|
Log-Analyse und Auswertung: Trojan.FakeMs in C:\Windows\AppData\TempWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.07.2013, 15:08 | #1 |
| Trojan.FakeMs in C:\Windows\AppData\Temp Hallo, mir ist gerade beim PC-Start aufgefallen, dass sich ein Visual Basic.Net Fenster geöffnet hat - sprich ein Server oder sonstiges von einem Trojaner bzw. des Trojaners. Daraufhin habe ich mir den Leitfaden durchgelesen und die Logs erstellt : OTL.txt: Code:
ATTFilter OTL logfile created on: 02.07.2013 14:56:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amar\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16618) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,43 Gb Available Physical Memory | 68,08% Memory free 15,96 Gb Paging File | 12,43 Gb Available in Paging File | 77,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 658,12 Gb Total Space | 338,90 Gb Free Space | 51,50% Space Free | Partition Type: NTFS Computer Name: AMAR-PC | User Name: Amar | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.02 14:51:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amar\Desktop\OTL.exe PRC - [2013.07.01 15:11:39 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe PRC - [2013.06.21 15:31:19 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe PRC - [2013.05.24 21:47:16 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.05.16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.09 00:27:36 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Amar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.12.19 16:49:30 | 000,642,808 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe PRC - [2012.12.12 14:56:00 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2012.12.07 17:26:56 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011.04.24 03:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe PRC - [2011.02.22 11:02:16 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe PRC - [2011.02.22 11:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe PRC - [2011.02.18 17:21:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe PRC - [2011.02.01 23:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.01.13 03:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.01.13 03:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe ========== Modules (No Company Name) ========== MOD - [2013.07.01 15:11:39 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll MOD - [2013.06.30 20:50:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b6eb138c3c9be780acb767c1bef572c1\System.Runtime.Remoting.ni.dll MOD - [2013.05.24 21:47:16 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.05.17 02:48:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.17 02:47:40 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013.05.17 02:47:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.05.16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2013.05.05 18:54:19 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d77f088f3bcade63facffdefd876fb6e\IAStorUtil.ni.dll MOD - [2013.04.01 19:36:59 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll MOD - [2013.04.01 19:36:50 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll MOD - [2013.04.01 19:36:41 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.04.01 19:36:17 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.04.01 19:36:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.04.01 19:36:07 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.02.11 08:12:18 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2012.12.12 14:56:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2012.12.12 14:56:00 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2012.12.12 14:56:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2012.12.12 14:56:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2012.12.12 14:56:00 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll MOD - [2012.12.12 14:56:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2012.12.12 14:56:00 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2012.12.12 14:56:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2012.12.12 14:56:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll MOD - [2011.02.22 11:01:38 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll MOD - [2011.02.22 11:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe MOD - [2010.11.21 05:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.02.01 16:09:38 | 012,907,520 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe -- (MySQL) SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.05.10 15:01:08 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2010.11.29 16:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013.07.01 16:08:35 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.21 15:31:19 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2013.05.24 21:47:16 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.10 23:43:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2013.01.28 15:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.12.07 17:26:56 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012.01.05 17:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv) SRV - [2011.04.24 03:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2011.04.02 23:09:38 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service) SRV - [2011.02.01 23:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.01 23:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.01.13 03:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.21 15:36:07 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2013.06.21 15:36:07 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:64bit: - [2013.06.21 15:36:07 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:64bit: - [2013.02.06 08:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2013.02.06 08:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.12.07 18:27:50 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.10.25 12:42:02 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2012.10.25 12:42:02 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.01 06:57:51 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2011.06.01 06:57:51 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2011.06.01 06:57:51 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 06:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2011.03.10 06:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2011.03.01 16:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.11.29 16:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.12 08:23:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.11.09 12:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.09.30 07:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.09.30 07:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.09.27 09:24:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.07.20 11:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.11.02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.07.10 05:25:42 | 000,314,904 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0102.sys -- (RsFx0102) DRV - [2012.11.16 17:51:26 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0E7B197B-A3DE-4FD4-A19A-1EECF791D16F} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{0E7B197B-A3DE-4FD4-A19A-1EECF791D16F}: "URL" = hxxp://www.baidu.com/s?tn=mswin_oem_dg&ie=utf-8&word={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=12092018_15_hao_pg IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D 9D 3A B7 6D 08 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0E7B197B-A3DE-4FD4-A19A-1EECF791D16F} IE - HKCU\..\SearchScopes\{0E7B197B-A3DE-4FD4-A19A-1EECF791D16F}: "URL" = hxxp://www.baidu.com/s?tn=mswin_oem_dg&ie=utf-8&word={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.autoconfig_url: "https://mediahint.com/default.pac" FF - prefs.js..network.proxy.type: 2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@kuaiyong.yrtd.com,version=1.0.1.1: C:\Program Files (x86)\kuaiyong\np_kyplugin.dll (YRTD) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.06.21 15:36:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.06.21 15:36:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.06.21 15:36:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.06.21 15:36:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.06.21 15:36:09 | 000,000,000 | ---D | M] [2013.02.11 00:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amar\AppData\Roaming\mozilla\Extensions [2013.06.21 14:28:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amar\AppData\Roaming\mozilla\Firefox\Profiles\eqbh7065.default\extensions [2013.05.24 21:47:39 | 000,334,744 | ---- | M] () (No name found) -- C:\Users\Amar\AppData\Roaming\mozilla\firefox\profiles\eqbh7065.default\extensions\langpack-de@firefox.mozilla.org.xpi [2013.06.21 14:28:57 | 000,069,465 | ---- | M] () (No name found) -- C:\Users\Amar\AppData\Roaming\mozilla\firefox\profiles\eqbh7065.default\extensions\mediahint@jetpack.xpi [2013.05.08 23:21:28 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Amar\AppData\Roaming\mozilla\firefox\profiles\eqbh7065.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.24 21:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.24 21:47:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.06.21 15:36:09 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM O1 HOSTS File: ([2013.02.25 21:05:08 | 000,001,045 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com # alcohol 120% O1 - Hosts: 127.0.0.1 alcohol-soft.com # alcohol 120% O1 - Hosts: 127.0.0.1 images.alcohol-soft.com # alcohol 120% O1 - Hosts: 127.0.0.1 mermaidconsulting.dk # alcohol 120% O1 - Hosts: 127.0.0.1 195.137.236.101 O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKCU..\Run: [HP Officejet Pro 8500 A910 (NET)] C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKCU..\Run: [iDevice Manager Launcher] C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de) O4 - HKCU..\Run: [kis13.0.1.4190de-Setup.exe] C:\Users\Amar\Downloads\Kaspersky Internet Security 13.0.1.4190\kis13.0.1.4190de-Setup.exe File not found O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Amar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\SysWOW64\PrxerNsp.dll (Initex Software) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex Software) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex Software) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7DF5E25-B9B6-475D-9B41-550A3971EFAD}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\Program Files (x86)\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\Program Files (x86)\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\devicesetup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\devicesetuplauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\hp officejet pro 8500 a910.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\hpqdtss.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\hpqlpvwr.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\hpscan.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\devicesetup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\devicesetuplauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hp officejet pro 8500 a910.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hpqdtss.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hpqlpvwr.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hpscan.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{fdea26ef-a42d-11e2-990b-b870f4900592}\Shell - "" = AutoRun O33 - MountPoints2\{fdea26ef-a42d-11e2-990b-b870f4900592}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.02 14:51:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Amar\Desktop\OTL.exe [2013.07.02 14:21:47 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\Malwarebytes [2013.07.02 14:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.07.02 14:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.02 14:21:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.07.02 14:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.07.02 14:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.07.02 14:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.07.02 14:19:10 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.07.02 14:19:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.07.02 14:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2013.07.02 02:22:33 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pink Tissue [2013.07.02 02:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pink Tissue [2013.07.01 19:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTA IV Vehicle Mod Installer [2013.07.01 19:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GTA IV Vehicle Mod Installer [2013.07.01 18:57:37 | 000,000,000 | ---D | C] -- C:\Users\Amar\Desktop\gta sa music [2013.07.01 18:34:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GTA San Andreas User Files [2013.07.01 18:27:25 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.07.01 17:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2013.06.28 14:00:43 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2 [2013.06.28 14:00:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2 [2013.06.28 14:00:28 | 001,431,552 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll [2013.06.28 14:00:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VstPlugins [2013.06.28 14:00:27 | 000,000,000 | ---D | C] -- C:\Users\Amar\Documents\Image-Line [2013.06.28 14:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line [2013.06.28 14:00:16 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line [2013.06.28 14:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim [2013.06.28 13:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line [2013.06.28 13:50:27 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\Image-Line [2013.06.27 22:06:59 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\Canneverbe Limited [2013.06.27 22:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2013.06.27 22:06:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP [2013.06.27 21:39:26 | 000,000,000 | ---D | C] -- C:\Users\Amar\Documents\Ableton [2013.06.27 21:39:26 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\Ableton [2013.06.27 21:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Propellerhead Software [2013.06.27 21:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton [2013.06.23 19:14:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.06.23 19:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.06.23 19:09:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.06.23 19:08:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.06.23 18:46:08 | 000,073,728 | ---- | C] (Initex Software) -- C:\Windows\SysWow64\PrxerDrv.dll [2013.06.23 18:46:08 | 000,061,440 | ---- | C] (Initex Software) -- C:\Windows\SysWow64\PrxerNsp.dll [2013.06.23 18:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proxifier [2013.06.23 18:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proxifier [2013.06.21 15:19:37 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\KW [2013.06.21 15:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013 [2013.06.21 15:14:48 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll [2013.06.21 15:14:09 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP [2013.06.21 15:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.06.21 15:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2013.06.21 15:13:56 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys [2013.06.21 15:13:56 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys [2013.06.21 15:07:40 | 000,000,000 | --SD | C] -- C:\Users\Amar\Documents\Passwords Database [2013.06.21 14:24:01 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\dBpoweramp [2013.06.12 18:45:27 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\kuaiyong [2013.06.12 18:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\¿ìÓÃÆ»¹ûÖúÊÖ [2013.06.12 18:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kuaiyong [2013.06.11 15:57:17 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\tweakcube3 [2013.06.11 15:55:50 | 000,000,000 | ---D | C] -- C:\Users\Amar\Documents\ihelper [2013.06.11 15:55:37 | 000,000,000 | ---D | C] -- C:\downloads [2013.06.11 15:51:07 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\ihelper [2013.06.11 15:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPÖúÊÖ [2013.06.11 15:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PPÖúÊÖ [2013.06.11 15:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.06.11 15:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.06.11 15:35:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.06.11 15:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.06.11 15:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.02 15:01:25 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.02 15:01:25 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.02 14:53:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.02 14:53:26 | 2133,217,279 | -HS- | M] () -- C:\hiberfil.sys [2013.07.02 14:52:33 | 000,000,020 | ---- | M] () -- C:\Users\Amar\defogger_reenable [2013.07.02 14:51:55 | 000,377,856 | ---- | M] () -- C:\Users\Amar\Desktop\gmer_2.1.19163.exe [2013.07.02 14:51:26 | 000,050,477 | ---- | M] () -- C:\Users\Amar\Desktop\Defogger.exe [2013.07.02 14:51:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amar\Desktop\OTL.exe [2013.07.02 14:21:34 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.02 14:19:16 | 000,001,387 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.07.02 02:23:33 | 000,001,138 | ---- | M] () -- C:\Users\Amar\Documents\ax_files.xml [2013.07.02 02:08:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.28 23:16:09 | 000,000,181 | ---- | M] () -- C:\Users\Amar\AppData\Roaming\Current.prx [2013.06.28 