| |
| |||||||
Log-Analyse und Auswertung: Trojan.FakeMs in C:\Windows\AppData\TempWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.07.2013, 15:08
| #1 |
| |  Trojan.FakeMs in C:\Windows\AppData\Temp Hallo, mir ist gerade beim PC-Start aufgefallen, dass sich ein Visual Basic.Net Fenster geöffnet hat - sprich ein Server oder sonstiges von einem Trojaner bzw. des Trojaners. Daraufhin habe ich mir den Leitfaden durchgelesen und die Logs erstellt : OTL.txt: Code:
ATTFilter OTL logfile created on: 02.07.2013 14:56:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amar\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16618) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,43 Gb Available Physical Memory | 68,08% Memory free 15,96 Gb Paging File | 12,43 Gb Available in Paging File | 77,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 658,12 Gb Total Space | 338,90 Gb Free Space | 51,50% Space Free | Partition Type: NTFS Computer Name: AMAR-PC | User Name: Amar | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.02 14:51:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amar\Desktop\OTL.exe PRC - [2013.07.01 15:11:39 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe PRC - [2013.06.21 15:31:19 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe PRC - [2013.05.24 21:47:16 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.05.16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.05.09 00:27:36 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Amar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.12.19 16:49:30 | 000,642,808 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe PRC - [2012.12.12 14:56:00 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe PRC - [2012.12.07 17:26:56 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011.04.24 03:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe PRC - [2011.02.22 11:02:16 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe PRC - [2011.02.22 11:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe PRC - [2011.02.18 17:21:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe PRC - [2011.02.01 23:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.01.13 03:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.01.13 03:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe ========== Modules (No Company Name) ========== MOD - [2013.07.01 15:11:39 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll MOD - [2013.06.30 20:50:26 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b6eb138c3c9be780acb767c1bef572c1\System.Runtime.Remoting.ni.dll MOD - [2013.05.24 21:47:16 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.05.17 02:48:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013.05.17 02:47:40 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll MOD - [2013.05.17 02:47:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013.05.16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2013.05.05 18:54:19 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d77f088f3bcade63facffdefd876fb6e\IAStorUtil.ni.dll MOD - [2013.04.01 19:36:59 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll MOD - [2013.04.01 19:36:50 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll MOD - [2013.04.01 19:36:41 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.04.01 19:36:17 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.04.01 19:36:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.04.01 19:36:07 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.02.11 08:12:18 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2012.12.12 14:56:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll MOD - [2012.12.12 14:56:00 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe MOD - [2012.12.12 14:56:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll MOD - [2012.12.12 14:56:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll MOD - [2012.12.12 14:56:00 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll MOD - [2012.12.12 14:56:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll MOD - [2012.12.12 14:56:00 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll MOD - [2012.12.12 14:56:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll MOD - [2012.12.12 14:56:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll MOD - [2011.02.22 11:01:38 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll MOD - [2011.02.22 11:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe MOD - [2010.11.21 05:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.02.01 16:09:38 | 012,907,520 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe -- (MySQL) SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.05.10 15:01:08 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2010.11.29 16:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013.07.01 16:08:35 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.06.21 15:31:19 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP) SRV - [2013.05.24 21:47:16 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.10 23:43:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2013.01.28 15:19:28 | 002,402,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.12.07 17:26:56 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012.01.05 17:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv) SRV - [2011.04.24 03:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2011.04.02 23:09:38 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service) SRV - [2011.02.01 23:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.01 23:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.01.13 03:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.21 15:36:07 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2013.06.21 15:36:07 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:64bit: - [2013.06.21 15:36:07 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:64bit: - [2013.02.06 08:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2013.02.06 08:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.12.07 18:27:50 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.10.25 12:42:02 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2012.10.25 12:42:02 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.08.02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.01 06:57:51 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2011.06.01 06:57:51 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2011.06.01 06:57:51 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 06:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2011.03.10 06:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2011.03.01 16:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.11.29 16:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.12 08:23:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.11.09 12:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.09.30 07:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.09.30 07:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.09.27 09:24:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.07.20 11:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.11.02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.07.10 05:25:42 | 000,314,904 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0102.sys -- (RsFx0102) DRV - [2012.11.16 17:51:26 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0E7B197B-A3DE-4FD4-A19A-1EECF791D16F} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{0E7B197B-A3DE-4FD4-A19A-1EECF791D16F}: "URL" = hxxp://www.baidu.com/s?tn=mswin_oem_dg&ie=utf-8&word={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=12092018_15_hao_pg IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D 9D 3A B7 6D 08 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0E7B197B-A3DE-4FD4-A19A-1EECF791D16F} IE - HKCU\..\SearchScopes\{0E7B197B-A3DE-4FD4-A19A-1EECF791D16F}: "URL" = hxxp://www.baidu.com/s?tn=mswin_oem_dg&ie=utf-8&word={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.autoconfig_url: "https://mediahint.com/default.pac" FF - prefs.js..network.proxy.type: 2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@kuaiyong.yrtd.com,version=1.0.1.1: C:\Program Files (x86)\kuaiyong\np_kyplugin.dll (YRTD) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.06.21 15:36:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.06.21 15:36:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.06.21 15:36:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.06.21 15:36:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.06.21 15:36:09 | 000,000,000 | ---D | M] [2013.02.11 00:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amar\AppData\Roaming\mozilla\Extensions [2013.06.21 14:28:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amar\AppData\Roaming\mozilla\Firefox\Profiles\eqbh7065.default\extensions [2013.05.24 21:47:39 | 000,334,744 | ---- | M] () (No name found) -- C:\Users\Amar\AppData\Roaming\mozilla\firefox\profiles\eqbh7065.default\extensions\langpack-de@firefox.mozilla.org.xpi [2013.06.21 14:28:57 | 000,069,465 | ---- | M] () (No name found) -- C:\Users\Amar\AppData\Roaming\mozilla\firefox\profiles\eqbh7065.default\extensions\mediahint@jetpack.xpi [2013.05.08 23:21:28 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Amar\AppData\Roaming\mozilla\firefox\profiles\eqbh7065.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.05.24 21:47:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.24 21:47:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.06.21 15:36:09 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM O1 HOSTS File: ([2013.02.25 21:05:08 | 000,001,045 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com # alcohol 120% O1 - Hosts: 127.0.0.1 alcohol-soft.com # alcohol 120% O1 - Hosts: 127.0.0.1 images.alcohol-soft.com # alcohol 120% O1 - Hosts: 127.0.0.1 mermaidconsulting.dk # alcohol 120% O1 - Hosts: 127.0.0.1 195.137.236.101 O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKCU..\Run: [HP Officejet Pro 8500 A910 (NET)] C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKCU..\Run: [iDevice Manager Launcher] C:\Program Files (x86)\Software4u\iDevice Manager\Software4u.IPELauncher.exe (Marx Softwareentwicklung - www.software4u.de) O4 - HKCU..\Run: [kis13.0.1.4190de-Setup.exe] C:\Users\Amar\Downloads\Kaspersky Internet Security 13.0.1.4190\kis13.0.1.4190de-Setup.exe File not found O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Amar\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\SysWOW64\PrxerNsp.dll (Initex Software) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex Software) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex Software) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7DF5E25-B9B6-475D-9B41-550A3971EFAD}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\Program Files (x86)\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\Program Files (x86)\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\devicesetup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\devicesetuplauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\hp officejet pro 8500 a910.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\hpqdtss.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\hpqlpvwr.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\hpscan.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\devicesetup.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\devicesetuplauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hp officejet pro 8500 a910.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hpqdtss.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hpqlpvwr.