads\esetsmartinstaller_enu
(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung
erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven
Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 06:34:43 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\strolchepc\downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 06:34:43 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\strolchepc\downloads\esetsmartinstaller_enu
(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung
erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven
Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 06:34:44 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\strolchepc\downloads\esetsmartinstaller_enu
(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung
erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven
Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 06:34:45 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\strolchepc\downloads\esetsmartinstaller_enu
(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung
erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven
Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 06:34:45 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\strolchepc\downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 06:34:45 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\strolchepc\downloads\esetsmartinstaller_enu
(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung
erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven
Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 06:34:46 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\strolchepc\downloads\esetsmartinstaller_enu
(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung
erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven
Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 06:34:46 | Computer Name = StrolchePC-HP | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\strolchepc\downloads\esetsmartinstaller_enu
(1).exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung
erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven
Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 03.06.2013 06:56:50 | Computer Name = StrolchePC-HP | Source = WinMgmt | ID = 10
Description =
[ Hewlett-Packard Events ]
Error - 16.08.2012 01:28:09 | Computer Name = StrolchePC-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 bei System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) bei System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) bei System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) bei System.Activator.CreateInstance(Type
type, Boolean nonPublic) bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
bei System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)
bei System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)
bei System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) bei System.Activator.CreateInstance(Type type, Boolean nonPublic)
bei HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib
Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: de-DE RAM: 3996 Ram
Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)
[ HP Software Framework Events ]
Error - 14.03.2012 17:34:03 | Computer Name = E4V3U6QM61RIF | Source = CaslSmBios | ID = 5
Description = 2012.03.14 22:34:03.840|000009E0|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt '
[ System Events ]
Error - 03.06.2013 04:06:01 | Computer Name = StrolchePC-HP | Source = DCOM | ID = 10010
Description =
Error - 03.06.2013 06:53:03 | Computer Name = StrolchePC-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "TrueSuiteService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 03.06.2013 06:56:57 | Computer Name = StrolchePC-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "esgiguard" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
Neustart gemacht, Spyhunter lebt wie eh und je :-( |
|
03.06.2013, 12:12
| #21 |
| /// the machine /// TB-Ausbilder | Rechner mit Spyhunter 4 infiziert Wann und was kommt von Spyhunter?
__________________ --> Rechner mit Spyhunter 4 infiziert |
|
03.06.2013, 12:19
| #22 |
| | Rechner mit Spyhunter 4 infiziert Direkt beim hochfahren öffnet sich das Programm automatisch und bietet mir an, den Computer zu scannen. Das Programm lässt sich problemlos schließen. Im Task-Manager ist spyhunter4.exe zu finden, lässt sich entfernen. Sonst ist sh4 nirgendwo zu entdecken. |
|
03.06.2013, 12:36
| #23 |
| /// the machine /// TB-Ausbilder | Rechner mit Spyhunter 4 infiziert Scan mit SystemLook Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.06.2013, 12:42
| #24 |