14:00:28 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 10.lnk [2013.06.28 13:55:54 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.28 13:55:53 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.28 13:47:31 | 001,994,940 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.06.28 13:47:31 | 000,840,512 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.28 13:47:31 | 000,794,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.28 13:47:31 | 000,203,746 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.28 13:47:31 | 000,175,934 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.28 13:47:24 | 001,994,940 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.27 21:26:09 | 000,000,132 | ---- | M] () -- C:\Users\Amar\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.06.21 15:36:07 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys [2013.06.21 15:36:07 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys [2013.06.21 15:36:07 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys [2013.06.21 15:36:06 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys [2013.06.21 15:15:49 | 000,002,348 | ---- | M] () -- C:\Users\Amar\Desktop\Sicherer Zahlungsverkehr.lnk [2013.06.21 15:14:49 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.02 14:52:33 | 000,000,020 | ---- | C] () -- C:\Users\Amar\defogger_reenable [2013.07.02 14:51:54 | 000,377,856 | ---- | C] () -- C:\Users\Amar\Desktop\gmer_2.1.19163.exe [2013.07.02 14:51:25 | 000,050,477 | ---- | C] () -- C:\Users\Amar\Desktop\Defogger.exe [2013.07.02 14:21:34 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.02 14:19:16 | 000,001,399 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.07.02 14:19:16 | 000,001,387 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.07.01 15:11:40 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.28 14:00:28 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 10.lnk [2013.06.28 13:55:54 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.28 13:55:53 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.27 22:06:50 | 000,001,907 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2013.06.27 21:30:24 | 000,000,881 | ---- | C] () -- C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Suite.lnk [2013.06.23 18:46:11 | 000,000,181 | ---- | C] () -- C:\Users\Amar\AppData\Roaming\Current.prx [2013.06.21 15:15:49 | 000,002,348 | ---- | C] () -- C:\Users\Amar\Desktop\Sicherer Zahlungsverkehr.lnk [2013.06.21 15:14:56 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk [2013.05.02 23:02:16 | 000,000,092 | ---- | C] () -- C:\Users\Amar\AppData\Local\fusioncache.dat [2013.05.02 21:29:15 | 000,000,584 | ---- | C] () -- C:\Windows\ODBC.INI [2013.04.22 17:50:39 | 000,000,118 | ---- | C] () -- C:\Windows\WinInit.Ini [2013.04.18 22:17:36 | 007,261,768 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2013.04.18 22:17:36 | 000,017,870 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2013.03.30 20:32:52 | 001,994,940 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.15 16:02:03 | 000,017,408 | ---- | C] () -- C:\Users\Amar\AppData\Local\WebpageIcons.db [2013.02.13 21:15:49 | 000,000,132 | ---- | C] () -- C:\Users\Amar\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.02.11 23:44:27 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2013.02.11 18:54:08 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.02.10 23:23:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.02.10 23:20:51 | 000,003,126 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2012.12.19 21:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.12.19 21:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.06.01 06:31:02 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2004.08.26 04:14:58 | 000,000,259 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1029634848-2562057846-3894920487-1001\$RS9ZZ3Z\Source\Source\boost_1_34_1\boost_1_34_1\tools\build\v2\example\variant\libs\l.cpp [2002.08.16 07:25:22 | 000,000,028 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1029634848-2562057846-3894920487-1001\$RS9ZZ3Z\Source\Source\boost_1_34_1\boost_1_34_1\tools\build\v2\test\generators-test\x.l [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.07.01 16:55:27 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\.minecraft [2006.06.11 10:35:34 | 000,000,000 | -H-D | M] -- C:\Users\Amar\AppData\Roaming\024FB306 [2013.06.27 21:39:41 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\Ableton [2013.06.27 22:06:59 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\Canneverbe Limited [2013.06.21 14:33:16 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\dBpoweramp [2013.04.18 22:19:03 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\foobar2000 [2013.04.10 15:09:14 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\HTC [2013.06.20 18:36:40 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\ihelper [2013.06.28 13:50:27 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\Image-Line [2013.04.20 20:00:30 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\ImgBurn [2013.07.02 14:29:05 | 000,000,000 | RHSD | M] -- C:\Users\Amar\AppData\Roaming\install [2013.02.18 21:55:14 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\JavaEditor [2013.06.12 18:45:27 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\kuaiyong [2013.06.21 15:31:11 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\KW [2013.03.11 16:20:33 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\mp3DirectCut [2013.05.22 12:51:37 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\Mp3tag [2013.02.21 19:56:42 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\NetBeans [2013.05.09 00:15:50 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\PhotoScape [2013.03.30 20:37:19 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\Software4u [2013.06.27 21:00:50 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\Spotify [2013.05.02 23:45:33 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\TeamViewer [2013.02.11 13:27:00 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\TuneUp Software [2013.06.12 17:45:35 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\tweakcube3 [2013.04.23 12:25:42 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.07.2013 14:56:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amar\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16618) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,43 Gb Available Physical Memory | 68,08% Memory free 15,96 Gb Paging File | 12,43 Gb Available in Paging File | 77,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 658,12 Gb Total Space | 338,90 Gb Free Space | 51,50% Space Free | Partition Type: NTFS Computer Name: AMAR-PC | User Name: Amar | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A586EBD-D5DF-43B2-935B-576015E49363}" = lport=139 | protocol=6 | dir=in | app=system | "{357C2FC0-E46D-49FD-809C-77C3A69F4889}" = lport=445 | protocol=6 | dir=in | app=system | "{3BB3E473-1297-4687-87F6-81D136A9F54A}" = lport=10243 | protocol=6 | dir=in | app=system | "{3CA34792-2661-446B-87CC-D34D6244AA06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{3F7F1D31-52F2-4C24-BB9A-99214FD061E8}" = lport=138 | protocol=17 | dir=in | app=system | "{4B541792-F861-46EB-B02D-BD3E9A8C8AC0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{82566D63-06BF-490D-AD88-3D352A1871CC}" = rport=10243 | protocol=6 | dir=out | app=system | "{A9A84B32-AE0D-41D4-A9BB-890DB37D8EE1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{AD966234-2A27-4978-AA70-8F4A51F37369}" = rport=137 | protocol=17 | dir=out | app=system | "{B9C1572D-8C5D-4D60-9756-BE244C1D89D9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C8F712E0-E976-4979-916D-24F4FB7655DE}" = rport=445 | protocol=6 | dir=out | app=system | "{CF58604B-2E68-414E-A85A-84CDAFAEE071}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D0EC9D7F-2474-4ED5-A9B3-BDB9798BB39F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{D1BE9EDE-1791-4008-82D2-6F55B46DA753}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D1E8C905-D439-48B3-89D0-F92FA947ED92}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D7D47619-BFF2-4F51-B547-AC20A2D1DAAD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D80A341B-105C-4089-946C-0F9C5BF8FE09}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E1D80313-EE2E-4266-876F-37D6E59980EE}" = lport=137 | protocol=17 | dir=in | app=system | "{E733C8B6-9A0C-4625-B531-A3E8F4F9A935}" = rport=138 | protocol=17 | dir=out | app=system | "{EE5061C6-2EB0-4F7C-B643-3C07FABD66A0}" = lport=2869 | protocol=6 | dir=in | app=system | "{F28E0FBA-86DE-47ED-9F7A-13881EADC5E3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{F76A573F-AD8A-4369-8FE1-CF82EC3B0A80}" = rport=139 | protocol=6 | dir=out | app=system | "{FB28AC93-9679-4491-B076-0E13A6C687C1}" = lport=3306 | protocol=6 | dir=in | name=port 3306 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02D2FEFF-4F7D-4495-9239-DAB20C04EF58}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{043331F2-9B7C-4908-B516-C63F90CA344A}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe | "{07FC4C58-1312-4105-BCBD-B06B6D19390F}" = protocol=6 | dir=in | app=c:\users\amar\appdata\roaming\utorrent\utorrent.exe | "{0FD4BF93-2722-491D-AEB7-8944C1A05BF5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{1006297E-252D-45E3-B987-E7D142B5002B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{110BA694-1BB2-4A42-8C43-1768A4F64CCB}" = protocol=6 | dir=out | app=system | "{1309E647-4EEB-4175-89FB-ADCD22259CA9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{15C7C9C8-7918-4B5A-895A-7DDD99C407BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1B66537C-A70F-40F0-9EC3-3F97F88CC944}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\digitalwizards.exe | "{2039EA2C-A77A-44E5-BB3D-52E036F3893F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{213D4622-D09F-4B14-BF58-0B2029E7D0DA}" = protocol=17 | dir=in | app=c:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe | "{21FC6784-178D-4E95-9911-F1C37C90CA3A}" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 13\manager13.exe | "{26FF767C-F25C-49E8-ACE9-77930AE69AC9}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe | "{290BFD85-C135-49C8-B3BB-8D7D5727A3E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2B2F50C8-6BFD-4177-98DC-F19D4F985EDA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{2D5176E4-431C-4530-9AE5-C34275B697B1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{30613E20-3E91-46D0-A954-53BF96BE8D56}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{3EF33227-BFA9-49D2-A3FA-4C15E5F80123}" = protocol=17 | dir=in | app=c:\users\amar\appdata\roaming\utorrent\utorrent.exe | "{42025C8A-90F4-4107-AA76-C727F380271A}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\faxapplications.exe | "{42451417-D44F-41AE-B26C-404349071540}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{425841C4-EDA2-48D1-B0BE-2D922BAC38D5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{441CC7FB-6900-4920-9343-3771C0406696}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | "{48F4E0B0-A9B5-4C83-BE04-7E1976E760E1}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | "{5994DF41-56B4-48E4-8EB1-C83921A0D00A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe | "{59F3BC66-7748-4DEA-BF6C-6D9F28051F17}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{61C93251-94E2-4C1E-A438-57F28FB2B417}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicatorcom.exe | "{689D1B7F-0AC6-401F-A679-BADA3C8F0AEA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6BA7B4C1-C0F7-43C7-B0D7-5112D5359204}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | "{7A13024E-A987-4D05-8031-0A69E4C89125}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe | "{7A3A3AF9-24F3-4158-9D6B-7D5362AABCB9}" = protocol=6 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | "{7D04079D-DC69-4318-BEA4-6BC099B58C3B}" = protocol=17 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | "{8995B238-5B36-4D33-84CD-9A895CCB0E34}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8B05F618-8C94-48A4-873E-1A549093328E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8BE980B8-885E-4316-8EA4-3EEA89914C06}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{8F8AB82B-2AB4-4AD5-A813-0BC970DDDA34}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9300AD1C-765C-4346-9A0F-8C7CCB483451}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{A82EB775-60B6-4493-B2FC-1457757921DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AED67B8B-FEDD-4EB0-B5D8-E231BF206F9A}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | "{B30C9D1F-8F7B-47A5-B72F-1A8C9D58C1FD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{B442256E-7E18-4E63-8FE2-883F756739A9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{BB4F288A-766A-43DE-9AE6-AD9CC125E272}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BB5EA5AF-1065-4356-8EB0-A148CD1DC005}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C36F9F54-63DC-4832-BA6E-F4B331D45D13}" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 13\manager13.exe | "{C48BB313-6D38-49CB-8605-9ED7EEA1EFA3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C7AF1D9A-AFDB-4956-B8A8-2BC25512802E}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\sendafax.exe | "{D6253D37-667E-4B4F-92BF-0ED2BEE44B19}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D678A5A2-E25E-4DC1-9100-B8D5D89E5C35}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe | "{E9CF2BA8-5652-4A74-847C-D2CACFB22F0D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{EAEE54D9-8C03-4D24-B95A-1D6322C0AA1E}" = protocol=6 | dir=in | app=c:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe | "{F2D01E7C-B4B6-488B-8E0C-AA468D077120}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{FB5C1ECA-E9AF-45E8-85DE-935F6513456B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{FD352E30-C800-40D5-95A8-ED5C9829B705}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe | "TCP Query User{662332FD-2532-47F8-AE44-FA88E8E15923}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | "TCP Query User{699B5DDF-69F5-4E2E-8160-8E5F552D998F}C:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\javaw.exe | "UDP Query User{134676A5-06DA-4606-9494-209184DB0EB9}C:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\javaw.exe | "UDP Query User{C15DB273-6E17-409C-A634-A47D36840DA0}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0838B70E-B35E-AC61-EF41-3E9472AD6C41}" = AMD Drag and Drop Transcoding "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC4 "{0A8BEF69-0DD7-4A8F-9AED-0CB91BEBCB58}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät "{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared "{0B4D413C-9E19-4087-AA21-D7BD1A9B3075}" = SQL Server 2008 R2 Common Files "{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit) "{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{362A3FDF-B12E-436A-9097-1B795A9FFCC5}" = Microsoft SQL Server 2008 R2 Native Client "{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files "{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{56DA0CB5-ABD2-4318-BEAB-62FDBC9B12CC}" = MySQL Server 5.6 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{629C521E-5C03-4A17-9851-F8313A41BB20}" = Ableton Live 9 Suite "{64A3A4F4-B792-11D6-A78A-00B0D0170130}" = Java SE Development Kit 7 Update 13 (64-bit) "{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 Management Studio "{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes "{79FB3E7E-FD92-49A9-AAD1-193EE4CB85D3}" = Microsoft SQL Server 2008 R2 Setup (English) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89DF2F55-6625-49D7-BC0D-326FE62DD98E}" = Microsoft SQL Server 2008 Database Engine Services "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8E7D00D0-255E-F084-28A3-400DCD5EF8A7}" = ccc-utility64 "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010 "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010 "{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1) "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9FFAE13C-6160-4DD0-A67A-DAC5994F81BD}" = Microsoft SQL Server 2008 Database Engine Services "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared "{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 "{D49B01F1-79D6-4448-916E-152832EC3B64}" = SQL Server 2008 R2 Management Studio "{E35C24C7-231F-4AAB-8B22-A59F9A00BED3}" = Microsoft SQL Server 2008 RsFx Driver "{ED321628-843E-4319-8C6D-CB3C919323AC}" = MysticThumbs "{F37A899E-1745-52F5-658F-9A4DA4D46BB7}" = AMD Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F800CF18-6470-D909-B460-73F2F41030B4}" = AMD Accelerated Video Transcoding "{F9434B34-EDCA-DF34-FD55-8D66DF8DBECF}" = AMD Media Foundation Decoders "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services "Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter "Elantech" = ETDWare PS/2-X64 8.0.6.0_WHQL "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit) "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit) "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit) "nbi-nb-base-7.3.0.0.201302132200" = NetBeans IDE 7.3 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam "{03B442FC-5A92-490B-8A13-4EBAEA08D857}" = MySQL Connector J "{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3 "{0C91919D-0386-C260-0822-7A01C5BCD58A}" = CCC Help Greek "{132E7CFD-3508-4605-90C9-1C9631C56229}" = MySQL Documents 5.6 "{143593DA-4632-50AE-A6D9-7676695B33C8}" = CCC Help Finnish "{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = MediaEspresso "{16584456-9AD2-3FA4-C8B5-B2EE2D856E6C}" = Catalyst Control Center Localization All "{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR "{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English "{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1 "{1C7BC0A1-2EBB-4637-B48D-A5C7C43004CD}" = 人妻ンション2 