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hpscan.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{fdea26ef-a42d-11e2-990b-b870f4900592}\Shell - "" = AutoRun O33 - MountPoints2\{fdea26ef-a42d-11e2-990b-b870f4900592}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.02 14:51:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Amar\Desktop\OTL.exe [2013.07.02 14:21:47 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\Malwarebytes [2013.07.02 14:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.07.02 14:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.02 14:21:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.07.02 14:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.07.02 14:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.07.02 14:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.07.02 14:19:10 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.07.02 14:19:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.07.02 14:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files [2013.07.02 02:22:33 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pink Tissue [2013.07.02 02:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pink Tissue [2013.07.01 19:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GTA IV Vehicle Mod Installer [2013.07.01 19:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GTA IV Vehicle Mod Installer [2013.07.01 18:57:37 | 000,000,000 | ---D | C] -- C:\Users\Amar\Desktop\gta sa music [2013.07.01 18:34:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GTA San Andreas User Files [2013.07.01 18:27:25 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.07.01 17:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2013.06.28 14:00:43 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2 [2013.06.28 14:00:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2 [2013.06.28 14:00:28 | 001,431,552 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll [2013.06.28 14:00:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VstPlugins [2013.06.28 14:00:27 | 000,000,000 | ---D | C] -- C:\Users\Amar\Documents\Image-Line [2013.06.28 14:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line [2013.06.28 14:00:16 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line [2013.06.28 14:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim [2013.06.28 13:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line [2013.06.28 13:50:27 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\Image-Line [2013.06.27 22:06:59 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\Canneverbe Limited [2013.06.27 22:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2013.06.27 22:06:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP [2013.06.27 21:39:26 | 000,000,000 | ---D | C] -- C:\Users\Amar\Documents\Ableton [2013.06.27 21:39:26 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\Ableton [2013.06.27 21:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Propellerhead Software [2013.06.27 21:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Ableton [2013.06.23 19:14:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.06.23 19:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.06.23 19:09:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.06.23 19:08:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.06.23 18:46:08 | 000,073,728 | ---- | C] (Initex Software) -- C:\Windows\SysWow64\PrxerDrv.dll [2013.06.23 18:46:08 | 000,061,440 | ---- | C] (Initex Software) -- C:\Windows\SysWow64\PrxerNsp.dll [2013.06.23 18:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proxifier [2013.06.23 18:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Proxifier [2013.06.21 15:19:37 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\KW [2013.06.21 15:14:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013 [2013.06.21 15:14:48 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll [2013.06.21 15:14:09 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP [2013.06.21 15:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013.06.21 15:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2013.06.21 15:13:56 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys [2013.06.21 15:13:56 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys [2013.06.21 15:07:40 | 000,000,000 | --SD | C] -- C:\Users\Amar\Documents\Passwords Database [2013.06.21 14:24:01 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\dBpoweramp [2013.06.12 18:45:27 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\kuaiyong [2013.06.12 18:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\¿ìÓÃÆ»¹ûÖúÊÖ [2013.06.12 18:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\kuaiyong [2013.06.11 15:57:17 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\tweakcube3 [2013.06.11 15:55:50 | 000,000,000 | ---D | C] -- C:\Users\Amar\Documents\ihelper [2013.06.11 15:55:37 | 000,000,000 | ---D | C] -- C:\downloads [2013.06.11 15:51:07 | 000,000,000 | ---D | C] -- C:\Users\Amar\AppData\Roaming\ihelper [2013.06.11 15:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPÖúÊÖ [2013.06.11 15:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PPÖúÊÖ [2013.06.11 15:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.06.11 15:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.06.11 15:35:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.06.11 15:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.06.11 15:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.02 15:01:25 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.02 15:01:25 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.02 14:53:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.02 14:53:26 | 2133,217,279 | -HS- | M] () -- C:\hiberfil.sys [2013.07.02 14:52:33 | 000,000,020 | ---- | M] () -- C:\Users\Amar\defogger_reenable [2013.07.02 14:51:55 | 000,377,856 | ---- | M] () -- C:\Users\Amar\Desktop\gmer_2.1.19163.exe [2013.07.02 14:51:26 | 000,050,477 | ---- | M] () -- C:\Users\Amar\Desktop\Defogger.exe [2013.07.02 14:51:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amar\Desktop\OTL.exe [2013.07.02 14:21:34 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.02 14:19:16 | 000,001,387 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.07.02 02:23:33 | 000,001,138 | ---- | M] () -- C:\Users\Amar\Documents\ax_files.xml [2013.07.02 02:08:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.28 23:16:09 | 000,000,181 | ---- | M] () -- C:\Users\Amar\AppData\Roaming\Current.prx [2013.06.28 14:00:28 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 10.lnk [2013.06.28 13:55:54 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.28 13:55:53 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.28 13:47:31 | 001,994,940 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.06.28 13:47:31 | 000,840,512 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.28 13:47:31 | 000,794,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.28 13:47:31 | 000,203,746 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.28 13:47:31 | 000,175,934 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.28 13:47:24 | 001,994,940 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.27 21:26:09 | 000,000,132 | ---- | M] () -- C:\Users\Amar\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.06.21 15:36:07 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys [2013.06.21 15:36:07 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys [2013.06.21 15:36:07 | 000,054,368 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys [2013.06.21 15:36:06 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys [2013.06.21 15:15:49 | 000,002,348 | ---- | M] () -- C:\Users\Amar\Desktop\Sicherer Zahlungsverkehr.lnk [2013.06.21 15:14:49 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.02 14:52:33 | 000,000,020 | ---- | C] () -- C:\Users\Amar\defogger_reenable [2013.07.02 14:51:54 | 000,377,856 | ---- | C] () -- C:\Users\Amar\Desktop\gmer_2.1.19163.exe [2013.07.02 14:51:25 | 000,050,477 | ---- | C] () -- C:\Users\Amar\Desktop\Defogger.exe [2013.07.02 14:21:34 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.02 14:19:16 | 000,001,399 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.07.02 14:19:16 | 000,001,387 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.07.01 15:11:40 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.28 14:00:28 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 10.lnk [2013.06.28 13:55:54 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.06.28 13:55:53 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.27 22:06:50 | 000,001,907 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2013.06.27 21:30:24 | 000,000,881 | ---- | C] () -- C:\Users\Amar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Suite.lnk [2013.06.23 18:46:11 | 000,000,181 | ---- | C] () -- C:\Users\Amar\AppData\Roaming\Current.prx [2013.06.21 15:15:49 | 000,002,348 | ---- | C] () -- C:\Users\Amar\Desktop\Sicherer Zahlungsverkehr.lnk [2013.06.21 15:14:56 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk [2013.05.02 23:02:16 | 000,000,092 | ---- | C] () -- C:\Users\Amar\AppData\Local\fusioncache.dat [2013.05.02 21:29:15 | 000,000,584 | ---- | C] () -- C:\Windows\ODBC.INI [2013.04.22 17:50:39 | 000,000,118 | ---- | C] () -- C:\Windows\WinInit.Ini [2013.04.18 22:17:36 | 007,261,768 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2013.04.18 22:17:36 | 000,017,870 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2013.03.30 20:32:52 | 001,994,940 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.15 16:02:03 | 000,017,408 | ---- | C] () -- C:\Users\Amar\AppData\Local\WebpageIcons.db [2013.02.13 21:15:49 | 000,000,132 | ---- | C] () -- C:\Users\Amar\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen [2013.02.11 23:44:27 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2013.02.11 18:54:08 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013.02.10 23:23:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.02.10 23:20:51 | 000,003,126 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2012.12.19 21:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.12.19 21:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.06.01 06:31:02 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2004.08.26 04:14:58 | 000,000,259 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1029634848-2562057846-3894920487-1001\$RS9ZZ3Z\Source\Source\boost_1_34_1\boost_1_34_1\tools\build\v2\example\variant\libs\l.cpp [2002.08.16 07:25:22 | 000,000,028 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1029634848-2562057846-3894920487-1001\$RS9ZZ3Z\Source\Source\boost_1_34_1\boost_1_34_1\tools\build\v2\test\generators-test\x.l [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.07.01 16:55:27 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\.minecraft [2006.06.11 10:35:34 | 000,000,000 | -H-D | M] -- C:\Users\Amar\AppData\Roaming\024FB306 [2013.06.27 21:39:41 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\Ableton [2013.06.27 22:06:59 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\Canneverbe Limited [2013.06.21 14:33:16 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\dBpoweramp [2013.04.18 22:19:03 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\foobar2000 [2013.04.10 15:09:14 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\HTC [2013.06.20 18:36:40 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\ihelper [2013.06.28 13:50:27 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\Image-Line [2013.04.20 20:00:30 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\ImgBurn [2013.07.02 14:29:05 | 000,000,000 | RHSD | M] -- C:\Users\Amar\AppData\Roaming\install [2013.02.18 21:55:14 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\JavaEditor [2013.06.12 18:45:27 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\kuaiyong [2013.06.21 15:31:11 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\KW [2013.03.11 16:20:33 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\mp3DirectCut [2013.05.22 12:51:37 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\Mp3tag [2013.02.21 19:56:42 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\NetBeans [2013.05.09 00:15:50 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\PhotoScape [2013.03.30 20:37:19 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\Software4u [2013.06.27 21:00:50 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\Spotify [2013.05.02 23:45:33 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\TeamViewer [2013.02.11 13:27:00 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\TuneUp Software [2013.06.12 17:45:35 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\tweakcube3 [2013.04.23 12:25:42 | 000,000,000 | ---D | M] -- C:\Users\Amar\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 02.07.2013 14:56:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amar\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,43 Gb Available Physical Memory | 68,08% Memory free
15,96 Gb Paging File | 12,43 Gb Available in Paging File | 77,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 658,12 Gb Total Space | 338,90 Gb Free Space | 51,50% Space Free | Partition Type: NTFS
Computer Name: AMAR-PC | User Name: Amar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A586EBD-D5DF-43B2-935B-576015E49363}" = lport=139 | protocol=6 | dir=in | app=system |
"{357C2FC0-E46D-49FD-809C-77C3A69F4889}" = lport=445 | protocol=6 | dir=in | app=system |
"{3BB3E473-1297-4687-87F6-81D136A9F54A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3CA34792-2661-446B-87CC-D34D6244AA06}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F7F1D31-52F2-4C24-BB9A-99214FD061E8}" = lport=138 | protocol=17 | dir=in | app=system |
"{4B541792-F861-46EB-B02D-BD3E9A8C8AC0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82566D63-06BF-490D-AD88-3D352A1871CC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A9A84B32-AE0D-41D4-A9BB-890DB37D8EE1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AD966234-2A27-4978-AA70-8F4A51F37369}" = rport=137 | protocol=17 | dir=out | app=system |
"{B9C1572D-8C5D-4D60-9756-BE244C1D89D9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C8F712E0-E976-4979-916D-24F4FB7655DE}" = rport=445 | protocol=6 | dir=out | app=system |
"{CF58604B-2E68-414E-A85A-84CDAFAEE071}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0EC9D7F-2474-4ED5-A9B3-BDB9798BB39F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{D1BE9EDE-1791-4008-82D2-6F55B46DA753}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D1E8C905-D439-48B3-89D0-F92FA947ED92}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7D47619-BFF2-4F51-B547-AC20A2D1DAAD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D80A341B-105C-4089-946C-0F9C5BF8FE09}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E1D80313-EE2E-4266-876F-37D6E59980EE}" = lport=137 | protocol=17 | dir=in | app=system |
"{E733C8B6-9A0C-4625-B531-A3E8F4F9A935}" = rport=138 | protocol=17 | dir=out | app=system |
"{EE5061C6-2EB0-4F7C-B643-3C07FABD66A0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F28E0FBA-86DE-47ED-9F7A-13881EADC5E3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F76A573F-AD8A-4369-8FE1-CF82EC3B0A80}" = rport=139 | protocol=6 | dir=out | app=system |
"{FB28AC93-9679-4491-B076-0E13A6C687C1}" = lport=3306 | protocol=6 | dir=in | name=port 3306 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D2FEFF-4F7D-4495-9239-DAB20C04EF58}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{043331F2-9B7C-4908-B516-C63F90CA344A}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe |
"{07FC4C58-1312-4105-BCBD-B06B6D19390F}" = protocol=6 | dir=in | app=c:\users\amar\appdata\roaming\utorrent\utorrent.exe |
"{0FD4BF93-2722-491D-AEB7-8944C1A05BF5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1006297E-252D-45E3-B987-E7D142B5002B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{110BA694-1BB2-4A42-8C43-1768A4F64CCB}" = protocol=6 | dir=out | app=system |
"{1309E647-4EEB-4175-89FB-ADCD22259CA9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{15C7C9C8-7918-4B5A-895A-7DDD99C407BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1B66537C-A70F-40F0-9EC3-3F97F88CC944}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\digitalwizards.exe |
"{2039EA2C-A77A-44E5-BB3D-52E036F3893F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{213D4622-D09F-4B14-BF58-0B2029E7D0DA}" = protocol=17 | dir=in | app=c:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe |
"{21FC6784-178D-4E95-9911-F1C37C90CA3A}" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 13\manager13.exe |
"{26FF767C-F25C-49E8-ACE9-77930AE69AC9}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |
"{290BFD85-C135-49C8-B3BB-8D7D5727A3E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2B2F50C8-6BFD-4177-98DC-F19D4F985EDA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2D5176E4-431C-4530-9AE5-C34275B697B1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{30613E20-3E91-46D0-A954-53BF96BE8D56}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3EF33227-BFA9-49D2-A3FA-4C15E5F80123}" = protocol=17 | dir=in | app=c:\users\amar\appdata\roaming\utorrent\utorrent.exe |
"{42025C8A-90F4-4107-AA76-C727F380271A}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\faxapplications.exe |