| | Rechner mit Spyhunter 4 infiziert SystemLook 30.07.11 by jpshortstuff Log created at 13:38 on 03/06/2013 by StrolchePC Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== filefind ========== Searching for "*SpyHunter*" C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe --a---- 7396224 bytes [19:34 14/01/2013] [19:34 14/01/2013] 67F37164CFE532E69FC4330C0A6C200D C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130515_072945.log --a---- 54116 bytes [05:29 15/05/2013] [05:30 15/05/2013] FCB025E2972164C4BAE6FBF02BC86EAE C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130516_075008.log --a---- 55247 bytes [05:50 16/05/2013] [05:50 16/05/2013] 835F19BA702C72ABD4BF8315E2702A4F C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130517_075559.log --a---- 52895 bytes [05:55 17/05/2013] [05:56 17/05/2013] 343F127D0D1B543734C0675EBF220118 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130521_090753.log --a---- 56215 bytes [07:07 21/05/2013] [07:08 21/05/2013] 2E83168D777B6D7F5102E3B02AD427A2 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130521_094904.log --a---- 52895 bytes [07:49 21/05/2013] [07:49 21/05/2013] 51ACC15494C6DFD22D6EDEF356417394 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130522_074420.log --a---- 55548 bytes [05:44 22/05/2013] [05:44 22/05/2013] 56B654E373E2B6503E001A4DFD27A0D9 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130527_073253.log --a---- 56228 bytes [05:32 27/05/2013] [05:33 27/05/2013] 3D1B4173D5006D83CA5D3FC063E5051C C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130527_194219.log --a---- 54984 bytes [17:42 27/05/2013] [17:42 27/05/2013] 8E3330F9C87EACB731A25C47D4F865DD C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130528_105828.log --a---- 54984 bytes [08:58 28/05/2013] [08:58 28/05/2013] 499E1F5585B7B2EBE347199433F95703 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130529_070522.log --a---- 54984 bytes [05:05 29/05/2013] [05:05 29/05/2013] 36D1D2715F3430B633BB937A51525876 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130530_072836.log --a---- 58589 bytes [05:28 30/05/2013] [05:29 30/05/2013] FE86782DA1F58004CD674CA89D8581A6 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130531_074132.log --a---- 58231 bytes [05:41 31/05/2013] [05:42 31/05/2013] 3D41439519F6F20FFC2DBF5C55AD85B0 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130603_093923.log --a---- 59069 bytes [07:39 03/06/2013] [07:40 03/06/2013] 8FB745D353B08C383FEC59B168A39EA4 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130603_095325.log --a---- 57836 bytes [07:53 03/06/2013] [08:24 03/06/2013] 91B8FA614AEA7FD7F4EDF2918EE9D317 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130603_102507.log --a---- 57747 bytes [08:25 03/06/2013] [10:56 03/06/2013] 6D368ACA6959ACFDF2D68CF32FEFB58D C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130603_125642.log --a---- 56986 bytes [10:56 03/06/2013] [10:56 03/06/2013] C88676D9FC286B876A9523F0E9A5F109 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130603_130938.log --a---- 56628 bytes [11:09 03/06/2013] [11:09 03/06/2013] 5340A8A0E8D7776F0E349BA3BB6BD9E2 ========== folderfind ========== Searching for "*SpyHunter*" C:\Program Files\Enigma Software Group\SpyHunter d------ [06:21 03/05/2013] C:\Users\StrolchePC\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_675554d9d852b6b198298b0db7335415d85d6_0f5cb5b7 d----c- [11:48 07/05/2013] C:\_OTL\MovedFiles\06032013_125303\C_Programme\Enigma Software Group\SpyHunter d------ [10:53 03/06/2013] ========== regfind ========== Searching for "SpyHunter" [HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\64C4C6B6E7B114A4E907CABF2BB2D118] "ProductName"="SpyHunter" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\esgiguard] "ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\esgiguard] "ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\esgiguard] "ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys" [HKEY_USERS\S-1-5-21-2781359-1254794159-3529466809-1000\Software\Microsoft\Installer\Products\64C4C6B6E7B114A4E907CABF2BB2D118] "ProductName"="SpyHunter" -= EOF =- |
|
03.06.2013, 12:44
| #25 |
| /// the machine /// TB-Ausbilder | Rechner mit Spyhunter 4 infiziert Ups, my bad  Benutz bitte die 64Bit Version http://jpshortstuff.247fixes.com/SystemLook_x64.exe Und mach die Suche bitte nochmal.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.06.2013, 12:48
| #26 |