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20610409-CA18-41A6-9E21-A93AE82EE7C5}" = Visual Studio .NET Professional 2003 - English "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2BB114DA-C718-45FE-8AB9-DEFFF0EA5569}_is1" = Grand Theft Auto San Andreas "{2E3FA0CF-AC2D-4E6F-8EF3-D75E91681441}_is1" = ¿ìÓÃÆ»¹ûÖúÊÖ 2.0.1.0 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver "{33365E1D-B501-AA04-F802-88BF0A4DB9F7}" = CCC Help French "{3888A22E-1A9E-4DBE-A93B-42385141F37D}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools DEU "{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4 "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3E39024D-9F83-4BF2-B87F-0768608FE0B5}" = MySQL Installer "{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client "{43C5AF90-0558-590E-30A3-7A8FEEA4B45B}" = Catalyst Control Center Graphics Previews Common "{441B922B-E0AC-F7BB-E577-095E3E3B8D03}" = CCC Help Turkish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum "{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{5086BF95-2E26-183E-E63D-D25F9963D2B1}" = PX Profile Update "{50ABF86D-0BDB-31AD-97FD-E8A55564EBF9}" = Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City "{5454083B-1308-4485-BF17-111000028702}" = Grand Theft Auto: Episodes from Liberty City "{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City "{5454083B-1308-4485-BF17-111000038702}" = Grand Theft Auto: Episodes from Liberty City "{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "{5C03C49F-662A-B4EF-E5EC-1C1FFFDD6578}" = CCC Help Norwegian "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 11.33a, 2013.02.11 "{6833245E-DD86-479A-882A-8360D62C8194}" = NVIDIA PhysX "{69ABD76E-52E6-E809-9E6B-B6E194DF6E30}" = CCC Help Portuguese "{6C84C3D8-F2E1-EF85-34E2-EFD8C583A414}" = CCC Help Swedish "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6 "{78033A38-50E2-4A65-823F-C1B34DF9FE41}" = Microsoft SQL Server 2008 R2-Richtlinien "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7DA5255C-EE35-848E-4482-407BB876BD15}" = CCC Help Russian "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX "{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3 "{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13 "{831C840A-8331-E269-24EE-52A3EDEC8830}" = CCC Help Chinese Traditional "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{8343C2D8-09DF-38B3-9D1A-A26148918E45}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU "{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AF92104-2955-867B-E374-63FA2AB55CC4}" = CCC Help Korean "{9BC10B90-1592-3C5A-BBA7-BACDA0B52405}" = CCC Help Japanese "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A71AF1EF-6C46-DC9A-84C0-0DADE7F3BEEE}" = CCC Help Hungarian "{A7527D8A-4C50-9D56-CB37-922E1EC96B82}" = CCC Help Thai "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{B7416D0F-8282-468A-5C3D-CA5713B6F4C0}" = Catalyst Control Center "{B78CFC07-B623-4995-ADCC-B2B4D59D083A}" = HTC Sync "{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi "{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2 "{BD21728C-22C5-2D69-2F52-C4437E8FF02E}" = Catalyst Control Center InstallProxy "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013 "{CA311B78-954E-44BC-913F-B5B8B74A786B}" = CCC Help German "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English "{E0184F33-58CA-A249-0D1B-F23F9206410D}" = CCC Help English "{E28884AE-E40E-2F71-9511-8CC8C071147F}" = CCC Help Chinese Standard "{E3DB1759-C652-E0E3-5B88-76286BF9B6D0}" = CCC Help Dutch "{E4F26D72-E0BA-33B5-E5A4-542C545EFAAA}" = CCC Help Polish "{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding "{E8AC6BBD-9A99-404C-9638-F633312CD441}_is1" = Batman: Arkham City Digital Deluxe Edition "{E9820957-CB43-3BD1-3A00-25C7CB37EE1D}" = CCC Help Danish "{ECC9BBF1-5735-F27B-E25A-5522D8B3F044}" = CCC Help Italian "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{EEC3A4C1-2B49-00CF-DA00-B27DC267236E}" = CCC Help Spanish "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F47662E5-C972-89F6-0416-5BAC56E835F9}" = CCC Help Czech "{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE) "0630-0716-3135-7887" = JDownloader 2 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ASIO4ALL" = ASIO4ALL "BioShock Infinite_is1" = BioShock Infinite "Cheat Engine 6.2_is1" = Cheat Engine 6.2 "dBpoweramp Music Converter" = dBpoweramp Music Converter "Deus Ex Human Revolution_is1" = Deus Ex Human Revolution "DX10" = DX10 "Edison" = Edison "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager "FL Studio 10" = FL Studio 10 "foobar2000" = foobar2000 v1.2.4 "FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12 "GTA IV Vehicle Mod Installer v1.5_is1" = GTA IV Vehicle Mod Installer v1.5 "Identity Card" = Identity Card "IL Download Manager" = IL Download Manager "IL DrumSynth Live" = IL DrumSynth Live "IL Shared Libraries" = IL Shared Libraries "IL Slicex" = IL Slicex "ImgBurn" = ImgBurn "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam "InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager "InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1 "Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU" = Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Mp3tag" = Mp3tag v2.55a "PhotoScape" = PhotoScape "PPÖúÊÖ PC°æ" = PPÖúÊÖ PC°æ 0.8.8 "Proxifier_is1" = Proxifier version 2.91 "ResourceHacker_is1" = Resource Hacker Version 3.6.0 "SimSynth" = SimSynth "TuneUp Utilities 2013" = TuneUp Utilities 2013 "uTorrent" = µTorrent "Visual Studio .NET Professional 2003 - English" = Microsoft Visual Studio .NET Professional 2003 - English "VLC media player" = VLC media player 2.0.6 "World of Warcraft" = World of Warcraft ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 02.05.2013 16:52:20 | Computer Name = Amar-PC | Source = COM+ | ID = 4792 Description = Error - 02.05.2013 16:52:20 | Computer Name = Amar-PC | Source = COM+ | ID = 4792 Description = Error - 02.05.2013 16:52:20 | Computer Name = Amar-PC | Source = COM+ | ID = 4792 Description = Error - 02.05.2013 16:52:21 | Computer Name = Amar-PC | Source = COM+ | ID = 4792 Description = Error - 02.05.2013 16:52:21 | Computer Name = Amar-PC | Source = COM+ | ID = 4792 Description = Error - 02.05.2013 16:52:21 | Computer Name = Amar-PC | Source = COM+ | ID = 4792 Description = Error - 02.05.2013 16:52:21 | Computer Name = Amar-PC | Source = COM+ | ID = 4792 Description = Error - 02.05.2013 16:52:21 | Computer Name = Amar-PC | Source = COM+ | ID = 4792 Description = Error - 02.05.2013 16:52:21 | Computer Name = Amar-PC | Source = System.EnterpriseServices | ID = 0 Description = System.EnterpriseServices failed to install. Please fix the problem (see exception below) and run 'regasm System.EnterpriseServices.dll' again to install System.EnterpriseServices. Exception: 'System.Runtime.InteropServices.COMException (0x8011043B): Die Registrierungsdatei ist beschädigt. at System.EnterpriseServices.Admin.ICatalog2.CurrentPartition(String bstrPartitionIDOrName) at System.EnterpriseServices.RegistrationHelperTx.InstallUtilityApplication(Type t)' Error - 02.05.2013 17:00:21 | Computer Name = Amar-PC | Source = Application Hang | ID = 1002 Description = Programm Neuz.exe, Version 3.8.22.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1c4c Startzeit: 01ce4777cb77bb3d Endzeit: 17 Anwendungspfad: C:\Users\Amar\Downloads\GoH-Client\Client\Neuz.exe Berichts-ID: 4bc87c04-b36b-11e2-9d8e-b870f4900592 [ System Events ] Error - 28.05.2013 19:55:02 | Computer Name = Amar-PC | Source = DCOM | ID = 10016 Description = Error - 28.05.2013 20:05:02 | Computer Name = Amar-PC | Source = DCOM | ID = 10016 Description = Error - 28.05.2013 20:15:02 | Computer Name = Amar-PC | Source = DCOM | ID = 10016 Description = Error - 28.05.2013 20:25:02 | Computer Name = Amar-PC | Source = DCOM | ID = 10016 Description = Error - 28.05.2013 20:35:02 | Computer Name = Amar-PC | Source = DCOM | ID = 10016 Description = Error - 28.05.2013 20:45:02 | Computer Name = Amar-PC | Source = DCOM | ID = 10016 Description = Error - 28.05.2013 20:55:02 | Computer Name = Amar-PC | Source = DCOM | ID = 10016 Description = Error - 28.05.2013 21:05:02 | Computer Name = Amar-PC | Source = DCOM | ID = 10016 Description = Error - 28.05.2013 21:15:02 | Computer Name = Amar-PC | Source = DCOM | ID = 10016 Description = Error - 28.05.2013 21:25:02 | Computer Name = Amar-PC | Source = DCOM | ID = 10016 Description = Gmer.txt Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-07-02 15:58:36 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Amar\AppData\Local\Temp\kwldrpob.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1848] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000777dfa88 5 bytes JMP 00000001731f19b0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1848] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777e0018 5 bytes JMP 00000001731f2066 .text c:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1004] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077791465 2 bytes [79, 77] .text c:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1004] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000777914bb 2 bytes [79, 77] .text ... * 2 .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077791465 2 bytes [79, 77] .text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777914bb 2 bytes [79, 77] .text ... * 2 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2256] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077791465 2 bytes [79, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2256] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000777914bb 2 bytes [79, 77] .text ... * 2 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077791465 2 bytes [79, 77] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777914bb 2 bytes [79, 77] .text ... * 2 .text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077791465 2 bytes [79, 77] .text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777914bb 2 bytes [79, 77] .text ... * 2 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4172] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077791465 2 bytes [79, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4172] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000777914bb 2 bytes [79, 77] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [7116:4400] 000007feea1e9688 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDC 0x5E 0x4E 0x4C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7A 0xDB 0xCE 0x5B ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x5F 0x22 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x0B 0xF5 0xFE 0x36 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDC 0x5E 0x4E 0x4C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7A 0xDB 0xCE 0x5B ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x5F 0x22 0x0A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x0B 0xF5 0xFE 0x36 ... ---- Files - GMER 2.1 ---- File C:\Users\Amar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJKSYSTB\clients[1].txt 0 bytes ---- EOF - GMER 2.1 ---- DANKE ! |
02.07.2013, 15:40 | #2 |
/// the machine /// TB-Ausbilder | Trojan.FakeMs in C:\Windows\AppData\Temp Hi,
__________________Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
02.07.2013, 16:26 | #3 |
| Trojan.FakeMs in C:\Windows\AppData\Temp Hallo schrauber,
__________________erstmal danke für die schnelle Antwort ! Ich habe den Systemscan mit FRST durchgeführt. Hier die Logs : FRST.txt : FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013 Ran by Amar (administrator) on 02-07-2013 16:47:35 Running from C:\Users\Amar\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Microsoft Corporation) c:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.FLYFF\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Spotify Ltd) C:\Users\Amar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Dolby Laboratories Inc.) C:\DOLBY PCEE4\pcee4.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] () HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11785832 2011-03-10] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [2189416 2011-03-09] (Realtek Semiconductor) HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated) HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation) HKCU\...\Run: [HP Officejet Pro 8500 A910 (NET)] "C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe" -deviceID "CN19NCQ5P8:NW" -scfn "HP Officejet Pro 8500 A910 (NET)" -AutoStart 1 [2573416 2012-10-17] (Hewlett-Packard Co.) HKCU\...\Run: [Spotify Web Helper] "C:\Users\Amar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-05-09] (Spotify Ltd) HKCU\...\Run: [iDevice Manager Launcher] "C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IPELauncher.exe" /run [139728 2013-01-09] (Marx Softwareentwicklung - www.software4u.de) HKCU\...\Run: [kis13.0.1.4190de-Setup.exe] C:\Users\Amar\Downloads\Kaspersky Internet Security 13.0.1.4190\kis13.0.1.4190de-Setup.exe [x] MountPoints2: {fdea26ef-a42d-11e2-990b-b870f4900592} - "G:\WD SmartWare.exe" autoplay=true HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation) HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [340848 2011-04-02] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [408432 2011-03-29] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [202608 2011-03-29] (Egis Technology Inc.) HKLM-x32\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft) HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-27] (Renesas Electronics Corporation) HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart [506712 2011-02-03] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [177448 2011-02-18] (CyberLink Corp.) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [655360 2012-12-12] () HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2013-06-21] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.) HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [x] HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [x] IMEO\devicesetup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" IMEO\devicesetuplauncher.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" IMEO\hp officejet pro 8500 a910.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" IMEO\hpqdtss.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" IMEO\hpqlpvwr.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" IMEO\hpscan.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: localhost:21320 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=12092018_15_hao_pg HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKLM SearchScopes: DefaultScope {0E7B197B-A3DE-4FD4-A19A-1EECF791D16F} URL = hxxp://www.baidu.com/s?tn=mswin_oem_dg&ie=utf-8&word={searchTerms} SearchScopes: HKLM - {0E7B197B-A3DE-4FD4-A19A-1EECF791D16F} URL = hxxp://www.baidu.com/s?tn=mswin_oem_dg&ie=utf-8&word={searchTerms} HKCU SearchScopes: DefaultScope {0E7B197B-A3DE-4FD4-A19A-1EECF791D16F} URL = hxxp://www.baidu.com/s?tn=mswin_oem_dg&ie=utf-8&word={searchTerms} SearchScopes: HKCU - {0E7B197B-A3DE-4FD4-A19A-1EECF791D16F} URL = hxxp://www.baidu.com/s?tn=mswin_oem_dg&ie=utf-8&word={searchTerms} BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Handler: msdaipp - No CLSID Value - Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler-x32: msdaipp - No CLSID Value - Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog5 10 %SystemRoot%\system32\PrxerNsp.dll [61440] (Initex Software) Winsock: Catalog9 01 %SystemRoot%\system32\PrxerDrv.dll [73728] (Initex Software) Winsock: Catalog9 12 %SystemRoot%\system32\PrxerDrv.dll [73728] (Initex Software) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\eqbh7065.default FF user.js: detected! => C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\eqbh7065.default\user.js FF Homepage: hxxp://www.google.de/ FF NetworkProxy: "autoconfig_url", "https://mediahint.com/default.pac" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @kuaiyong.yrtd.com,version=1.0.1.1 - C:\Program Files (x86)\kuaiyong\np_kyplugin.dll (YRTD) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: langpack-de - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\eqbh7065.default\Extensions\langpack-de@firefox.mozilla.org.xpi FF Extension: mediahint - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\eqbh7065.default\Extensions\mediahint@jetpack.xpi FF Extension: No Name - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\eqbh7065.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF Extension: <?xml version="1.0" encoding="UTF-8"?> <RDF xmlns="hxxp://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="hxxp://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:localized> <Description> <em:locale>en</em:locale> <em:name>Kaspersky URL Advisor</em:name> <em:creator>Kaspersky Lab</em:creator> <em:homepageURL>hxxp://www.kaspersky.com</em:homepageURL> </Description> </em:localized> <em:id>url_advisor@kaspersky.com</em:id> <em:version>13.0.1.4307</em:version> <em:iconURL>chrome://fflinkfilter/content/fflinkfilter.png</em:iconURL> <em:optionsURL>chrome://fflinkfilter/content/options.xul</em:optionsURL> <em:targetApplication> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>9.0</em:minVersion> <em:maxVersion>20.*</em:maxVersion> </Description> </em:targetApplication> </Description> </RDF> - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: <?xml version="1.0" encoding="UTF-8"?> <RDF xmlns="hxxp://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="hxxp://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:localized> <Description> <em:locale>en</em:locale> <em:name>Virtual Keyboard</em:name> <em:creator>Kaspersky Lab</em:creator> <em:homepageURL>hxxp://www.kaspersky.com</em:homepageURL> </Description> </em:localized> <em:id>virtual_keyboard@kaspersky.com</em:id> <em:version>13.0.1.4307</em:version> <em:iconURL>chrome://virtual_keyboard/skin/virtual_keyboard_extension_icon.png</em:iconURL> <em:targetApplication> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>9.0</em:minVersion> <em:maxVersion>20.