"{42451417-D44F-41AE-B26C-404349071540}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{425841C4-EDA2-48D1-B0BE-2D922BAC38D5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{441CC7FB-6900-4920-9343-3771C0406696}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{48F4E0B0-A9B5-4C83-BE04-7E1976E760E1}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe |
"{5994DF41-56B4-48E4-8EB1-C83921A0D00A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
"{59F3BC66-7748-4DEA-BF6C-6D9F28051F17}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{61C93251-94E2-4C1E-A438-57F28FB2B417}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicatorcom.exe |
"{689D1B7F-0AC6-401F-A679-BADA3C8F0AEA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BA7B4C1-C0F7-43C7-B0D7-5112D5359204}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{7A13024E-A987-4D05-8031-0A69E4C89125}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{7A3A3AF9-24F3-4158-9D6B-7D5362AABCB9}" = protocol=6 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{7D04079D-DC69-4318-BEA4-6BC099B58C3B}" = protocol=17 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{8995B238-5B36-4D33-84CD-9A895CCB0E34}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8B05F618-8C94-48A4-873E-1A549093328E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8BE980B8-885E-4316-8EA4-3EEA89914C06}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{8F8AB82B-2AB4-4AD5-A813-0BC970DDDA34}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9300AD1C-765C-4346-9A0F-8C7CCB483451}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A82EB775-60B6-4493-B2FC-1457757921DD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AED67B8B-FEDD-4EB0-B5D8-E231BF206F9A}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe |
"{B30C9D1F-8F7B-47A5-B72F-1A8C9D58C1FD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{B442256E-7E18-4E63-8FE2-883F756739A9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{BB4F288A-766A-43DE-9AE6-AD9CC125E272}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BB5EA5AF-1065-4356-8EB0-A148CD1DC005}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C36F9F54-63DC-4832-BA6E-F4B331D45D13}" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 13\manager13.exe |
"{C48BB313-6D38-49CB-8605-9ED7EEA1EFA3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C7AF1D9A-AFDB-4956-B8A8-2BC25512802E}" = dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\sendafax.exe |
"{D6253D37-667E-4B4F-92BF-0ED2BEE44B19}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D678A5A2-E25E-4DC1-9100-B8D5D89E5C35}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
"{E9CF2BA8-5652-4A74-847C-D2CACFB22F0D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EAEE54D9-8C03-4D24-B95A-1D6322C0AA1E}" = protocol=6 | dir=in | app=c:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe |
"{F2D01E7C-B4B6-488B-8E0C-AA468D077120}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB5C1ECA-E9AF-45E8-85DE-935F6513456B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FD352E30-C800-40D5-95A8-ED5C9829B705}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\eflc\launcheflc.exe |
"TCP Query User{662332FD-2532-47F8-AE44-FA88E8E15923}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe |
"TCP Query User{699B5DDF-69F5-4E2E-8160-8E5F552D998F}C:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\javaw.exe |
"UDP Query User{134676A5-06DA-4606-9494-209184DB0EB9}C:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\common files\i4j_jres\1.6.0_27\bin\javaw.exe |
"UDP Query User{C15DB273-6E17-409C-A634-A47D36840DA0}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0838B70E-B35E-AC61-EF41-3E9472AD6C41}" = AMD Drag and Drop Transcoding
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC4
"{0A8BEF69-0DD7-4A8F-9AED-0CB91BEBCB58}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0B4D413C-9E19-4087-AA21-D7BD1A9B3075}" = SQL Server 2008 R2 Common Files
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{26A24AE4-039D-4CA4-87B4-2F86417013FF}" = Java 7 Update 13 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{362A3FDF-B12E-436A-9097-1B795A9FFCC5}" = Microsoft SQL Server 2008 R2 Native Client
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{56DA0CB5-ABD2-4318-BEAB-62FDBC9B12CC}" = MySQL Server 5.6
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{629C521E-5C03-4A17-9851-F8313A41BB20}" = Ableton Live 9 Suite
"{64A3A4F4-B792-11D6-A78A-00B0D0170130}" = Java SE Development Kit 7 Update 13 (64-bit)
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 Management Studio
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{79FB3E7E-FD92-49A9-AAD1-193EE4CB85D3}" = Microsoft SQL Server 2008 R2 Setup (English)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89DF2F55-6625-49D7-BC0D-326FE62DD98E}" = Microsoft SQL Server 2008 Database Engine Services
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E7D00D0-255E-F084-28A3-400DCD5EF8A7}" = ccc-utility64
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUS_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUS_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9FFAE13C-6160-4DD0-A67A-DAC5994F81BD}" = Microsoft SQL Server 2008 Database Engine Services
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D49B01F1-79D6-4448-916E-152832EC3B64}" = SQL Server 2008 R2 Management Studio
"{E35C24C7-231F-4AAB-8B22-A59F9A00BED3}" = Microsoft SQL Server 2008 RsFx Driver
"{ED321628-843E-4319-8C6D-CB3C919323AC}" = MysticThumbs
"{F37A899E-1745-52F5-658F-9A4DA4D46BB7}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F800CF18-6470-D909-B460-73F2F41030B4}" = AMD Accelerated Video Transcoding
"{F9434B34-EDCA-DF34-FD55-8D66DF8DBECF}" = AMD Media Foundation Decoders
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Elantech" = ETDWare PS/2-X64 8.0.6.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"nbi-nb-base-7.3.0.0.201302132200" = NetBeans IDE 7.3