| | Rechner mit Spyhunter 4 infiziert SystemLook 30.07.11 by jpshortstuff Log created at 13:47 on 03/06/2013 by StrolchePC Administrator - Elevation successful ========== filefind ========== Searching for "*SpyHunter*" C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe --a---- 7396224 bytes [19:34 14/01/2013] [19:34 14/01/2013] 67F37164CFE532E69FC4330C0A6C200D C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130515_072945.log --a---- 54116 bytes [05:29 15/05/2013] [05:30 15/05/2013] FCB025E2972164C4BAE6FBF02BC86EAE C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130516_075008.log --a---- 55247 bytes [05:50 16/05/2013] [05:50 16/05/2013] 835F19BA702C72ABD4BF8315E2702A4F C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130517_075559.log --a---- 52895 bytes [05:55 17/05/2013] [05:56 17/05/2013] 343F127D0D1B543734C0675EBF220118 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130521_090753.log --a---- 56215 bytes [07:07 21/05/2013] [07:08 21/05/2013] 2E83168D777B6D7F5102E3B02AD427A2 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130521_094904.log --a---- 52895 bytes [07:49 21/05/2013] [07:49 21/05/2013] 51ACC15494C6DFD22D6EDEF356417394 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130522_074420.log --a---- 55548 bytes [05:44 22/05/2013] [05:44 22/05/2013] 56B654E373E2B6503E001A4DFD27A0D9 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130527_073253.log --a---- 56228 bytes [05:32 27/05/2013] [05:33 27/05/2013] 3D1B4173D5006D83CA5D3FC063E5051C C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130527_194219.log --a---- 54984 bytes [17:42 27/05/2013] [17:42 27/05/2013] 8E3330F9C87EACB731A25C47D4F865DD C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130528_105828.log --a---- 54984 bytes [08:58 28/05/2013] [08:58 28/05/2013] 499E1F5585B7B2EBE347199433F95703 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130529_070522.log --a---- 54984 bytes [05:05 29/05/2013] [05:05 29/05/2013] 36D1D2715F3430B633BB937A51525876 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130530_072836.log --a---- 58589 bytes [05:28 30/05/2013] [05:29 30/05/2013] FE86782DA1F58004CD674CA89D8581A6 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130531_074132.log --a---- 58231 bytes [05:41 31/05/2013] [05:42 31/05/2013] 3D41439519F6F20FFC2DBF5C55AD85B0 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130603_093923.log --a---- 59069 bytes [07:39 03/06/2013] [07:40 03/06/2013] 8FB745D353B08C383FEC59B168A39EA4 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130603_095325.log --a---- 57836 bytes [07:53 03/06/2013] [08:24 03/06/2013] 91B8FA614AEA7FD7F4EDF2918EE9D317 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130603_102507.log --a---- 57747 bytes [08:25 03/06/2013] [10:56 03/06/2013] 6D368ACA6959ACFDF2D68CF32FEFB58D C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130603_125642.log --a---- 56986 bytes [10:56 03/06/2013] [10:56 03/06/2013] C88676D9FC286B876A9523F0E9A5F109 C:\Program Files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130603_130938.log --a---- 56628 bytes [11:09 03/06/2013] [11:09 03/06/2013] 5340A8A0E8D7776F0E349BA3BB6BD9E2 C:\Windows\System32\Tasks\SpyHunter4Startup --a---- 3356 bytes [06:21 03/05/2013] [06:21 03/05/2013] 432AEE58297663E08AF5DC625018E33A ========== folderfind ========== Searching for "*SpyHunter*" C:\Program Files\Enigma Software Group\SpyHunter d------ [06:21 03/05/2013] C:\Users\StrolchePC\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_675554d9d852b6b198298b0db7335415d85d6_0f5cb5b7 d----c- [11:48 07/05/2013] C:\_OTL\MovedFiles\06032013_125303\C_Programme\Enigma Software Group\SpyHunter d------ [10:53 03/06/2013] ========== regfind ========== Searching for "SpyHunter" [HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\64C4C6B6E7B114A4E907CABF2BB2D118] "ProductName"="SpyHunter" [HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\SpyHunter] [HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig] [HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig] "InstallLoc"="C:\Program Files\Enigma Software Group\SpyHunter" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SpyHunter 4 Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\Enigma Software Group\SpyHunter\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Program Files\Enigma Software Group\SpyHunter\Defs\"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders] "C:\Users\StrolchePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\"="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\167ED423049710645A22436AA88D0A99] "64C4C6B6E7B114A4E907CABF2BB2D118"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\1957C0511E2C398429B3643FC3CF903E] "64C4C6B6E7B114A4E907CABF2BB2D118"="C:\Program Files (x86)\Enigma Software