*</em:maxVersion> </Description> </em:targetApplication> </Description> </RDF> - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF Extension: <?xml version="1.0" encoding="UTF-8"?> <RDF xmlns="hxxp://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="hxxp://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:localized> <Description> <em:locale>en</em:locale> <em:name>Content Blocker</em:name> <em:creator>Kaspersky Lab</em:creator> <em:homepageURL>hxxp://www.kaspersky.com</em:homepageURL> </Description> </em:localized> <em:id>content_blocker@kaspersky.com</em:id> <em:version>13.0.1.4307</em:version> <em:iconURL>chrome://content_blocker/skin/content_blocker_extension_icon.png</em:iconURL> <em:targetApplication> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>9.0</em:minVersion> <em:maxVersion>20.*</em:maxVersion> </Description> </em:targetApplication> </Description> </RDF> - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF Extension: <?xml version="1.0" encoding="UTF-8"?> <RDF xmlns="hxxp://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="hxxp://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:localized> <Description> <em:locale>en</em:locale> <em:name>Anti-Banner</em:name> <em:creator>Kaspersky Lab</em:creator> <em:homepageURL>hxxp://www.kaspersky.com</em:homepageURL> </Description> </em:localized> <em:id>anti_banner@kaspersky.com</em:id> <em:version>13.0.1.4307</em:version> <em:iconURL>chrome://anti_banner/content/kavab.png</em:iconURL> <em:targetApplication> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>9.0</em:minVersion> <em:maxVersion>20.*</em:maxVersion> </Description> </em:targetApplication> </Description> </RDF> - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF Extension: <?xml version="1.0" encoding="UTF-8"?> <RDF xmlns="hxxp://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="hxxp://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:localized> <Description> <em:locale>en</em:locale> <em:name>Safe Money</em:name> <em:creator>Kaspersky Lab</em:creator> <em:homepageURL>hxxp://www.kaspersky.com</em:homepageURL> </Description> </em:localized> <em:id>online_banking@kaspersky.com</em:id> <em:version>13.0.1.4307</em:version> <em:iconURL>chrome://online_banking/skin/online_banking_extension_icon.png</em:iconURL> <em:targetApplication> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>9.0</em:minVersion> <em:maxVersion>20.*</em:maxVersion> </Description> </em:targetApplication> </Description> </RDF> - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com ==================== Services (Whitelisted) ================= R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-06-21] (Kaspersky Lab ZAO) S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) R2 MSSQL$FLYFF; c:\Program Files\Microsoft SQL Server\MSSQL10.FLYFF\MSSQL\Binn\sqlservr.exe [57820696 2008-07-11] (Microsoft Corporation) R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57820696 2008-07-11] (Microsoft Corporation) R2 MySQL; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14242 2013-02-18] () R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) S4 SQLAgent$FLYFF; c:\Program Files\Microsoft SQL Server\MSSQL10.FLYFF\MSSQL\Binn\SQLAGENT.EXE [430616 2008-07-11] (Microsoft Corporation) S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [430616 2008-07-11] (Microsoft Corporation) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-06-21] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-21] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-06-21] (Kaspersky Lab ZAO) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2013-02-11] (Duplex Secure Ltd.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software) S3 ALSysIO; \??\C:\Users\Amar\AppData\Local\Temp\ALSysIO64.sys [x] U3 kwldrpob; \??\C:\Users\Amar\AppData\Local\Temp\kwldrpob.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-02 16:47 - 2013-07-02 16:47 - 00000000 ____D C:\FRST 2013-07-02 16:46 - 2013-07-02 16:47 - 01933556 ____A (Farbar) C:\Users\Amar\Desktop\FRST64.exe 2013-07-02 15:58 - 2013-07-02 15:58 - 00008039 ____A C:\Users\Amar\Desktop\Gmer.txt 2013-07-02 15:07 - 2013-07-02 15:07 - 00086534 ____A C:\Users\Amar\Desktop\Extras.Txt 2013-07-02 15:06 - 2013-07-02 15:06 - 00119526 ____A C:\Users\Amar\Desktop\OTL.Txt 2013-07-02 14:52 - 2013-07-02 14:52 - 00000580 ____A C:\Users\Amar\Desktop\defogger_disable.log 2013-07-02 14:52 - 2013-07-02 14:52 - 00000020 ____A C:\Users\Amar\defogger_reenable 2013-07-02 14:51 - 2013-07-02 14:51 - 00602112 ____A (OldTimer Tools) C:\Users\Amar\Desktop\OTL.exe 2013-07-02 14:51 - 2013-07-02 14:51 - 00377856 ____A C:\Users\Amar\Desktop\gmer_2.1.19163.exe 2013-07-02 14:51 - 2013-07-02 14:51 - 00050477 ____A C:\Users\Amar\Desktop\Defogger.exe 2013-07-02 14:28 - 2013-07-02 14:28 - 00000000 ____D C:\Users\Amar\Downloads\backups 2013-07-02 14:22 - 2013-07-02 14:25 - 00020578 ____A C:\Users\Amar\Downloads\hijackthis.log 2013-07-02 14:21 - 2013-07-02 14:21 - 00001117 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-02 14:21 - 2013-07-02 14:21 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Malwarebytes 2013-07-02 14:21 - 2013-07-02 14:21 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-02 14:21 - 2013-07-02 14:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-02 14:21 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-07-02 14:19 - 2013-07-02 14:20 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-07-02 14:19 - 2013-07-02 14:19 - 00001387 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-07-02 14:19 - 2013-07-02 14:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-07-02 14:19 - 2009-01-25 13:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe 2013-07-02 14:18 - 2013-07-02 14:18 - 00388608 ____A (Trend Micro Inc.) C:\Users\Amar\Downloads\HiJackThis204.exe 2013-07-02 14:17 - 2013-07-02 14:17 - 36271144 ____A (Safer-Networking Ltd. ) C:\Users\Amar\Downloads\spybot-2.1.exe 2013-07-02 14:16 - 2013-07-02 14:17 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Amar\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-02 14:16 - 2013-07-02 14:16 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2013-07-02 14:13 - 2013-07-02 14:13 - 00000068 ____A C:\Users\Amar\AppData\Roaming\Amarv3.4.2.2.txt 2013-07-02 02:21 - 2013-07-02 02:21 - 00000000 ____D C:\Program Files (x86)\Pink Tissue 2013-07-02 02:18 - 2013-07-02 02:18 - 00000000 ____D C:\Users\Amar\Downloads\120928-Hit0zumansion 2013-07-01 19:38 - 2013-07-01 19:38 - 00000000 ____D C:\Users\Amar\Downloads\1370176054_gtaivvmi_v1.5_setup 2013-07-01 18:34 - 2013-07-01 18:46 - 00000000 ____D C:\Users\Public\Documents\GTA San Andreas User Files 2013-07-01 15:11 - 2013-07-02 16:08 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-28 19:07 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-28 19:07 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-28 14:03 - 2013-06-28 14:03 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll 2013-06-28 14:00 - 2013-06-28 14:06 - 00000000 ____D C:\Program Files (x86)\VstPlugins 2013-06-28 14:00 - 2013-06-28 14:00 - 00001154 ____A C:\Users\Public\Desktop\FL Studio 10.lnk 2013-06-28 14:00 - 2013-06-28 14:00 - 00000000 ____D C:\Users\Amar\Documents\Image-Line 2013-06-28 14:00 - 2013-06-28 14:00 - 00000000 ____D C:\Program Files (x86)\Outsim 2013-06-28 14:00 - 2013-06-28 14:00 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2 2013-06-28 14:00 - 2011-10-11 16:45 - 01431552 ____A (Propellerhead Software AB) C:\Windows\SysWOW64\rewire.dll 2013-06-28 14:00 - 2009-09-15 11:14 - 01554944 ____A (HMS hxxp://hp.vector.co.jp/authors/VA012897/) C:\Windows\SysWOW64\vorbis.acm 2013-06-28 13:55 - 2013-06-28 14:06 - 00000000 ____D C:\Program Files (x86)\Image-Line 2013-06-28 13:55 - 2013-06-28 13:55 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-28 13:55 - 2013-06-28 13:55 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-28 13:55 - 2013-06-28 13:55 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-28 13:55 - 2013-06-28 13:55 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-28 13:55 - 2013-06-28 13:55 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-06-28 13:55 - 2013-06-28 13:55 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-06-28 13:55 - 2013-06-28 13:55 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-06-28 13:55 - 2013-06-28 13:55 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-06-28 13:55 - 2013-06-28 13:55 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-06-28 13:55 - 2013-06-28 13:55 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-06-28 13:55 - 2013-06-28 13:55 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-06-28 13:54 - 2013-06-28 13:54 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-28 13:51 - 2013-06-28 14:00 - 00010054 ____A C:\Windows\IE10_main.log 2013-06-28 13:50 - 2013-06-28 13:50 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Image-Line 2013-06-27 22:06 - 2013-06-27 22:06 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Canneverbe Limited 2013-06-27 22:06 - 2013-06-27 22:06 - 00000000 ____D C:\ProgramData\Canneverbe Limited 2013-06-27 22:06 - 2013-06-27 22:06 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP 2013-06-27 21:39 - 2013-06-27 21:39 - 00000000 ____D C:\Users\Amar\Documents\Ableton 2013-06-27 21:39 - 2013-06-27 21:39 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Ableton 2013-06-27 21:38 - 2013-06-27 21:38 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software 2013-06-27 21:30 - 2013-06-27 21:30 - 00000000 ____D C:\ProgramData\Ableton 2013-06-23 19:14 - 2013-06-23 19:14 - 00000000 ____D C:\Windows\Sun 2013-06-23 19:09 - 2013-06-23 19:09 - 00000000 ____D C:\ProgramData\Sun 2013-06-23 19:09 - 2013-06-23 19:08 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-23 19:09 - 2013-06-23 19:08 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-23 19:09 - 2013-06-23 19:08 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-23 19:08 - 2013-06-23 19:08 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-23 19:08 - 2013-06-23 19:08 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-23 19:08 - 2013-06-23 19:08 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-23 19:08 - 2013-06-23 19:08 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-23 18:46 - 2013-06-28 23:16 - 00000181 ____A C:\Users\Amar\AppData\Roaming\Current.prx 2013-06-23 18:46 - 2013-06-23 18:46 - 00000000 ____D C:\Program Files (x86)\Proxifier 2013-06-23 18:46 - 2009-10-20 20:26 - 00061440 ____A (Initex Software) C:\Windows\SysWOW64\PrxerNsp.dll 2013-06-23 18:46 - 2009-09-08 19:06 - 00073728 ____A (Initex Software) C:\Windows\SysWOW64\PrxerDrv.dll 2013-06-23 18:46 - 1997-06-06 14:52 - 00011264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SPORDER.DLL 2013-06-21 15:19 - 2013-06-21 15:31 - 00000000 ____D C:\Users\Amar\AppData\Roaming\KW 2013-06-21 15:15 - 2013-06-21 15:15 - 00002348 ____A C:\Users\Amar\Desktop\Sicherer Zahlungsverkehr.lnk 2013-06-21 15:14 - 2013-07-02 16:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-06-21 15:14 - 2013-06-21 15:14 - 00001150 ____A C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk 2013-06-21 15:14 - 2013-06-21 15:14 - 00000000 ____D C:\Windows\ELAMBKUP 2013-06-21 15:14 - 2013-06-21 15:14 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2013-06-21 15:14 - 2012-07-11 17:09 - 00064856 ____A (Kaspersky Lab) C:\Windows\System32\klfphc.dll 2013-06-21 15:13 - 2013-06-21 15:36 - 00620128 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys 2013-06-21 15:13 - 2013-06-21 15:36 - 00090208 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klflt.sys 2013-06-21 15:07 - 2013-06-21 15:07 - 00000000 ___SD C:\Users\Amar\Documents\Passwords Database 2013-06-21 15:02 - 2013-07-02 14:42 - 00000000 ____D C:\Users\Amar\Downloads\Kaspersky Internet Security 13.0.1.4190 2013-06-21 14:24 - 2013-06-21 14:33 - 00000000 ____D C:\Users\Amar\AppData\Roaming\dBpoweramp 2013-06-13 17:38 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-13 17:38 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-13 17:38 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-13 17:38 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-13 17:38 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-13 17:38 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-13 17:38 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-13 17:38 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-13 17:38 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-13 17:38 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-13 17:38 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-13 17:38 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-13 17:38 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-13 17:38 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-13 17:38 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-13 17:38 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-13 17:38 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-12 18:45 - 2013-06-12 18:48 - 00000000 ____D C:\Program Files (x86)\kuaiyong 2013-06-12 18:45 - 2013-06-12 18:45 - 00000000 ____D C:\Users\Amar\AppData\Roaming\kuaiyong 2013-06-11 15:57 - 2013-06-12 17:45 - 00000000 ____D C:\Users\Amar\AppData\Roaming\tweakcube3 2013-06-11 15:55 - 2013-06-11 15:55 - 00000000 ____D C:\Users\Amar\Documents\ihelper 2013-06-11 15:51 - 2013-06-20 18:36 - 00000000 ____D C:\Users\Amar\AppData\Roaming\ihelper 2013-06-11 15:50 - 2013-06-11 15:55 - 00000000 ____D C:\Program Files (x86)\PPÖúÊÖ 2013-06-11 15:35 - 2013-06-11 15:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-11 15:35 - 2013-06-11 15:35 - 00000000 ____D C:\Program Files\iTunes 2013-06-11 15:35 - 2013-06-11 15:35 - 00000000 ____D C:\Program Files\iPod 2013-06-11 15:35 - 2013-06-11 15:35 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-06-08 00:40 - 2013-06-08 00:40 - 00000000 ____D C:\Users\Amar\Downloads\KWMP3 ==================== One Month Modified Files and Folders ======= 2013-07-02 16:47 - 2013-07-02 16:47 - 00000000 ____D C:\FRST 2013-07-02 16:47 - 2013-07-02 16:46 - 01933556 ____A (Farbar) C:\Users\Amar\Desktop\FRST64.exe 2013-07-02 16:08 - 2013-07-01 15:11 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-02 16:00 - 2013-06-21 15:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-07-02 15:58 - 2013-07-02 15:58 - 00008039 ____A C:\Users\Amar\Desktop\Gmer.txt 2013-07-02 15:07 - 2013-07-02 15:07 - 00086534 ____A C:\Users\Amar\Desktop\Extras.Txt 2013-07-02 15:06 - 2013-07-02 15:06 - 00119526 ____A C:\Users\Amar\Desktop\OTL.Txt 2013-07-02 15:01 - 2009-07-14 06:45 - 00024400 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-02 15:01 - 2009-07-14 06:45 - 00024400 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-02 14:58 - 2013-02-10 23:21 - 01324628 ____A C:\Windows\WindowsUpdate.log 2013-07-02 14:54 - 2013-04-10 15:09 - 00000000 ____D C:\Users\Amar\AppData\Local\Htc 2013-07-02 14:53 - 2010-11-21 05:47 - 00029552 ____A C:\Windows\PFRO.log 2013-07-02 14:53 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-02 14:53 - 2009-07-14 06:51 - 00004893 ____A C:\Windows\setupact.log 2013-07-02 14:52 - 2013-07-02 14:52 - 00000580 ____A C:\Users\Amar\Desktop\defogger_disable.log 2013-07-02 14:52 - 2013-07-02 14:52 - 00000020 ____A C:\Users\Amar\defogger_reenable 2013-07-02 14:52 - 2013-02-11 00:18 - 00000000 ____D C:\users\Amar 2013-07-02 14:51 - 2013-07-02 14:51 - 00602112 ____A (OldTimer Tools) C:\Users\Amar\Desktop\OTL.exe 2013-07-02 14:51 - 2013-07-02 14:51 - 00377856 ____A C:\Users\Amar\Desktop\gmer_2.1.19163.exe 2013-07-02 14:51 - 2013-07-02 14:51 - 00050477 ____A C:\Users\Amar\Desktop\Defogger.exe 2013-07-02 14:42 - 2013-06-21 15:02 - 00000000 ____D C:\Users\Amar\Downloads\Kaspersky Internet Security 13.0.1.4190 2013-07-02 14:29 - 2006-06-18 12:57 - 00000000 _RSHD C:\Users\Amar\AppData\Roaming\install 2013-07-02 14:28 - 2013-07-02 14:28 - 00000000 ____D C:\Users\Amar\Downloads\backups 2013-07-02 14:25 - 2013-07-02 14:22 - 00020578 ____A C:\Users\Amar\Downloads\hijackthis.log 2013-07-02 14:22 - 2013-02-11 00:19 - 00000000 ____D C:\Users\Amar\AppData\Local\VirtualStore 2013-07-02 14:21 - 2013-07-02 14:21 - 00001117 ____A C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-02 14:21 - 2013-07-02 14:21 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Malwarebytes 2013-07-02 14:21 - 2013-07-02 14:21 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-02 14:21 - 2013-07-02 14:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-02 14:20 - 2013-07-02 14:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-07-02 14:19 - 2013-07-02 14:19 - 00001387 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2013-07-02 14:19 - 2013-07-02 14:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-07-02 14:18 - 2013-07-02 14:18 - 00388608 ____A (Trend Micro Inc.) C:\Users\Amar\Downloads\HiJackThis204.exe 2013-07-02 14:17 - 2013-07-02 14:17 - 36271144 ____A (Safer-Networking Ltd. ) C:\Users\Amar\Downloads\spybot-2.1.exe 2013-07-02 14:17 - 2013-07-02 14:16 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Amar\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-02 14:16 - 2013-07-02 14:16 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2013-07-02 14:13 - 2013-07-02 14:13 - 00000068 ____A C:\Users\Amar\AppData\Roaming\Amarv3.4.2.2.txt 2013-07-02 02:23 - 2013-02-11 01:50 - 00001138 ____A C:\Users\Amar\Documents\ax_files.xml 2013-07-02 02:21 - 2013-07-02 02:21 - 00000000 ____D C:\Program Files (x86)\Pink Tissue 2013-07-02 02:18 - 2013-07-02 02:18 - 00000000 ____D C:\Users\Amar\Downloads\120928-Hit0zumansion 2013-07-02 01:22 - 2013-02-11 01:11 - 00000000 ____D C:\Program Files (x86)\JDownloader 2 2013-07-01 19:43 - 2013-02-12 20:52 - 00000000 ____D