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{03B442FC-5A92-490B-8A13-4EBAEA08D857}" = MySQL Connector J
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0C91919D-0386-C260-0822-7A01C5BCD58A}" = CCC Help Greek
"{132E7CFD-3508-4605-90C9-1C9631C56229}" = MySQL Documents 5.6
"{143593DA-4632-50AE-A6D9-7676695B33C8}" = CCC Help Finnish
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = MediaEspresso
"{16584456-9AD2-3FA4-C8B5-B2EE2D856E6C}" = Catalyst Control Center Localization All
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1C7BC0A1-2EBB-4637-B48D-A5C7C43004CD}" = 人妻ンション2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20610409-CA18-41A6-9E21-A93AE82EE7C5}" = Visual Studio .NET Professional 2003 - English
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BB114DA-C718-45FE-8AB9-DEFFF0EA5569}_is1" = Grand Theft Auto San Andreas
"{2E3FA0CF-AC2D-4E6F-8EF3-D75E91681441}_is1" = ¿ìÓÃÆ»¹ûÖúÊÖ 2.0.1.0
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{33365E1D-B501-AA04-F802-88BF0A4DB9F7}" = CCC Help French
"{3888A22E-1A9E-4DBE-A93B-42385141F37D}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools DEU
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E39024D-9F83-4BF2-B87F-0768608FE0B5}" = MySQL Installer
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{43C5AF90-0558-590E-30A3-7A8FEEA4B45B}" = Catalyst Control Center Graphics Previews Common
"{441B922B-E0AC-F7BB-E577-095E3E3B8D03}" = CCC Help Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008-Browser
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{5086BF95-2E26-183E-E63D-D25F9963D2B1}" = PX Profile Update
"{50ABF86D-0BDB-31AD-97FD-E8A55564EBF9}" = Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028702}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038702}" = Grand Theft Auto: Episodes from Liberty City
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5C03C49F-662A-B4EF-E5EC-1C1FFFDD6578}" = CCC Help Norwegian
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 11.33a, 2013.02.11
"{6833245E-DD86-479A-882A-8360D62C8194}" = NVIDIA PhysX
"{69ABD76E-52E6-E809-9E6B-B6E194DF6E30}" = CCC Help Portuguese
"{6C84C3D8-F2E1-EF85-34E2-EFD8C583A414}" = CCC Help Swedish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{78033A38-50E2-4A65-823F-C1B34DF9FE41}" = Microsoft SQL Server 2008 R2-Richtlinien
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DA5255C-EE35-848E-4482-407BB876BD15}" = CCC Help Russian
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 2.2.1.3
"{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13
"{831C840A-8331-E269-24EE-52A3EDEC8830}" = CCC Help Chinese Traditional
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8343C2D8-09DF-38B3-9D1A-A26148918E45}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF92104-2955-867B-E374-63FA2AB55CC4}" = CCC Help Korean
"{9BC10B90-1592-3C5A-BBA7-BACDA0B52405}" = CCC Help Japanese
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A71AF1EF-6C46-DC9A-84C0-0DADE7F3BEEE}" = CCC Help Hungarian
"{A7527D8A-4C50-9D56-CB37-922E1EC96B82}" = CCC Help Thai
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B7416D0F-8282-468A-5C3D-CA5713B6F4C0}" = Catalyst Control Center
"{B78CFC07-B623-4995-ADCC-B2B4D59D083A}" = HTC Sync
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{BD21728C-22C5-2D69-2F52-C4437E8FF02E}" = Catalyst Control Center InstallProxy
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{CA311B78-954E-44BC-913F-B5B8B74A786B}" = CCC Help German
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{E0184F33-58CA-A249-0D1B-F23F9206410D}" = CCC Help English
"{E28884AE-E40E-2F71-9511-8CC8C071147F}" = CCC Help Chinese Standard
"{E3DB1759-C652-E0E3-5B88-76286BF9B6D0}" = CCC Help Dutch
"{E4F26D72-E0BA-33B5-E5A4-542C545EFAAA}" = CCC Help Polish
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{E8AC6BBD-9A99-404C-9638-F633312CD441}_is1" = Batman: Arkham City Digital Deluxe Edition
"{E9820957-CB43-3BD1-3A00-25C7CB37EE1D}" = CCC Help Danish
"{ECC9BBF1-5735-F27B-E25A-5522D8B3F044}" = CCC Help Italian
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EEC3A4C1-2B49-00CF-DA00-B27DC267236E}" = CCC Help Spanish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47662E5-C972-89F6-0416-5BAC56E835F9}" = CCC Help Czech
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"0630-0716-3135-7887" = JDownloader 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASIO4ALL" = ASIO4ALL
"BioShock Infinite_is1" = BioShock Infinite
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"Deus Ex Human Revolution_is1" = Deus Ex Human Revolution
"DX10" = DX10
"Edison" = Edison
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"FL Studio 10" = FL Studio 10
"foobar2000" = foobar2000 v1.2.4
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"GTA IV Vehicle Mod Installer v1.5_is1" = GTA IV Vehicle Mod Installer v1.5
"Identity Card" = Identity Card
"IL Download Manager" = IL Download Manager
"IL DrumSynth Live" = IL DrumSynth Live
"IL Shared Libraries" = IL Shared Libraries
"IL Slicex" = IL Slicex
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU" = Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - DEU
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.55a
"PhotoScape" = PhotoScape
"PPÖúÊÖ PC°æ" = PPÖúÊÖ PC°æ 0.8.8
"Proxifier_is1" = Proxifier version 2.91
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"SimSynth" = SimSynth
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"uTorrent" = µTorrent
"Visual Studio .NET Professional 2003 - English" = Microsoft Visual Studio .NET Professional 2003 - English
"VLC media player" = VLC media player 2.0.6
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.05.2013 16:52:20 | Computer Name = Amar-PC | Source = COM+ | ID = 4792
Description =
Error - 02.05.2013 16:52:20 | Computer Name = Amar-PC | Source = COM+ | ID = 4792
Description =