Group\SpyHunter\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\1F94163E4B8E8524AB2D208677C1C639] "64C4C6B6E7B114A4E907CABF2BB2D118"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\AutoCheckUpdate" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\21B3B2A547DD5C14583129BD7D54AE43] "64C4C6B6E7B114A4E907CABF2BB2D118"="C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\270D6EC2A97B99548BA1F764A91027A1] "64C4C6B6E7B114A4E907CABF2BB2D118"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\2BAC083D35096B44C91BE7BCF2A9BE35] "64C4C6B6E7B114A4E907CABF2BB2D118"="22:\Software\EnigmaSoftwareGroup\SpyHunter\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\325484F6157B534449A295F31E20CC49] "64C4C6B6E7B114A4E907CABF2BB2D118"="C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.inf" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\3A1F744C14FB4E14A93C1628CDE36240] "64C4C6B6E7B114A4E907CABF2BB2D118"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorWinCom_remember" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\3B801397615ADA446AA0C0D27F8C35F5] "64C4C6B6E7B114A4E907CABF2BB2D118"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ShieldOnBoot" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\4EE16055EDFAB8E46BCE054F706E7050] "64C4C6B6E7B114A4E907CABF2BB2D118"="C:\Users\StrolchePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\54F23924A8B2A594D8F3B34555F857DB] "64C4C6B6E7B114A4E907CABF2BB2D118"="C:\Program Files\Enigma Software Group\SpyHunter\Defs\def.dat" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\5942B0FB3B0060E4FB3008F9D51CFC26] "64C4C6B6E7B114A4E907CABF2BB2D118"="C:\Program Files\Enigma Software Group\SpyHunter\native.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\5A2C306FF7B069949928B69774A9C8A0] "64C4C6B6E7B114A4E907CABF2BB2D118"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\GuardStatus" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\64717EB28EB8ECA4A9584B6BA7934B83] "64C4C6B6E7B114A4E907CABF2BB2D118"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ActiveDesktop_remember" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\79455857BB467F24D81891AAD09F7079] "64C4C6B6E7B114A4E907CABF2BB2D118"="C:\Program Files\Enigma Software Group\SpyHunter\ESGScanner.sys" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\799475A3B22A0B94085DE6AF372B869F] "64C4C6B6E7B114A4E907CABF2BB2D118"="C:\Program Files (x86)\Enigma Software Group\SpyHunter\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\8014B476AFF7674499E83E22C791A5A2] "64C4C6B6E7B114A4E907CABF2BB2D118"="C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\8D95E4363DF07F44FB6986E629D65FDB] "64C4C6B6E7B114A4E907CABF2BB2D118"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\ActHomePageProt" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\96F935B48BE0455459DB1E7E97E04BDF] "64C4C6B6E7B114A4E907CABF2BB2D118"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorDNS" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\9BDCF589B9440364E8DB3F9535DDBB9F] "64C4C6B6E7B114A4E907CABF2BB2D118"="C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\B0A0F90AD49B5994BB1DAD4DDC089CD6] "64C4C6B6E7B114A4E907CABF2BB2D118"="C:\Program Files (x86)\Enigma Software Group\SpyHunter\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\B435C9AD1BF350D48BE80D5A79BA2EEE] "64C4C6B6E7B114A4E907CABF2BB2D118"="C:\Program Files\Enigma Software Group\SpyHunter\ESGRKCHK.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\B8759E73AEB287C4485B33F51B7DE868] "64C4C6B6E7B114A4E907CABF2BB2D118"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorIEImages" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\C2E30ACAB517FB744ACF4672E649BE7F] "64C4C6B6E7B114A4E907CABF2BB2D118"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\Language" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\CA1A35F40F64E2C419551606C418D4C6] "64C4C6B6E7B114A4E907CABF2BB2D118"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\AutoUpdateDownload" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\D23A4A6BB4BD7474197B486733BBB37A] "64C4C6B6E7B114A4E907CABF2BB2D118"="C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\D69C9067CD45885488F1E05319EDD023] "64C4C6B6E7B114A4E907CABF2BB2D118"="C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\D75FE63EDA1D54A4CA6F51CADD11E656] "64C4C6B6E7B114A4E907CABF2BB2D118"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\CheckShOsCompatibility" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\D91BE455A0889C4458F258847859EC6F] "64C4C6B6E7B114A4E907CABF2BB2D118"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorHosts" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\DD372D2F4DF0D0540B2F37ED85511E4C] "64C4C6B6E7B114A4E907CABF2BB2D118"="22:\Software\EnigmaSoftwareGroup\SpyHunter\SpyHunterConfig\MonitorSystem" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\F87702C2D0F509E4FB7923DA78F44976] "64C4C6B6E7B114A4E907CABF2BB2D118"="C:\Program Files\Enigma Software Group\SpyHunter\license.txt" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Components\FD27396ADF8235D449146899FD9100FE] "64C4C6B6E7B114A4E907CABF2BB2D118"="C:\Program Files\Enigma Software Group\SpyHunter\Common.