C:\Users\Amar\Desktop\Games 2013-07-01 19:38 - 2013-07-01 19:38 - 00000000 ____D C:\Users\Amar\Downloads\1370176054_gtaivvmi_v1.5_setup 2013-07-01 19:21 - 2013-02-11 00:42 - 00000000 ____D C:\Users\Amar\Documents\GTA San Andreas User Files 2013-07-01 19:16 - 2013-04-16 00:45 - 00000000 ____D C:\Users\Amar\AppData\Roaming\vlc 2013-07-01 18:46 - 2013-07-01 18:34 - 00000000 ____D C:\Users\Public\Documents\GTA San Andreas User Files 2013-07-01 17:41 - 2013-02-12 14:20 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2013-07-01 16:55 - 2013-02-23 22:07 - 00000000 ____D C:\Users\Amar\AppData\Roaming\.minecraft 2013-07-01 16:08 - 2013-02-11 00:34 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-07-01 16:08 - 2013-02-11 00:34 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-01 15:12 - 2013-02-11 13:50 - 00000000 ____D C:\Users\Amar\AppData\Local\Adobe 2013-06-30 20:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-06-30 20:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK 2013-06-30 20:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR 2013-06-30 20:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\zh-HK 2013-06-30 20:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\tr-TR 2013-06-28 23:17 - 2013-02-10 23:52 - 00004975 ____A C:\Windows\IE9_main.log 2013-06-28 23:16 - 2013-06-23 18:46 - 00000181 ____A C:\Users\Amar\AppData\Roaming\Current.prx 2013-06-28 14:10 - 2013-02-11 01:04 - 00000000 ____D C:\Users\Amar\Desktop\Programme 2013-06-28 14:06 - 2013-06-28 14:00 - 00000000 ____D C:\Program Files (x86)\VstPlugins 2013-06-28 14:06 - 2013-06-28 13:55 - 00000000 ____D C:\Program Files (x86)\Image-Line 2013-06-28 14:03 - 2013-06-28 14:03 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll 2013-06-28 14:00 - 2013-06-28 14:00 - 00001154 ____A C:\Users\Public\Desktop\FL Studio 10.lnk 2013-06-28 14:00 - 2013-06-28 14:00 - 00000000 ____D C:\Users\Amar\Documents\Image-Line 2013-06-28 14:00 - 2013-06-28 14:00 - 00000000 ____D C:\Program Files (x86)\Outsim 2013-06-28 14:00 - 2013-06-28 14:00 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2 2013-06-28 14:00 - 2013-06-28 13:51 - 00010054 ____A C:\Windows\IE10_main.log 2013-06-28 13:55 - 2013-06-28 13:55 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-28 13:55 - 2013-06-28 13:55 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-28 13:55 - 2013-06-28 13:55 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-28 13:55 - 2013-06-28 13:55 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-28 13:55 - 2013-06-28 13:55 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-06-28 13:55 - 2013-06-28 13:55 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-06-28 13:55 - 2013-06-28 13:55 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-06-28 13:55 - 2013-06-28 13:55 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-06-28 13:55 - 2013-06-28 13:55 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-06-28 13:55 - 2013-06-28 13:55 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-06-28 13:55 - 2013-06-28 13:55 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-06-28 13:54 - 2013-06-28 13:54 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-28 13:50 - 2013-06-28 13:50 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Image-Line 2013-06-28 13:47 - 2013-03-30 20:32 - 01994940 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2013-06-28 13:47 - 2013-02-12 00:41 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-28 13:47 - 2013-02-11 08:13 - 00840512 ____A C:\Windows\System32\perfh007.dat 2013-06-28 13:47 - 2013-02-11 08:13 - 00203746 ____A C:\Windows\System32\perfc007.dat 2013-06-28 13:47 - 2009-07-14 07:13 - 01994940 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-27 22:06 - 2013-06-27 22:06 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Canneverbe Limited 2013-06-27 22:06 - 2013-06-27 22:06 - 00000000 ____D C:\ProgramData\Canneverbe Limited 2013-06-27 22:06 - 2013-06-27 22:06 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP 2013-06-27 21:39 - 2013-06-27 21:39 - 00000000 ____D C:\Users\Amar\Documents\Ableton 2013-06-27 21:39 - 2013-06-27 21:39 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Ableton 2013-06-27 21:38 - 2013-06-27 21:38 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software 2013-06-27 21:30 - 2013-06-27 21:30 - 00000000 ____D C:\ProgramData\Ableton 2013-06-27 21:26 - 2013-02-13 21:15 - 00000132 ____A C:\Users\Amar\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen 2013-06-27 21:00 - 2013-02-12 21:20 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Spotify 2013-06-27 21:00 - 2013-02-12 21:20 - 00000000 ____D C:\Users\Amar\AppData\Local\Spotify 2013-06-23 19:14 - 2013-06-23 19:14 - 00000000 ____D C:\Windows\Sun 2013-06-23 19:09 - 2013-06-23 19:09 - 00000000 ____D C:\ProgramData\Sun 2013-06-23 19:08 - 2013-06-23 19:09 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-23 19:08 - 2013-06-23 19:09 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-23 19:08 - 2013-06-23 19:09 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-23 19:08 - 2013-06-23 19:08 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-23 19:08 - 2013-06-23 19:08 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-23 19:08 - 2013-06-23 19:08 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-23 19:08 - 2013-06-23 19:08 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-23 18:46 - 2013-06-23 18:46 - 00000000 ____D C:\Program Files (x86)\Proxifier 2013-06-21 15:36 - 2013-06-21 15:13 - 00620128 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys 2013-06-21 15:36 - 2013-06-21 15:13 - 00090208 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klflt.sys 2013-06-21 15:36 - 2012-08-13 16:49 - 00178448 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kneps.sys 2013-06-21 15:36 - 2012-06-08 11:38 - 00054368 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kltdi.sys 2013-06-21 15:31 - 2013-06-21 15:19 - 00000000 ____D C:\Users\Amar\AppData\Roaming\KW 2013-06-21 15:15 - 2013-06-21 15:15 - 00002348 ____A C:\Users\Amar\Desktop\Sicherer Zahlungsverkehr.lnk 2013-06-21 15:14 - 2013-06-21 15:14 - 00001150 ____A C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk 2013-06-21 15:14 - 2013-06-21 15:14 - 00000000 ____D C:\Windows\ELAMBKUP 2013-06-21 15:14 - 2013-06-21 15:14 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2013-06-21 15:07 - 2013-06-21 15:07 - 00000000 ___SD C:\Users\Amar\Documents\Passwords Database 2013-06-21 14:33 - 2013-06-21 14:24 - 00000000 ____D C:\Users\Amar\AppData\Roaming\dBpoweramp 2013-06-21 14:24 - 2013-04-18 22:17 - 00000000 ____D C:\Users\Amar\AppData\Roaming\AccurateRip 2013-06-20 18:36 - 2013-06-11 15:51 - 00000000 ____D C:\Users\Amar\AppData\Roaming\ihelper 2013-06-12 18:48 - 2013-06-12 18:45 - 00000000 ____D C:\Program Files (x86)\kuaiyong 2013-06-12 18:45 - 2013-06-12 18:45 - 00000000 ____D C:\Users\Amar\AppData\Roaming\kuaiyong 2013-06-12 17:45 - 2013-06-11 15:57 - 00000000 ____D C:\Users\Amar\AppData\Roaming\tweakcube3 2013-06-11 15:55 - 2013-06-11 15:55 - 00000000 ____D C:\Users\Amar\Documents\ihelper 2013-06-11 15:55 - 2013-06-11 15:50 - 00000000 ____D C:\Program Files (x86)\PPÖúÊÖ 2013-06-11 15:35 - 2013-06-11 15:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-11 15:35 - 2013-06-11 15:35 - 00000000 ____D C:\Program Files\iTunes 2013-06-11 15:35 - 2013-06-11 15:35 - 00000000 ____D C:\Program Files\iPod 2013-06-11 15:35 - 2013-06-11 15:35 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-06-08 00:40 - 2013-06-08 00:40 - 00000000 ____D C:\Users\Amar\Downloads\KWMP3 Files to move or delete: ==================== C:\ProgramData\FullRemove.exe C:\ProgramData\ntuser.dat ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-23 22:51 ==================== End Of Log ============================ --- --- --- Addition.txt : Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2013 Ran by Amar at 2013-07-02 16:48:16 Running from C:\Users\Amar\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= ??????2 (x32 Version: 1.0.0) ¿ìÓÃÆ»¹ûÖúÊÖ 2.0.1.0 (x32 Version: 2.0.1.0) µTorrent (x32 Version: 3.3.0.29544) Ableton Live 9 Suite (Version: 9.0.0.0) Acer Backup Manager (x32 Version: 3.0.0.99) Acer Crystal Eye Webcam (x32 Version: 1.0.1710) Acer ePower Management (x32 Version: 6.00.3007) Acer eRecovery Management (x32 Version: 5.00.3501) Acrobat.com (x32 Version: 1.6.65) Adobe AIR (x32 Version: 3.5.0.880) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Photoshop CS6 (x32 Version: 13.0) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) AMD Accelerated Video Transcoding (Version: 12.5.100.21219) AMD APP SDK Runtime (Version: 10.0.1084.4) AMD Catalyst Install Manager (Version: 8.0.903.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Media Foundation Decoders (Version: 1.0.71219.1540) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) ASIO4ALL (x32 Version: 2.10) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36) Atheros Driver Installation Program (x32 Version: 9.0) Backup Manager V3 (x32 Version: 3.0.0.99) Batman: Arkham Asylum (x32 Version: 1.0.0.0) Batman: Arkham City Digital Deluxe Edition (x32 Version: 1.0) BioShock Infinite (x32) Bonjour (Version: 3.0.0.10) Broadcom 802.11 Network Adapter (Version: 5.100.235.19) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center (x32 Version: 2012.1219.1521.27485) Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485) Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485) Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485) CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485) CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485) CCC Help Czech (x32 Version: 2012.1219.1520.27485) CCC Help Danish (x32 Version: 2012.1219.1520.27485) CCC Help Dutch (x32 Version: 2012.1219.1520.27485) CCC Help English (x32 Version: 2012.1219.1520.27485) CCC Help Finnish (x32 Version: 2012.1219.1520.27485) CCC Help French (x32 Version: 2012.1219.1520.27485) CCC Help German (x32 Version: 2012.1219.1520.27485) CCC Help Greek (x32 Version: 2012.1219.1520.27485) CCC Help Hungarian (x32 Version: 2012.1219.1520.27485) CCC Help Italian (x32 Version: 2012.1219.1520.27485) CCC Help Japanese (x32 Version: 2012.1219.1520.27485) CCC Help Korean (x32 Version: 2012.1219.1520.27485) CCC Help Norwegian (x32 Version: 2012.1219.1520.27485) CCC Help Polish (x32 Version: 2012.1219.1520.27485) CCC Help Portuguese (x32 Version: 2012.1219.1520.27485) CCC Help Russian (x32 Version: 2012.1219.1520.27485) CCC Help Spanish (x32 Version: 2012.1219.1520.27485) CCC Help Swedish (x32 Version: 2012.1219.1520.27485) CCC Help Thai (x32 Version: 2012.1219.1520.27485) CCC Help Turkish (x32 Version: 2012.1219.1520.27485) ccc-utility64 (Version: 2012.1219.1521.27485) CDBurnerXP (x32 Version: 4.5.1.4003) Cheat Engine 6.2 (x32) Cisco EAP-FAST Module (x32 Version: 2.2.14) Cisco LEAP Module (x32 Version: 1.0.19) Cisco PEAP Module (x32 Version: 1.1.6) clear.fi (x32 Version: 1.0.1422.00) clear.fi (x32 Version: 9.0.7418) clear.fi Client (x32 Version: 1.00.3500) Core Temp 1.0 RC4 (Version: 1.0) dBpoweramp Music Converter (x32 Version: Release 14.4) Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Deus Ex Human Revolution (x32) Dolby Advanced Audio v2 (x32 Version: 7.2.7000.4) DX10 (x32) Edison (x32) ETDWare PS/2-X64 8.0.6.0_WHQL (Version: 8.0.6.0) EVEREST Home Edition v2.20 (x32 Version: 2.20) FL Studio 10 (x32) foobar2000 v1.2.4 (x32 Version: 1.2.4) FUSSBALL MANAGER 12 (x32 Version: 1.0.0.0) FUSSBALL MANAGER 13 (x32 Version: 1.0.0.0) GDR 1617 für SQL Server 2008 R2 (KB2494088) (64-bit) (Version: 10.50.1617.0) Grand Theft Auto San Andreas (x32 Version: v1.0/1.1) Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0002.135) Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0003.135) Grand Theft Auto: Episodes From Liberty City (x32 Version: 1.1.0.0) GTA IV Vehicle Mod Installer v1.5 (x32) Hex-Editor MX (x32 Version: 6.0) Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (x32 Version: 1) HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (Version: 28.0.1315.0) HTC BMP USB Driver (x32 Version: 1.0.5375) HTC Driver Installer (x32 Version: 4.0.1.001) HTC Sync (x32 Version: 3.3.21) I.R.I.S. OCR (x32 Version: 12.3.4.0) Identity Card (x32 Version: 1.00.3501) iDevice Manager (x32 Version: 1.9.0.1) iExplorer 2.2.1.3 (x32) IL Download Manager (x32) IL DrumSynth Live (x32) IL Shared Libraries (x32) IL Slicex (x32) ImgBurn (x32 Version: 2.5.7.0) Intel(R) Management Engine Components (x32 Version: 7.0.0.1144) Intel(R) Rapid Storage Technology (x32 Version: 10.1.2.1004) IPTInstaller (x32 Version: 4.0.8) iTunes (Version: 11.0.4.4) Java 7 Update 13 (64-bit) (Version: 7.0.130) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Java SE Development Kit 7 Update 13 (64-bit) (Version: 1.7.0.130) Java-Editor 11.33a, 2013.02.11 (x32) JDownloader 2 (x32 Version: 2) Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) MediaEspresso (x32 Version: 1.0.1418_35759) Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft FrontPage Client - English (x32 Version: 7.00.9209) Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0) Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Report Viewer Redistributable 2008 (KB971119) (x32 Version: 9.0.30731) Microsoft Report Viewer Redistributable 2008 SP1 (x32) Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU (x32 Version: 9.0.30729) Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU (x32) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft SQL Server 2008 (64-bit) Microsoft SQL Server 2008 Database Engine Services (Version: 10.0.1600.22) Microsoft SQL Server 2008 Database Engine Shared (Version: 10.0.1600.22) Microsoft SQL Server 2008 R2 (64-bit) Microsoft SQL Server 2008 R2 Native Client (Version: 10.50.1617.0) Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.50.1617.0) Microsoft SQL Server 2008 R2-Richtlinien (x32 Version: 10.50.1600.1) Microsoft SQL Server 2008 RsFx Driver (Version: 10.0.1600.22) Microsoft SQL Server 2008-Browser (x32 Version: 10.0.1600.22) Microsoft SQL Server Compact 3.5 SP2 DEU (x32 Version: 3.5.8080.0) Microsoft SQL Server Compact 3.5 SP2 Query Tools DEU (x32 Version: 3.5.8080.0) Microsoft SQL Server VSS Writer (Version: 10.0.1600.22) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual J# .NET Redistributable Package 1.1 (x32 Version: 1.1.4322) Microsoft Visual Studio .NET Professional 2003 - English (x32) Microsoft Visual Studio Tools for Applications 2.0 - ENU (x32 Version: 9.0.35191) Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (x32 Version: 9.0.35191) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0) Mozilla Maintenance Service (x32 Version: 21.0) Mp3tag v2.55a (x32 Version: v2.55a) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0) MySQL Connector J (x32 Version: 5.1.23) MySQL Documents 5.6 (x32 Version: 5.6.10) MySQL Installer (x32 Version: 1.1.7.0) MySQL Server 5.6 (Version: 5.6.10) MysticThumbs (Version: 1.9.8) MyWinLocker (Version: 4.0.14.25) MyWinLocker 4 (x32 Version: 4.0.14.25) MyWinLocker Suite (x32 Version: 4.0.14.15) NetBeans IDE 7.3 (Version: 7.3) NVIDIA PhysX (x32 Version: 9.09.0720) PDF Settings CS6 (x32 Version: 11.0) PhotoScape (x32) PPÖúÊÖ PC°æ 0.8.8 (x32 Version: 0.8.8) Proxifier version 2.91 (x32 Version: 2.91) PX Profile Update (x32 Version: 1.00.1.) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6329) Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30123) REALTEK Wireless LAN Driver (x32 Version: 1.00.10.0909) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0) Resource Hacker Version 3.6.0 (x32) Shredder (Version: 2.0.8.9) Shredder (x32 Version: 2.0.8.9) SimSynth (x32) Skype™ 6.3 (x32 Version: 6.3.105) Spotify (HKCU Version: 0.9.0.133.gd18ed589) Spybot - Search & Destroy (x32 Version: 2.1.19) SQL Server 2008 R2 Common Files (Version: 10.50.1600.1) SQL Server 2008 R2 Management Studio (Version: 10.50.1600.1) Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22) TuneUp Utilities 2013 (x32 Version: 13.0.3020.2) TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2) Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (Version: 2.1.23.0) Unterstützungsdateien für Microsoft SQL Server 2008-Setup (Version: 10.1.2731.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition Visual Studio .NET Professional 2003 - English (x32 Version: 7.1.3088) Visual Studio.NET Baseline - English (x32 Version: 7.1.3088) VLC media player 2.0.6 (x32 Version: 2.0.6) Windows Live ID Sign-in Assistant (Version: 6.500.3165.0) WinRAR 4.20 (64-Bit) (Version: 4.20.0) World of Warcraft (x32 Version: 5.0.3.15890) ==================== Restore Points ========================= 23-06-2013 17:08:19 Installed Java 7 Update 25 27-06-2013 19:11:29 Windows Update 27-06-2013 19:29:56 Installed Ableton Live 9 Suite 28-06-2013 11:42:45 Windows Update 28-06-2013 21:16:30 Windows Update 02-07-2013 00:20:24 ??????2 ??????????? 02-07-2013 00:21:42 ??????2 ??????????? 