Error - 02.05.2013 16:52:20 | Computer Name = Amar-PC | Source = COM+ | ID = 4792
Description =
Error - 02.05.2013 16:52:21 | Computer Name = Amar-PC | Source = COM+ | ID = 4792
Description =
Error - 02.05.2013 16:52:21 | Computer Name = Amar-PC | Source = COM+ | ID = 4792
Description =
Error - 02.05.2013 16:52:21 | Computer Name = Amar-PC | Source = COM+ | ID = 4792
Description =
Error - 02.05.2013 16:52:21 | Computer Name = Amar-PC | Source = COM+ | ID = 4792
Description =
Error - 02.05.2013 16:52:21 | Computer Name = Amar-PC | Source = COM+ | ID = 4792
Description =
Error - 02.05.2013 16:52:21 | Computer Name = Amar-PC | Source = System.EnterpriseServices | ID = 0
Description = System.EnterpriseServices failed to install. Please fix the problem
(see exception below) and run 'regasm System.EnterpriseServices.dll' again to install
System.EnterpriseServices. Exception: 'System.Runtime.InteropServices.COMException
(0x8011043B): Die Registrierungsdatei ist beschädigt. at System.EnterpriseServices.Admin.ICatalog2.CurrentPartition(String
bstrPartitionIDOrName) at System.EnterpriseServices.RegistrationHelperTx.InstallUtilityApplication(Type
t)'
Error - 02.05.2013 17:00:21 | Computer Name = Amar-PC | Source = Application Hang | ID = 1002
Description = Programm Neuz.exe, Version 3.8.22.1 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1c4c Startzeit:
01ce4777cb77bb3d Endzeit: 17 Anwendungspfad: C:\Users\Amar\Downloads\GoH-Client\Client\Neuz.exe
Berichts-ID:
4bc87c04-b36b-11e2-9d8e-b870f4900592
[ System Events ]
Error - 28.05.2013 19:55:02 | Computer Name = Amar-PC | Source = DCOM | ID = 10016
Description =
Error - 28.05.2013 20:05:02 | Computer Name = Amar-PC | Source = DCOM | ID = 10016
Description =
Error - 28.05.2013 20:15:02 | Computer Name = Amar-PC | Source = DCOM | ID = 10016
Description =
Error - 28.05.2013 20:25:02 | Computer Name = Amar-PC | Source = DCOM | ID = 10016
Description =
Error - 28.05.2013 20:35:02 | Computer Name = Amar-PC | Source = DCOM | ID = 10016
Description =
Error - 28.05.2013 20:45:02 | Computer Name = Amar-PC | Source = DCOM | ID = 10016
Description =
Error - 28.05.2013 20:55:02 | Computer Name = Amar-PC | Source = DCOM | ID = 10016
Description =
Error - 28.05.2013 21:05:02 | Computer Name = Amar-PC | Source = DCOM | ID = 10016
Description =
Error - 28.05.2013 21:15:02 | Computer Name = Amar-PC | Source = DCOM | ID = 10016
Description =
Error - 28.05.2013 21:25:02 | Computer Name = Amar-PC | Source = DCOM | ID = 10016
Description =
Gmer.txt Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-02 15:58:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Amar\AppData\Local\Temp\kwldrpob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1848] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000777dfa88 5 bytes JMP 00000001731f19b0
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1848] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777e0018 5 bytes JMP 00000001731f2066
.text c:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1004] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077791465 2 bytes [79, 77]
.text c:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1004] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000777914bb 2 bytes [79, 77]
.text ... * 2
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077791465 2 bytes [79, 77]
.text C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe[2080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777914bb 2 bytes [79, 77]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2256] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077791465 2 bytes [79, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2256] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000777914bb 2 bytes [79, 77]
.text ... * 2
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077791465 2 bytes [79, 77]
.text C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3144] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777914bb 2 bytes [79, 77]
.text ... * 2
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077791465 2 bytes [79, 77]
.text C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe[5008] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000777914bb 2 bytes [79, 77]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4172] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077791465 2 bytes [79, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4172] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000777914bb 2 bytes [79, 77]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [7116:4400] 000007feea1e9688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDC 0x5E 0x4E 0x4C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7A 0xDB 0xCE 0x5B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x5F 0x22 0x0A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x0B 0xF5 0xFE 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDC 0x5E 0x4E 0x4C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7A 0xDB 0xCE 0x5B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x63 0x5F 0x22 0x0A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x0B 0xF5 0xFE 0x36 ...
---- Files - GMER 2.1 ----
File C:\Users\Amar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJKSYSTB\clients[1].txt 0 bytes
---- EOF - GMER 2.1 ----
DANKE ! |
| Themen zu Trojan.FakeMs in C:\Windows\AppData\Temp |
| adobe reader xi, bho, bonjour, ebanking, error, excel, failed, firefox, flash player, grand theft auto, home, iexplore.exe, installation, kaspersky, kaspersky internet security 2013, kis, logfile, mozilla, ntdll.dll, officejet, plug-in, pmmupdate.exe, programm, realtek, registry, safer networking, scan, security, server, software, spotify web helper, svchost.exe, tastatur, trojaner, visual studio, windows, wscript.exe |
Baum-Darstellung