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Products\64C4C6B6E7B114A4E907CABF2BB2D118\InstallProperties] "InstallLocation"="C:\Program Files\Enigma Software Group\SpyHunter\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2781359-1254794159-3529466809-1000\Products\64C4C6B6E7B114A4E907CABF2BB2D118\InstallProperties] "DisplayName"="SpyHunter" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}] "DisplayIcon"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe,0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}] "InstallLocation"="C:\Program Files\Enigma Software Group\SpyHunter\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}] "DisplayName"="SpyHunter" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{106971EA-1E61-460B-A9D4-61153A0486D8}] "Path"="\SpyHunter4Startup" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\esgiguard] "ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\esgiguard] "ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\esgiguard] "ImagePath"="\??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys" [HKEY_USERS\S-1-5-21-2781359-1254794159-3529466809-1000\Software\Microsoft\Installer\Products\64C4C6B6E7B114A4E907CABF2BB2D118] "ProductName"="SpyHunter" -= EOF =- Habe jetzt noch diverse Termine und bin morgen wieder am Start. Dir erstmal vielen Dank und einen schönen Resttag! |
|
03.06.2013, 14:32
| #27 |
| /// the machine /// TB-Ausbilder | Rechner mit Spyhunter 4 infiziertFixen mit OTL
Code:
ATTFilter :files
C:\Program Files\Enigma Software Group
C:\Windows\System32\Tasks\SpyHunter4Startup
C:\Users\StrolchePC\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_675554d9d852b6b198298b0db7335415d85d6_0f5cb5b7
:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\64C4C6B6E7B114A4E907CABF2BB2D118]
[-HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SpyHunter 4 Service]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Enigma Software Group\SpyHunter\Defs\"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}]
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.06.2013, 09:18
| #28 |
| | Rechner mit Spyhunter 4 infiziert Moin! Kommen wir denn irgendwie weiter? Wir haben ja schon ganz schön viel gemacht, bisher ohne Erfolg, wie schätzt Du das ein, gibt es Grund zur Hoffnung? Hier der Text: ========== FILES ========== C:\Program Files\Enigma Software Group\SpyHunter\mon folder moved successfully. C:\Program Files\Enigma Software Group\SpyHunter\Log folder moved successfully. C:\Program Files\Enigma Software Group\SpyHunter\Downloads folder moved successfully. C:\Program Files\Enigma Software Group\SpyHunter\Defs folder moved successfully. C:\Program Files\Enigma Software Group\SpyHunter\Data folder moved successfully. C:\Program Files\Enigma Software Group\SpyHunter folder moved successfully. C:\Program Files\Enigma Software Group folder moved successfully. File\Folder C:\Windows\System32\Tasks\SpyHunter4Startup not found. C:\Users\StrolchePC\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppHang_SpyHunter4.exe_675554d9d852b6b198298b0db7335415d85d6_0f5cb5b7 folder moved successfully. ========== REGISTRY ========== Registry key HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\64C4C6B6E7B114A4E907CABF2BB2D118\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\EnigmaSoftwareGroup\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\SpyHunter4.exe\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SpyHunter 4 Service\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B6C4C46-1B7E-4A41-9E70-ACFBB22B1D81}\ not found. OTL by OldTimer - Version 3.2.69.0 log created on 06042013_101531 Ich bin Dir echt dankbar für Deine Hilfe! Hoffentlich lohnt sich der Aufwand auch. |
|
04.06.2013, 09:34
| #29 |
| /// the machine /// TB-Ausbilder | Rechner mit Spyhunter 4 infiziert Kommt Spyhunter immer noch?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.06.2013, 09:44
| #30 |
| | Rechner mit Spyhunter 4 infiziert Nein, habe Neustart gemacht, es startet nicht mehr selber und ist auch nicht mehr im Taskmanager. Faszinierend!!! |
|
| Themen zu Rechner mit Spyhunter 4 infiziert |
| administrator, anti-malware, automatisch, autostart, beenden, computer, desktop, explorer, hallo zusammen, infiziert, malwarebytes, neu, nicht mehr, probleme, programm, prozesse, rechner, scan, service, speicher, suche, taskmanager, trojaner, version |
Textbox. 
Linear-Darstellung