02-07-2013 12:18:41 Windows Update ==================== Hosts content: ========================== 127.0.0.1 serial.alcohol-soft.com # alcohol 120% 127.0.0.1 alcohol-soft.com # alcohol 120% 127.0.0.1 images.alcohol-soft.com # alcohol 120% 127.0.0.1 mermaidconsulting.dk # alcohol 120% 127.0.0.1 195.137.236.101 ==================== Scheduled Tasks (whitelisted) ============= Task: {22F7C67E-EBAE-4182-BD81-DF00EB20A053} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-02-22] (CyberLink) Task: {3B9EFA41-797B-4A01-9FA0-4E01F1EACFB7} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-02-22] (CyberLink Corp.) Task: {3C85CBCC-E739-4BBB-A0A4-45774CFE506B} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-12-12] () Task: {574CB543-1B67-4BF0-9692-27D09E40A306} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation) Task: {76C87182-EC7D-4D48-8A9E-5CD1511FABF0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe No File Task: {7A54F9BA-6AA6-47C2-A1B9-6D317EA7070E} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated) Task: {8BC59D51-2325-405E-9D0F-95A585B14286} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-02-22] (Acer Incorporated) Task: {A58CE818-DEA2-42E2-927A-9BF6A1EE56EE} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {C5983882-8966-427B-8360-505927475C65} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-01] (Adobe Systems Incorporated) Task: {CEA38F0B-B9BF-4149-B8CE-0B1FF0C28C83} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-01-28] (TuneUp Software) Task: {D27844EF-74D4-478B-9D89-9288AF16EF48} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe No File Task: {EB500588-5289-4758-B6BA-4DF5AF653525} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe No File Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/02/2013 02:13:55 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0302750c ID des fehlerhaften Prozesses: 0x11dc Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0 Pfad der fehlerhaften Anwendung: explorer.exe1 Pfad des fehlerhaften Moduls: explorer.exe2 Berichtskennung: explorer.exe3 Error: (07/01/2013 11:49:39 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2995 Error: (07/01/2013 11:49:39 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2995 Error: (07/01/2013 11:49:39 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/01/2013 11:49:38 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1997 Error: (07/01/2013 11:49:38 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1997 Error: (07/01/2013 11:49:38 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/01/2013 11:49:37 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 998 Error: (07/01/2013 11:49:37 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 998 Error: (07/01/2013 11:49:37 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (07/02/2013 02:54:51 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/02/2013 02:42:01 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/02/2013 02:32:19 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (07/02/2013 02:30:56 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/02/2013 02:30:56 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Error: (07/02/2013 02:14:11 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (06/30/2013 08:51:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer 9 für Windows 7 für x64-Systeme (KB2838727) Error: (06/30/2013 08:47:43 PM) (Source: DCOM) (User: NT-AUTORITÄT) Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC) Error: (06/30/2013 08:40:42 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: %%6701 Error: (06/29/2013 03:19:19 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst Windows Modules Installer konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden. Microsoft Office Sessions: ========================= Error: (07/02/2013 02:13:55 PM) (Source: Application Error)(User: ) Description: explorer.exe6.1.7601.175674d6727a7unknown0.0.0.000000000c00000050302750c11dc01ce771d988ff6f0C:\Windows\SysWOW64\explorer.exeunknowndd27e8e9-e310-11e2-8312-b870f4900592 Error: (07/01/2013 11:49:39 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2995 Error: (07/01/2013 11:49:39 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2995 Error: (07/01/2013 11:49:39 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/01/2013 11:49:38 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1997 Error: (07/01/2013 11:49:38 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1997 Error: (07/01/2013 11:49:38 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/01/2013 11:49:37 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 998 Error: (07/01/2013 11:49:37 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 998 Error: (07/01/2013 11:49:37 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second CodeIntegrity Errors: =================================== Date: 2013-03-14 19:39:17.564 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-03-14 19:39:17.564 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-03-14 19:39:17.564 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-03-14 19:39:17.548 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-03-14 19:39:17.548 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-03-14 19:39:17.532 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-03-10 00:51:45.598 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-03-10 00:51:45.598 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-03-10 00:51:45.598 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-03-10 00:51:45.583 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 44% Total physical RAM: 8173.86 MB Available physical RAM: 4552.44 MB Total Pagefile: 16345.9 MB Available Pagefile: 11710.86 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:658.12 GB) (Free:338.47 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 3AB49DF1) Partition 1: (Not Active) - (Size=16 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=658 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
02.07.2013, 16:55 | #4 | |
/// the machine /// TB-Ausbilder | Trojan.FakeMs in C:\Windows\AppData\TempCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
02.07.2013, 17:51 | #5 |
| Trojan.FakeMs in C:\Windows\AppData\Temp Nochmals danke für die schnelle Antwort. Hier das gewünschte Logfile vom ComboFix : Combofix Logfile: Code:
ATTFilter ComboFix 13-07-02.03 - Amar 02.07.2013 18:30:23.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8174.4413 [GMT 2:00] ausgeführt von:: c:\users\Amar\Downloads\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe c:\programdata\ntuser.dat c:\users\Amar\AppData\Roaming\IHelper c:\users\Amar\AppData\Roaming\KW c:\users\Amar\AppData\Roaming\KW\bl0001.dat c:\users\Amar\AppData\Roaming\KW\bl0002.dat c:\users\Amar\AppData\Roaming\KW\bl0003.dat c:\users\Amar\AppData\Roaming\KW\bl0004.dat c:\users\Amar\AppData\Roaming\KW\bl0005.dat c:\users\Amar\AppData\Roaming\KW\bl0006.dat c:\users\Amar\AppData\Roaming\KW\bl0007.dat c:\users\Amar\AppData\Roaming\KW\bl0008.dat c:\users\Amar\AppData\Roaming\KW\bl0009.dat c:\users\Amar\AppData\Roaming\KW\bl0010.dat c:\users\Amar\AppData\Roaming\KW\bl0011.dat c:\users\Amar\AppData\Roaming\KW\bl0012.dat c:\users\Amar\AppData\Roaming\KW\bl0013.dat c:\users\Amar\AppData\Roaming\KW\bl0014.dat c:\users\Amar\AppData\Roaming\KW\bl0015.dat c:\users\Amar\AppData\Roaming\KW\bl0016.dat c:\users\Amar\AppData\Roaming\KW\bl0017.dat c:\users\Amar\AppData\Roaming\KW\bl0018.dat c:\users\Amar\AppData\Roaming\KW\bl0019.dat c:\users\Amar\AppData\Roaming\KW\bl0020.dat c:\users\Amar\AppData\Roaming\KW\bl0021.dat c:\users\Amar\AppData\Roaming\KW\bl0022.dat c:\users\Amar\AppData\Roaming\KW\bl0023.dat c:\users\Amar\AppData\Roaming\KW\bl0024.dat c:\users\Amar\AppData\Roaming\KW\bl0025.dat c:\users\Amar\AppData\Roaming\KW\bl0026.dat c:\users\Amar\AppData\Roaming\KW\bl0027.dat c:\users\Amar\AppData\Roaming\KW\bl0028.dat c:\users\Amar\AppData\Roaming\KW\bl0029.dat c:\users\Amar\AppData\Roaming\KW\bl0030.dat c:\users\Amar\AppData\Roaming\KW\bl0031.dat c:\users\Amar\AppData\Roaming\KW\bl0032.dat c:\users\Amar\AppData\Roaming\KW\bl0033.dat c:\users\Amar\AppData\Roaming\KW\bl0034.dat c:\users\Amar\AppData\Roaming\KW\bl0035.dat c:\users\Amar\AppData\Roaming\KW\bl0036.dat c:\users\Amar\AppData\Roaming\KW\bl0037.dat c:\users\Amar\AppData\Roaming\KW\bl0038.dat c:\users\Amar\AppData\Roaming\KW\bl0039.dat c:\users\Amar\AppData\Roaming\KW\bl0040.dat c:\users\Amar\AppData\Roaming\KW\bonus.kkll c:\users\Amar\AppData\Roaming\KW\unrar.dll c:\windows\wininit.ini . . ((((((((((((((((((((((( Dateien erstellt von 2013-06-02 bis 2013-07-02 )))))))))))))))))))))))))))))) . . 2013-07-02 16:36 . 2013-07-02 16:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-02 14:47 . 2013-07-02 14:47 -------- d-----w- C:\FRST 2013-07-02 12:22 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16BCEFD1-B5B7-41CC-90E8-36F578D15F09}\mpengine.dll 2013-07-02 12:21 . 2013-07-02 12:21 -------- d-----w- c:\users\Amar\AppData\Roaming\Malwarebytes 2013-07-02 12:21 . 2013-07-02 12:21 -------- d-----w- c:\programdata\Malwarebytes 2013-07-02 12:21 . 2013-07-02 12:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-07-02 12:21 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-02 12:19 . 2013-07-02 12:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-07-02 12:19 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe 2013-07-02 12:19 . 2013-07-02 12:19 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2 2013-07-02 12:16 . 2013-07-02 12:16 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files 2013-07-02 00:21 . 2013-07-02 00:21 -------- d-----w- c:\program files (x86)\Pink Tissue 2013-07-01 17:39 . 2013-07-01 17:39 -------- d-----w- c:\program files (x86)\GTA IV Vehicle Mod Installer 2013-06-28 17:07 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2013-06-28 17:07 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2013-06-28 12:03 . 2013-06-28 12:03 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2013-06-28 12:00 . 2013-06-28 12:00 -------- d-----w- c:\program files (x86)\ASIO4ALL v2 2013-06-28 12:00 . 2013-06-28 12:06 -------- d-----w- c:\program files (x86)\VstPlugins 2013-06-28 12:00 . 2011-10-11 14:45 1431552 ----a-w- c:\windows\SysWow64\rewire.dll 2013-06-28 12:00 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm 2013-06-28 12:00 . 2013-06-28 12:00 -------- d-----w- c:\program files (x86)\Outsim 2013-06-28 11:54 . 2013-06-28 11:54 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-28 11:50 . 2013-06-28 11:50 -------- d-----w- c:\users\Amar\AppData\Roaming\Image-Line 2013-06-27 20:06 . 2013-06-27 20:06 -------- d-----w- c:\users\Amar\AppData\Roaming\Canneverbe Limited 2013-06-27 20:06 . 2013-06-27 20:06 -------- d-----w- c:\programdata\Canneverbe Limited 2013-06-27 20:06 . 2013-06-27 20:06 -------- d-----w- c:\program files (x86)\CDBurnerXP 2013-06-27 19:39 . 2013-06-27 19:39 -------- d-----w- c:\users\Amar\AppData\Roaming\Ableton 2013-06-27 19:38 . 2013-06-27 19:38 -------- d-----w- c:\program files\Common Files\Propellerhead Software 2013-06-27 19:30 . 2013-06-27 19:30 -------- d-----w- c:\programdata\Ableton 2013-06-23 17:14 . 2013-06-23 17:14 -------- d-----w- c:\windows\Sun 2013-06-23 17:09 . 2013-06-23 17:09 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-06-23 17:09 . 2013-06-23 17:08 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-06-23 17:09 . 2013-06-23 17:08 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-06-23 17:08 . 2013-06-23 17:08 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-23 17:08 . 2013-06-23 17:08 -------- d-----w- c:\program files (x86)\Java 2013-06-23 16:46 . 2013-06-23 16:46 -------- d-----w- c:\program files (x86)\Proxifier 2013-06-23 16:46 . 2009-10-20 18:26 61440 ----a-w- c:\windows\SysWow64\PrxerNsp.dll 2013-06-23 16:46 . 2009-09-08 17:06 73728 ----a-w- c:\windows\SysWow64\PrxerDrv.dll 2013-06-23 16:46 . 1997-06-06 12:52 11264 ----a-w- c:\windows\SysWow64\SPORDER.DLL 2013-06-21 13:14 . 2012-07-11 15:09 64856 ----a-w- c:\windows\system32\klfphc.dll 2013-06-21 13:14 . 2013-06-21 13:14 -------- d-----w- c:\windows\ELAMBKUP 2013-06-21 13:14 . 2013-07-02 16:37 -------- d-----w- c:\programdata\Kaspersky Lab 2013-06-21 13:14 . 2013-06-21 13:14 -------- d-----w- c:\program files (x86)\Kaspersky Lab 2013-06-21 13:13 . 2013-06-21 13:36 620128 ----a-w- c:\windows\system32\drivers\klif.sys 2013-06-21 13:13 . 2013-06-21 13:36 90208 ----a-w- c:\windows\system32\drivers\klflt.sys 2013-06-21 12:24 . 2013-06-21 12:33 -------- d-----w- c:\users\Amar\AppData\Roaming\dBpoweramp 2013-06-12 16:45 . 2013-06-12 16:45 -------- d-----w- c:\users\Amar\AppData\Roaming\kuaiyong 2013-06-12 16:45 . 2013-06-12 16:48 -------- d-----w- c:\program files (x86)\kuaiyong 2013-06-11 13:57 . 2013-06-12 15:45 -------- d-----w- c:\users\Amar\AppData\Roaming\tweakcube3 2013-06-11 13:55 . 2013-06-11 13:55 -------- d-----w- C:\downloads 2013-06-11 13:50 . 2013-06-11 13:55 -------- d-----w- c:\program files (x86)\PPÖúÊÖ 2013-06-11 13:35 . 2013-06-11 13:35 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-11 13:35 . 2013-06-11 13:35 -------- d-----w- c:\program files\iTunes 2013-06-11 13:35 . 2013-06-11 13:35 -------- d-----w- c:\program files (x86)\iTunes 2013-06-11 13:35 . 2013-06-11 13:35 -------- d-----w- c:\program files\iPod . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-01 14:08 . 2013-02-10 22:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-01 14:08 . 2013-02-10 22:34 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-28 11:47 . 2013-02-11 22:41 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-06-21 13:36 . 2012-08-13 14:49 178448 ----a-w- c:\windows\system32\drivers\kneps.sys 2013-06-21 13:36 . 2012-06-08 09:38 54368 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-18 20:16 . 2013-04-18 20:17 7261768 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe 2013-04-16 16:24 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2013-04-16 16:24 . 2009-08-18 09:24 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-04-13 05:49 . 2013-05-16 15:39 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-16 15:39 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-16 15:39 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-16 15:39 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-16 15:39 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-16 15:39 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-04-12 14:45 . 2013-04-24 19:33 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 06:01 . 2013-05-16 15:39 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-04-10 06:01 . 2013-05-16 15:39 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-04-10 03:30 . 2013-05-16 15:38 3153920 ----a-w- c:\windows\system32\win32k.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Officejet Pro 8500 A910 (NET)"="c:\program files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416] "Spotify Web Helper"="c:\users\Amar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-05-08 1105408] "iDevice Manager Launcher"="c:\program files (x86)\Software4u\iDevice Manager\Software4u.IPELauncher.exe" [2013-01-09 139728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848] "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608] "OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712] "ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-02-18 177448] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-12-12 655360] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-06-21 356376] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin "SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 ALSysIO;ALSysIO;c:\users\Amar\AppData\Local\Temp\ALSysIO64.sys;c:\users\Amar\AppData\Local\Temp\ALSysIO64.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R4 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x] R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x] R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0102.sys [x] R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] R4 SQLAgent$FLYFF;SQL Server-Agent (FLYFF);c:\program files\Microsoft SQL Server\MSSQL10.FLYFF\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.FLYFF\MSSQL\Binn\SQLAGENT.EXE [x] R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 MSSQL$FLYFF;SQL Server (FLYFF);c:\program files\Microsoft SQL Server\MSSQL10.FLYFF\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10.FLYFF\MSSQL\Binn\sqlservr.exe [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x] S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x] S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x] S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2013-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-10 14:08] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-09 2189416] "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.hao123.com/?tn=12092018_15_hao_pg mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uInternet Settings,ProxyServer = localhost:21320 IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\eqbh7065.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - prefs.js: network.proxy.type - 2 FF - ExtSQL: 2013-06-21 15:14; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF - ExtSQL: 2013-06-21 15:14; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF - ExtSQL: 2013-06-21 15:14; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF - ExtSQL: 2013-06-21 15:14; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF - ExtSQL: 2013-06-21 15:14; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-kis13.0.1.4190de-Setup.exe - c:\users\Amar\Downloads\Kaspersky Internet Security 13.0.1.4190\kis13.0.1.4190de-Setup.exe Notify-SDWinLogon - SDWinLogon.dll HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.6\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1029634848-2562057846-3894920487-1001\Software\SecuROM\License information*] "datasecu"=hex:4f,37,6e,99,14,dd,ca,71,f9,66,52,32,7d,fd,4f,98,27,6f,ec,3c,8a, 6e,8a,5b,b4,8f,6e,50,b4,bd,bf,f5,1c,34,16,07,48,8d,20,65,d4,52,b4,c7,dc,e5,\ "rkeysecu"=hex:b6,f3,dc,b2,2e,af,81,7c,e5,8d,1c,4e,c9,15,25,8f . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe . ************************************************************************** . Zeit der Fertigstellung: 2013-07-02 18:44:15 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2013-07-02 16:44 . Vor Suchlauf: 12 Verzeichnis(se), 364.121.808.896 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 364.135.727.104 Bytes frei . - - End Of File - - BB0DFDD5C185E59E4F990BC9D8782E1E D41D8CD98F00B204E9800998ECF8427E |
02.07.2013, 18:41 | #6 |
/// the machine /// TB-Ausbilder | Trojan.FakeMs in C:\Windows\AppData\Temp Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
ESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST Log bitte. Noch Probleme?
__________________ --> Trojan.FakeMs in C:\Windows\AppData\Temp |
03.07.2013, 15:14 | #7 |
| Trojan.FakeMs in C:\Windows\AppData\Temp So, hat bisschen was gedauert, aber hab jetzt alle Log Files. adwcleanerlog : AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 02/07/2013 um 19:49:03 erstellt # Aktualisiert am 08/06/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Amar - AMAR-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Amar\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Program Files (x86)\software4u Ordner Gelöscht : C:\ProgramData\APN Ordner Gelöscht : C:\Users\Amar\AppData\Roaming\software4u ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Iminent Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\Software\Freeze.com Schlüssel Gelöscht : HKLM\Software\Iminent Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16618 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v21.0 (de) Datei : C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\eqbh7065.default\prefs.js C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\eqbh7065.default\user.js ... Gelöscht ! [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [10523 octets] - [02/07/2013 19:49:03] ########## EOF - C:\AdwCleaner[S1].txt - [10584 octets] ########## JRT.txt Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by Amar on 02.07.2013 at 19:53:43,33 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1029634848-2562057846-3894920487-1001\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0E7B197B-A3DE-4FD4-A19A-1EECF791D16F} ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Users\Amar\AppData\Roaming\mozilla\firefox\profiles\eqbh7065.default\prefs.js user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent109", "1361738900942"); user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent111", "1361738900946"); user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent112", "1361738905587"); user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent122", "1361738900950"); user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent109", "1361812010681"); user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent111", "1361812010696"); user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent112", "1361704000383"); user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent122", "1361812010709"); Emptied folder: C:\Users\Amar\AppData\Roaming\mozilla\firefox\profiles\eqbh7065.default\minidumps [17 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 02.07.2013 at 19:57:16,06 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=6617d7d03840164b9bebc6d6a334c5c8 # engine=14238 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-07-03 02:06:04 # local_time=2013-07-03 04:06:04 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1286 16777214 100 98 72847 27630286 0 0 # compatibility_mode=5122 16777214 0 11 12324221 109953706 0 0 # compatibility_mode=5893 16776573 100 94 92611 124490214 0 0 # scanned=345962 # found=0 # cleaned=0 # scan_time=72123 Code:
ATTFilter Results of screen317's Security Check version 0.99.68 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 TuneUp Utilities 2013 TuneUp Utilities Language Pack (de-DE) Java 7 Update 25 Java-Editor 11.33a, 2013.02.11 Adobe Flash Player 11.7.700.224 Adobe Reader XI Mozilla Firefox 21.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Kaspersky Lab Kaspersky Internet Security 2013 avp.exe Kaspersky Lab Kaspersky Internet Security 2013 x64 wmi64.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013 Ran by Amar (administrator) on 03-07-2013 16:12:17 Running from C:\Users\Amar\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Microsoft Corporation) c:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.FLYFF\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe () C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Spotify Ltd) C:\Users\Amar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Dolby Laboratories Inc.) C:\DOLBY PCEE4\pcee4.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe () C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] () HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11785832 2011-03-10] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 [2189416 2011-03-09] (Realtek Semiconductor) HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated) HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation) HKCU\...\Run: [HP Officejet Pro 8500 A910 (NET)] "C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe" -deviceID "CN19NCQ5P8:NW" -scfn "HP Officejet Pro 8500 A910 (NET)" -AutoStart 1 [2573416 2012-10-17] (Hewlett-Packard Co.) HKCU\...\Run: [Spotify Web Helper] "C:\Users\Amar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-05-09] (Spotify Ltd) HKCU\...\Run: [iDevice Manager Launcher] "C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IPELauncher.exe" /run [x] HKCU\...\Policies\system: [DisableRegistryTools] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-13] (Intel Corporation) HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [340848 2011-04-02] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [408432 2011-03-29] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [202608 2011-03-29] (Egis Technology Inc.) HKLM-x32\...\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft) HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-27] (Renesas Electronics Corporation) HKLM-x32\...\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart [506712 2011-02-03] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [177448 2011-02-18] (CyberLink Corp.) HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [655360 2012-12-12] () HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [356376 2013-06-21] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3830224 2013-05-16] (Safer-Networking Ltd.) HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [x] HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [x] BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== ProxyServer: localhost:21320 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM - {0E7B197B-A3DE-4FD4-A19A-1EECF791D16F} URL = hxxp://www.baidu.com/s?tn=mswin_oem_dg&ie=utf-8&word={searchTerms} BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Handler: msdaipp - No CLSID Value - Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler-x32: msdaipp - No CLSID Value - Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Winsock: Catalog5 10 %SystemRoot%\system32\PrxerNsp.dll [61440] (Initex Software) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\eqbh7065.default FF Homepage: hxxp://www.google.de/ FF NetworkProxy: "autoconfig_url", "https://mediahint.com/default.pac" FF NetworkProxy: "type", 2 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @kuaiyong.yrtd.com,version=1.0.1.1 - C:\Program Files (x86)\kuaiyong\np_kyplugin.dll (YRTD) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: langpack-de - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\eqbh7065.default\Extensions\langpack-de@firefox.mozilla.org.xpi FF Extension: mediahint - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\eqbh7065.default\Extensions\mediahint@jetpack.xpi FF Extension: No Name - C:\Users\Amar\AppData\Roaming\Mozilla\Firefox\Profiles\eqbh7065.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF Extension: <?xml version="1.0" encoding="UTF-8"?> <RDF xmlns="hxxp://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="hxxp://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:localized> <Description> <em:locale>en</em:locale> <em:name>Kaspersky URL Advisor</em:name> <em:creator>Kaspersky Lab</em:creator> <em:homepageURL>hxxp://www.kaspersky.com</em:homepageURL> </Description> </em:localized> <em:id>url_advisor@kaspersky.com</em:id> <em:version>13.0.1.4307</em:version> <em:iconURL>chrome://fflinkfilter/content/fflinkfilter.png</em:iconURL> <em:optionsURL>chrome://fflinkfilter/content/options.xul</em:optionsURL> <em:targetApplication> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>9.0</em:minVersion> <em:maxVersion>20.*</em:maxVersion> </Description> </em:targetApplication> </Description> </RDF> - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: <?xml version="1.0" encoding="UTF-8"?> <RDF xmlns="hxxp://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="hxxp://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:localized> <Description> <em:locale>en</em:locale> <em:name>Virtual Keyboard</em:name> <em:creator>Kaspersky Lab</em:creator> <em:homepageURL>hxxp://www.kaspersky.com</em:homepageURL> </Description> </em:localized> <em:id>virtual_keyboard@kaspersky.com</em:id> <em:version>13.0.1.4307</em:version> <em:iconURL>chrome://virtual_keyboard/skin/virtual_keyboard_extension_icon.png</em:iconURL> <em:targetApplication> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>9.0</em:minVersion> <em:maxVersion>20.*</em:maxVersion> </Description> </em:targetApplication> </Description> </RDF> - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF Extension: <?xml version="1.0" encoding="UTF-8"?> <RDF xmlns="hxxp://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="hxxp://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:localized> <Description> <em:locale>en</em:locale> <em:name>Content Blocker</em:name> <em:creator>Kaspersky Lab</em:creator> <em:homepageURL>hxxp://www.kaspersky.com</em:homepageURL> </Description> </em:localized> <em:id>content_blocker@kaspersky.com</em:id> <em:version>13.0.1.4307</em:version> <em:iconURL>chrome://content_blocker/skin/content_blocker_extension_icon.png</em:iconURL> <em:targetApplication> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>9.0</em:minVersion> <em:maxVersion>20.*</em:maxVersion> </Description> </em:targetApplication> </Description> </RDF> - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF Extension: <?xml version="1.0" encoding="UTF-8"?> <RDF xmlns="hxxp://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="hxxp://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:localized> <Description> <em:locale>en</em:locale> <em:name>Anti-Banner</em:name> <em:creator>Kaspersky Lab</em:creator> <em:homepageURL>hxxp://www.kaspersky.com</em:homepageURL> </Description> </em:localized> <em:id>anti_banner@kaspersky.com</em:id> <em:version>13.0.1.4307</em:version> <em:iconURL>chrome://anti_banner/content/kavab.png</em:iconURL> <em:targetApplication> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>9.0</em:minVersion> <em:maxVersion>20.*</em:maxVersion> </Description> </em:targetApplication> </Description> </RDF> - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF Extension: <?xml version="1.0" encoding="UTF-8"?> <RDF xmlns="hxxp://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:em="hxxp://www.mozilla.org/2004/em-rdf#"> <Description about="urn:mozilla:install-manifest"> <em:localized> <Description> <em:locale>en</em:locale> <em:name>Safe Money</em:name> <em:creator>Kaspersky Lab</em:creator> <em:homepageURL>hxxp://www.kaspersky.com</em:homepageURL> </Description> </em:localized> <em:id>online_banking@kaspersky.com</em:id> <em:version>13.0.1.4307</em:version> <em:iconURL>chrome://online_banking/skin/online_banking_extension_icon.png</em:iconURL> <em:targetApplication> <Description> <em:id>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</em:id> <em:minVersion>9.0</em:minVersion> <em:maxVersion>20.*</em:maxVersion> </Description> </em:targetApplication> </Description> </RDF> - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com ==================== Services (Whitelisted) ================= S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-06-21] (Kaspersky Lab ZAO) S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) R2 MSSQL$FLYFF; c:\Program Files\Microsoft SQL Server\MSSQL10.FLYFF\MSSQL\Binn\sqlservr.exe [57820696 2008-07-11] (Microsoft Corporation) R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57820696 2008-07-11] (Microsoft Corporation) R2 MySQL; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14242 2013-02-18] () R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) S4 SQLAgent$FLYFF; c:\Program Files\Microsoft SQL Server\MSSQL10.FLYFF\MSSQL\Binn\SQLAGENT.EXE [430616 2008-07-11] (Microsoft Corporation) S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [430616 2008-07-11] (Microsoft Corporation) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software) ==================== Drivers (Whitelisted) ==================== R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-06-21] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-21] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-06-21] (Kaspersky Lab ZAO) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2013-02-11] (Duplex Secure Ltd.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software) S3 ALSysIO; \??\C:\Users\Amar\AppData\Local\Temp\ALSysIO64.sys [x] S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-02 20:18 - 2013-07-02 20:18 - 00002236 ____A C:\Users\Public\Desktop\Free Audio Converter.lnk 2013-07-02 20:18 - 2013-07-02 20:18 - 00000000 ____D C:\Users\Amar\AppData\Roaming\DVDVideoSoft 2013-07-02 20:18 - 2013-07-02 20:18 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2013-07-02 20:17 - 2013-07-02 20:18 - 24119368 ____A (DVDVideoSoft Ltd. ) C:\Users\Amar\Downloads\FreeAudioConverter-5.0.26.628.exe 2013-07-02 20:07 - 2013-07-02 20:07 - 00890988 ____A C:\Users\Amar\Desktop\SecurityCheck.exe 2013-07-02 20:01 - 2013-07-02 20:01 - 02347384 ____A (ESET) C:\Users\Amar\Downloads\esetsmartinstaller_enu.exe 2013-07-02 20:01 - 2013-07-02 20:01 - 00000000 ____D C:\Program Files (x86)\ESET 2013-07-02 19:57 - 2013-07-02 19:57 - 00002565 ____A C:\Users\Amar\Desktop\JRT.txt 2013-07-02 19:53 - 2013-07-02 19:53 - 00000000 ____D C:\Windows\ERUNT 2013-07-02 19:53 - 2013-07-02 19:53 - 00000000 ____D C:\JRT 2013-07-02 19:49 - 2013-07-02 19:49 - 00010566 ____A C:\AdwCleaner[S1].txt 2013-07-02 19:47 - 2013-07-02 19:47 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Amar\Desktop\JRT.exe 2013-07-02 19:45 - 2013-07-02 19:45 - 00648201 ____A C:\Users\Amar\Desktop\adwcleaner.exe 2013-07-02 18:28 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe 2013-07-02 18:28 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe 2013-07-02 18:28 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2013-07-02 18:28 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2013-07-02 18:28 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2013-07-02 18:28 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe 2013-07-02 18:28 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe 2013-07-02 18:28 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe 2013-07-02 18:27 - 2013-07-02 18:44 - 00000000 ____D C:\Qoobox 2013-07-02 18:26 - 2013-07-02 18:42 - 00000000 ____D C:\Windows\erdnt 2013-07-02 18:25 - 2013-07-02 18:26 - 05084414 ____R (Swearware) C:\Users\Amar\Downloads\ComboFix.exe 2013-07-02 16:47 - 2013-07-02 16:47 - 00000000 ____D C:\FRST 2013-07-02 16:46 - 2013-07-02 16:47 - 01933556 ____A (Farbar) C:\Users\Amar\Desktop\FRST64.exe 2013-07-02 14:52 - 2013-07-02 14:52 - 00000020 ____A C:\Users\Amar\defogger_reenable 2013-07-02 14:51 - 2013-07-02 14:51 - 00602112 ____A (OldTimer Tools) C:\Users\Amar\Desktop\OTL.exe 2013-07-02 14:51 - 2013-07-02 14:51 - 00377856 ____A C:\Users\Amar\Desktop\gmer_2.1.19163.exe 2013-07-02 14:51 - 2013-07-02 14:51 - 00050477 ____A C:\Users\Amar\Desktop\Defogger.exe 2013-07-02 14:28 - 2013-07-02 14:28 - 00000000 ____D C:\Users\Amar\Downloads\backups 2013-07-02 14:22 - 2013-07-02 14:25 - 00020578 ____A C:\Users\Amar\Downloads\hijackthis.log 2013-07-02 14:21 - 2013-07-02 14:21 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Malwarebytes 2013-07-02 14:21 - 2013-07-02 14:21 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-02 14:21 - 2013-07-02 14:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-02 14:21 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-07-02 14:19 - 2013-07-03 15:53 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-07-02 14:19 - 2013-07-02 14:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-07-02 14:19 - 2009-01-25 13:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe 2013-07-02 14:18 - 2013-07-02 14:18 - 00388608 ____A (Trend Micro Inc.) C:\Users\Amar\Downloads\HiJackThis204.exe 2013-07-02 14:17 - 2013-07-02 14:17 - 36271144 ____A (Safer-Networking Ltd. ) C:\Users\Amar\Downloads\spybot-2.1.exe 2013-07-02 14:16 - 2013-07-02 14:17 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Amar\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-02 14:16 - 2013-07-02 14:16 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2013-07-02 14:13 - 2013-07-02 14:13 - 00000068 ____A C:\Users\Amar\AppData\Roaming\Amarv3.4.2.2.txt 2013-07-02 02:21 - 2013-07-02 02:21 - 00000000 ____D C:\Program Files (x86)\Pink Tissue 2013-07-02 02:18 - 2013-07-02 02:18 - 00000000 ____D C:\Users\Amar\Downloads\120928-Hit0zumansion 2013-07-01 19:38 - 2013-07-01 19:38 - 00000000 ____D C:\Users\Amar\Downloads\1370176054_gtaivvmi_v1.5_setup 2013-07-01 18:34 - 2013-07-01 18:46 - 00000000 ____D C:\Users\Public\Documents\GTA San Andreas User Files 2013-07-01 15:11 - 2013-07-03 16:08 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-28 19:07 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-28 19:07 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-28 14:03 - 2013-06-28 14:03 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll 2013-06-28 14:00 - 2013-06-28 14:06 - 00000000 ____D C:\Program Files (x86)\VstPlugins 2013-06-28 14:00 - 2013-06-28 14:00 - 00000000 ____D C:\Users\Amar\Documents\Image-Line 2013-06-28 14:00 - 2013-06-28 14:00 - 00000000 ____D C:\Program Files (x86)\Outsim 2013-06-28 14:00 - 2013-06-28 14:00 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2 2013-06-28 14:00 - 2011-10-11 16:45 - 01431552 ____A (Propellerhead Software AB) C:\Windows\SysWOW64\rewire.dll 2013-06-28 14:00 - 2009-09-15 11:14 - 01554944 ____A (HMS hxxp://hp.vector.co.jp/authors/VA012897/) C:\Windows\SysWOW64\vorbis.acm 2013-06-28 13:55 - 2013-06-28 14:06 - 00000000 ____D C:\Program Files (x86)\Image-Line 2013-06-28 13:55 - 2013-06-28 13:55 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-28 13:55 - 2013-06-28 13:55 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-28 13:55 - 2013-06-28 13:55 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-28 13:55 - 2013-06-28 13:55 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-28 13:55 - 2013-06-28 13:55 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-06-28 13:55 - 2013-06-28 13:55 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-06-28 13:55 - 2013-06-28 13:55 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-06-28 13:55 - 2013-06-28 13:55 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-06-28 13:55 - 2013-06-28 13:55 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-06-28 13:55 - 2013-06-28 13:55 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-06-28 13:55 - 2013-06-28 13:55 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-06-28 13:54 - 2013-06-28 13:54 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-28 13:51 - 2013-06-28 14:00 - 00010054 ____A C:\Windows\IE10_main.log 2013-06-28 13:50 - 2013-06-28 13:50 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Image-Line 2013-06-27 22:06 - 2013-06-27 22:06 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Canneverbe Limited 2013-06-27 22:06 - 2013-06-27 22:06 - 00000000 ____D C:\ProgramData\Canneverbe Limited 2013-06-27 22:06 - 2013-06-27 22:06 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP 2013-06-27 21:39 - 2013-06-27 21:39 - 00000000 ____D C:\Users\Amar\Documents\Ableton 2013-06-27 21:39 - 2013-06-27 21:39 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Ableton 2013-06-27 21:38 - 2013-06-27 21:38 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software 2013-06-27 21:30 - 2013-06-27 21:30 - 00000000 ____D C:\ProgramData\Ableton 2013-06-23 19:14 - 2013-06-23 19:14 - 00000000 ____D C:\Windows\Sun 2013-06-23 19:09 - 2013-06-23 19:09 - 00000000 ____D C:\ProgramData\Sun 2013-06-23 19:09 - 2013-06-23 19:08 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-23 19:09 - 2013-06-23 19:08 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-23 19:09 - 2013-06-23 19:08 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-23 19:08 - 2013-06-23 19:08 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-23 19:08 - 2013-06-23 19:08 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-23 19:08 - 2013-06-23 19:08 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-23 19:08 - 2013-06-23 19:08 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-23 18:46 - 2013-06-28 23:16 - 00000181 ____A C:\Users\Amar\AppData\Roaming\Current.prx 2013-06-23 18:46 - 2013-06-23 18:46 - 00000000 ____D C:\Program Files (x86)\Proxifier 2013-06-23 18:46 - 2009-10-20 20:26 - 00061440 ____A (Initex Software) C:\Windows\SysWOW64\PrxerNsp.dll 2013-06-23 18:46 - 2009-09-08 19:06 - 00073728 ____A (Initex Software) C:\Windows\SysWOW64\PrxerDrv.dll 2013-06-23 18:46 - 1997-06-06 14:52 - 00011264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SPORDER.DLL 2013-06-21 15:15 - 2013-06-21 15:15 - 00002348 ____A C:\Users\Amar\Desktop\Sicherer Zahlungsverkehr.lnk 2013-06-21 15:14 - 2013-07-02 19:53 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-06-21 15:14 - 2013-06-21 15:14 - 00001150 ____A C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk 2013-06-21 15:14 - 2013-06-21 15:14 - 00000000 ____D C:\Windows\ELAMBKUP 2013-06-21 15:14 - 2013-06-21 15:14 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2013-06-21 15:14 - 2012-07-11 17:09 - 00064856 ____A (Kaspersky Lab) C:\Windows\System32\klfphc.dll 2013-06-21 15:13 - 2013-06-21 15:36 - 00620128 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys 2013-06-21 15:13 - 2013-06-21 15:36 - 00090208 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klflt.sys 2013-06-21 15:07 - 2013-06-21 15:07 - 00000000 ___SD C:\Users\Amar\Documents\Passwords Database 2013-06-21 15:02 - 2013-07-02 14:42 - 00000000 ____D C:\Users\Amar\Downloads\Kaspersky Internet Security 13.0.1.4190 2013-06-21 14:24 - 2013-06-21 14:33 - 00000000 ____D C:\Users\Amar\AppData\Roaming\dBpoweramp 2013-06-13 17:38 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-13 17:38 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-13 17:38 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-13 17:38 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-13 17:38 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-13 17:38 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-13 17:38 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-13 17:38 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-13 17:38 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-13 17:38 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-13 17:38 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-13 17:38 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-13 17:38 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-13 17:38 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-13 17:38 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-13 17:38 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-13 17:38 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-12 18:45 - 2013-06-12 18:48 - 00000000 ____D C:\Program Files (x86)\kuaiyong 2013-06-12 18:45 - 2013-06-12 18:45 - 00000000 ____D C:\Users\Amar\AppData\Roaming\kuaiyong 2013-06-11 15:57 - 2013-06-12 17:45 - 00000000 ____D C:\Users\Amar\AppData\Roaming\tweakcube3 2013-06-11 15:55 - 2013-06-11 15:55 - 00000000 ____D C:\Users\Amar\Documents\ihelper 2013-06-11 15:50 - 2013-06-11 15:55 - 00000000 ____D C:\Program Files (x86)\PPÖúÊÖ 2013-06-11 15:35 - 2013-06-11 15:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-11 15:35 - 2013-06-11 15:35 - 00000000 ____D C:\Program Files\iTunes 2013-06-11 15:35 - 2013-06-11 15:35 - 00000000 ____D C:\Program Files\iPod 2013-06-11 15:35 - 2013-06-11 15:35 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-06-08 00:40 - 2013-06-08 00:40 - 00000000 ____D C:\Users\Amar\Downloads\KWMP3 ==================== One Month Modified Files and Folders ======= 2013-07-03 16:08 - 2013-07-01 15:11 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-03 15:53 - 2013-07-02 14:19 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-07-03 15:52 - 2013-05-24 21:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-02 21:59 - 2013-02-10 23:21 - 01350046 ____A C:\Windows\WindowsUpdate.log 2013-07-02 20:18 - 2013-07-02 20:18 - 00002236 ____A C:\Users\Public\Desktop\Free Audio Converter.lnk 2013-07-02 20:18 - 2013-07-02 20:18 - 00000000 ____D C:\Users\Amar\AppData\Roaming\DVDVideoSoft 2013-07-02 20:18 - 2013-07-02 20:18 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft 2013-07-02 20:18 - 2013-07-02 20:17 - 24119368 ____A (DVDVideoSoft Ltd. ) C:\Users\Amar\Downloads\FreeAudioConverter-5.0.26.628.exe 2013-07-02 20:07 - 2013-07-02 20:07 - 00890988 ____A C:\Users\Amar\Desktop\SecurityCheck.exe 2013-07-02 20:01 - 2013-07-02 20:01 - 02347384 ____A (ESET) C:\Users\Amar\Downloads\esetsmartinstaller_enu.exe 2013-07-02 20:01 - 2013-07-02 20:01 - 00000000 ____D C:\Program Files (x86)\ESET 2013-07-02 20:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF 2013-07-02 19:59 - 2009-07-14 06:45 - 00024400 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-02 19:59 - 2009-07-14 06:45 - 00024400 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-02 19:57 - 2013-07-02 19:57 - 00002565 ____A C:\Users\Amar\Desktop\JRT.txt 2013-07-02 19:53 - 2013-07-02 19:53 - 00000000 ____D C:\Windows\ERUNT 2013-07-02 19:53 - 2013-07-02 19:53 - 00000000 ____D C:\JRT 2013-07-02 19:53 - 2013-06-21 15:14 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-07-02 19:52 - 2013-04-10 15:09 - 00000000 ____D C:\Users\Amar\AppData\Local\Htc 2013-07-02 19:51 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-02 19:51 - 2009-07-14 06:51 - 00005117 ____A C:\Windows\setupact.log 2013-07-02 19:49 - 2013-07-02 19:49 - 00010566 ____A C:\AdwCleaner[S1].txt 2013-07-02 19:47 - 2013-07-02 19:47 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Amar\Desktop\JRT.exe 2013-07-02 19:45 - 2013-07-02 19:45 - 00648201 ____A C:\Users\Amar\Desktop\adwcleaner.exe 2013-07-02 18:44 - 2013-07-02 18:27 - 00000000 ____D C:\Qoobox 2013-07-02 18:44 - 2009-07-14 05:20 - 00000000 __RHD C:\users\Default 2013-07-02 18:42 - 2013-07-02 18:26 - 00000000 ____D C:\Windows\erdnt 2013-07-02 18:38 - 2009-07-14 04:34 - 00000215 ____A C:\Windows\system.ini 2013-07-02 18:37 - 2010-11-21 05:47 - 00030098 ____A C:\Windows\PFRO.log 2013-07-02 18:26 - 2013-07-02 18:25 - 05084414 ____R (Swearware) C:\Users\Amar\Downloads\ComboFix.exe 2013-07-02 17:46 - 2013-02-11 01:04 - 00000000 ____D C:\Users\Amar\Desktop\Programme 2013-07-02 16:47 - 2013-07-02 16:47 - 00000000 ____D C:\FRST 2013-07-02 16:47 - 2013-07-02 16:46 - 01933556 ____A (Farbar) C:\Users\Amar\Desktop\FRST64.exe 2013-07-02 14:52 - 2013-07-02 14:52 - 00000020 ____A C:\Users\Amar\defogger_reenable 2013-07-02 14:52 - 2013-02-11 00:18 - 00000000 ____D C:\users\Amar 2013-07-02 14:51 - 2013-07-02 14:51 - 00602112 ____A (OldTimer Tools) C:\Users\Amar\Desktop\OTL.exe 2013-07-02 14:51 - 2013-07-02 14:51 - 00377856 ____A C:\Users\Amar\Desktop\gmer_2.1.19163.exe 2013-07-02 14:51 - 2013-07-02 14:51 - 00050477 ____A C:\Users\Amar\Desktop\Defogger.exe 2013-07-02 14:42 - 2013-06-21 15:02 - 00000000 ____D C:\Users\Amar\Downloads\Kaspersky Internet Security 13.0.1.4190 2013-07-02 14:29 - 2006-06-18 12:57 - 00000000 _RSHD C:\Users\Amar\AppData\Roaming\install 2013-07-02 14:28 - 2013-07-02 14:28 - 00000000 ____D C:\Users\Amar\Downloads\backups 2013-07-02 14:25 - 2013-07-02 14:22 - 00020578 ____A C:\Users\Amar\Downloads\hijackthis.log 2013-07-02 14:22 - 2013-02-11 00:19 - 00000000 ____D C:\Users\Amar\AppData\Local\VirtualStore 2013-07-02 14:21 - 2013-07-02 14:21 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Malwarebytes 2013-07-02 14:21 - 2013-07-02 14:21 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-02 14:21 - 2013-07-02 14:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-02 14:19 - 2013-07-02 14:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2013-07-02 14:18 - 2013-07-02 14:18 - 00388608 ____A (Trend Micro Inc.) C:\Users\Amar\Downloads\HiJackThis204.exe 2013-07-02 14:17 - 2013-07-02 14:17 - 36271144 ____A (Safer-Networking Ltd. ) C:\Users\Amar\Downloads\spybot-2.1.exe 2013-07-02 14:17 - 2013-07-02 14:16 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Amar\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-02 14:16 - 2013-07-02 14:16 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2013-07-02 14:13 - 2013-07-02 14:13 - 00000068 ____A C:\Users\Amar\AppData\Roaming\Amarv3.4.2.2.txt 2013-07-02 02:23 - 2013-02-11 01:50 - 00001138 ____A C:\Users\Amar\Documents\ax_files.xml 2013-07-02 02:21 - 2013-07-02 02:21 - 00000000 ____D C:\Program Files (x86)\Pink Tissue 2013-07-02 02:18 - 2013-07-02 02:18 - 00000000 ____D C:\Users\Amar\Downloads\120928-Hit0zumansion 2013-07-02 01:22 - 2013-02-11 01:11 - 00000000 ____D C:\Program Files (x86)\JDownloader 2 2013-07-01 19:43 - 2013-02-12 20:52 - 00000000 ____D C:\Users\Amar\Desktop\Games 2013-07-01 19:38 - 2013-07-01 19:38 - 00000000 ____D C:\Users\Amar\Downloads\1370176054_gtaivvmi_v1.5_setup 2013-07-01 19:21 - 2013-02-11 00:42 - 00000000 ____D C:\Users\Amar\Documents\GTA San Andreas User Files 2013-07-01 19:16 - 2013-04-16 00:45 - 00000000 ____D C:\Users\Amar\AppData\Roaming\vlc 2013-07-01 18:46 - 2013-07-01 18:34 - 00000000 ____D C:\Users\Public\Documents\GTA San Andreas User Files 2013-07-01 17:41 - 2013-02-12 14:20 - 00000000 ____D C:\Program Files (x86)\Rockstar Games 2013-07-01 16:55 - 2013-02-23 22:07 - 00000000 ____D C:\Users\Amar\AppData\Roaming\.minecraft 2013-07-01 16:08 - 2013-02-11 00:34 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-07-01 16:08 - 2013-02-11 00:34 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-07-01 15:12 - 2013-02-11 13:50 - 00000000 ____D C:\Users\Amar\AppData\Local\Adobe 2013-06-30 20:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-06-30 20:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK 2013-06-30 20:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR 2013-06-30 20:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\zh-HK 2013-06-30 20:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\tr-TR 2013-06-28 23:17 - 2013-02-10 23:52 - 00004975 ____A C:\Windows\IE9_main.log 2013-06-28 23:16 - 2013-06-23 18:46 - 00000181 ____A C:\Users\Amar\AppData\Roaming\Current.prx 2013-06-28 14:06 - 2013-06-28 14:00 - 00000000 ____D C:\Program Files (x86)\VstPlugins 2013-06-28 14:06 - 2013-06-28 13:55 - 00000000 ____D C:\Program Files (x86)\Image-Line 2013-06-28 14:03 - 2013-06-28 14:03 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll 2013-06-28 14:00 - 2013-06-28 14:00 - 00000000 ____D C:\Users\Amar\Documents\Image-Line 2013-06-28 14:00 - 2013-06-28 14:00 - 00000000 ____D C:\Program Files (x86)\Outsim 2013-06-28 14:00 - 2013-06-28 14:00 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2 2013-06-28 14:00 - 2013-06-28 13:51 - 00010054 ____A C:\Windows\IE10_main.log 2013-06-28 13:55 - 2013-06-28 13:55 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-28 13:55 - 2013-06-28 13:55 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-28 13:55 - 2013-06-28 13:55 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-06-28 13:55 - 2013-06-28 13:55 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-06-28 13:55 - 2013-06-28 13:55 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-06-28 13:55 - 2013-06-28 13:55 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-06-28 13:55 - 2013-06-28 13:55 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-06-28 13:55 - 2013-06-28 13:55 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-06-28 13:55 - 2013-06-28 13:55 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-06-28 13:55 - 2013-06-28 13:55 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-06-28 13:55 - 2013-06-28 13:55 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-06-28 13:55 - 2013-06-28 13:55 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-06-28 13:55 - 2013-06-28 13:55 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-06-28 13:54 - 2013-06-28 13:54 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-28 13:54 - 2013-06-28 13:54 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-28 13:50 - 2013-06-28 13:50 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Image-Line 2013-06-28 13:47 - 2013-03-30 20:32 - 01994940 ____A C:\Windows\SysWOW64\PerfStringBackup.INI 2013-06-28 13:47 - 2013-02-12 00:41 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-28 13:47 - 2013-02-11 08:13 - 00840512 ____A C:\Windows\System32\perfh007.dat 2013-06-28 13:47 - 2013-02-11 08:13 - 00203746 ____A C:\Windows\System32\perfc007.dat 2013-06-28 13:47 - 2009-07-14 07:13 - 01994940 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-27 22:06 - 2013-06-27 22:06 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Canneverbe Limited 2013-06-27 22:06 - 2013-06-27 22:06 - 00000000 ____D C:\ProgramData\Canneverbe Limited 2013-06-27 22:06 - 2013-06-27 22:06 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP 2013-06-27 21:39 - 2013-06-27 21:39 - 00000000 ____D C:\Users\Amar\Documents\Ableton 2013-06-27 21:39 - 2013-06-27 21:39 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Ableton 2013-06-27 21:38 - 2013-06-27 21:38 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software 2013-06-27 21:30 - 2013-06-27 21:30 - 00000000 ____D C:\ProgramData\Ableton 2013-06-27 21:26 - 2013-02-13 21:15 - 00000132 ____A C:\Users\Amar\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen 2013-06-27 21:00 - 2013-02-12 21:20 - 00000000 ____D C:\Users\Amar\AppData\Roaming\Spotify 2013-06-27 21:00 - 2013-02-12 21:20 - 00000000 ____D C:\Users\Amar\AppData\Local\Spotify 2013-06-23 19:14 - 2013-06-23 19:14 - 00000000 ____D C:\Windows\Sun 2013-06-23 19:09 - 2013-06-23 19:09 - 00000000 ____D C:\ProgramData\Sun 2013-06-23 19:08 - 2013-06-23 19:09 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-23 19:08 - 2013-06-23 19:09 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-23 19:08 - 2013-06-23 19:09 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-23 19:08 - 2013-06-23 19:08 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-23 19:08 - 2013-06-23 19:08 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-23 19:08 - 2013-06-23 19:08 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-23 19:08 - 2013-06-23 19:08 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-23 18:46 - 2013-06-23 18:46 - 00000000 ____D C:\Program Files (x86)\Proxifier 2013-06-21 15:36 - 2013-06-21 15:13 - 00620128 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys 2013-06-21 15:36 - 2013-06-21 15:13 - 00090208 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klflt.sys 2013-06-21 15:36 - 2012-08-13 16:49 - 00178448 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kneps.sys 2013-06-21 15:36 - 2012-06-08 11:38 - 00054368 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kltdi.sys 2013-06-21 15:15 - 2013-06-21 15:15 - 00002348 ____A C:\Users\Amar\Desktop\Sicherer Zahlungsverkehr.lnk 2013-06-21 15:14 - 2013-06-21 15:14 - 00001150 ____A C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk 2013-06-21 15:14 - 2013-06-21 15:14 - 00000000 ____D C:\Windows\ELAMBKUP 2013-06-21 15:14 - 2013-06-21 15:14 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2013-06-21 15:07 - 2013-06-21 15:07 - 00000000 ___SD C:\Users\Amar\Documents\Passwords Database 2013-06-21 14:33 - 2013-06-21 14:24 - 00000000 ____D C:\Users\Amar\AppData\Roaming\dBpoweramp 2013-06-21 14:24 - 2013-04-18 22:17 - 00000000 ____D C:\Users\Amar\AppData\Roaming\AccurateRip 2013-06-12 18:48 - 2013-06-12 18:45 - 00000000 ____D C:\Program Files (x86)\kuaiyong 2013-06-12 18:45 - 2013-06-12 18:45 - 00000000 ____D C:\Users\Amar\AppData\Roaming\kuaiyong 2013-06-12 17:45 - 2013-06-11 15:57 - 00000000 ____D C:\Users\Amar\AppData\Roaming\tweakcube3 2013-06-11 15:55 - 2013-06-11 15:55 - 00000000 ____D C:\Users\Amar\Documents\ihelper 2013-06-11 15:55 - 2013-06-11 15:50 - 00000000 ____D C:\Program Files (x86)\PPÖúÊÖ 2013-06-11 15:35 - 2013-06-11 15:35 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-06-11 15:35 - 2013-06-11 15:35 - 00000000 ____D C:\Program Files\iTunes 2013-06-11 15:35 - 2013-06-11 15:35 - 00000000 ____D C:\Program Files\iPod 2013-06-11 15:35 - 2013-06-11 15:35 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-06-08 00:40 - 2013-06-08 00:40 - 00000000 ____D C:\Users\Amar\Downloads\KWMP3 ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-23 22:51 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Weitere Probleme bestehen im Moment nicht Geändert von kush (03.07.2013 um 15:35 Uhr) |
03.07.2013, 18:11 | #8 |
/// the machine /// TB-Ausbilder | Trojan.FakeMs in C:\Windows\AppData\Temp Fix mit FRST Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyServer: localhost:21320
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
03.07.2013, 20:44 | #9 |
| Trojan.FakeMs in C:\Windows\AppData\Temp Hey, danke für deine Hilfe ! Bin deiner Anleitung gefolgt und hier ist das Logfile : Fixlog.txt : Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-07-2013 Ran by Amar at 2013-07-03 21:42:37 Run:1 Running from C:\Users\Amar\Desktop Boot Mode: Normal ============================================== HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully. ==== End of Fixlog ==== |
03.07.2013, 20:49 | #10 |
/// the machine /// TB-Ausbilder | Trojan.FakeMs in C:\Windows\AppData\Temp Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Trojan.FakeMs in C:\Windows\AppData\Temp |
adobe reader xi, bho, bonjour, ebanking, error, excel, failed, firefox, flash player, grand theft auto, home, iexplore.exe, installation, kaspersky, kaspersky internet security 2013, kis, logfile, mozilla, ntdll.dll, officejet, plug-in, pmmupdate.exe, programm, realtek, registry, safer networking, scan, security, server, software, spotify web helper, svchost.exe, tastatur, trojaner, visual studio, windows, wscript.exe |