| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: QVO6.COM wird durch MS IE immer aufgerufenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.07.2013, 11:46
| #1 |
 |  QVO6.COM wird durch MS IE immer aufgerufen Hallo, sieht so aus, als hätte ich mir einen Trojaner eingefangen :-( MS IE ruft immer die Seite QVO6.COM auf. Chrome habe ich neu installiert und das Problem war weg. Folgendes habe ich bereits durchgeführt, aber leider ohne Erfolg: 1) Alle verdächtigen Addons im MS IE gelöscht. 2) Startseite im IE korrigiert. 3) Full scan mit Kaspersky. Hat was gefunden, aber hat nix genützt. 4) Full scan mit Malwarebytes. Hat was gefunden, aber hat nix genützt. Nun wende ich mich an Euch mit den entsprechenden Logs und hoffe auf Hilfe. Die Logs sind zu lang, daher als attachment. |
|
16.07.2013, 11:48
| #2 |
| /// the machine /// TB-Ausbilder    |  QVO6.COM wird durch MS IE immer aufgerufen hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
16.07.2013, 13:36
| #3 |
| | OTL und Extras OTL
__________________Code:
ATTFilter OTL logfile created on: 15.07.2013 19:36:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 6,10 Gb Available Physical Memory | 77,09% Memory free 15,81 Gb Paging File | 13,91 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 305,67 Gb Total Space | 188,84 Gb Free Space | 61,78% Space Free | Partition Type: NTFS Drive D: | 367,97 Gb Total Space | 154,03 Gb Free Space | 41,86% Space Free | Partition Type: NTFS Computer Name: NOTEBOOK | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.15 13:36:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\2 OTL.exe PRC - [2013.07.13 16:08:47 | 000,386,112 | ---- | M] (Wsys Co., Ltd.) -- C:\ProgramData\eSafe\eGdpSvc.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.10.22 12:52:30 | 002,073,416 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe PRC - [2012.10.22 12:48:32 | 000,770,888 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe PRC - [2012.10.22 12:48:26 | 000,283,464 | ---- | M] () -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe PRC - [2012.10.22 12:48:20 | 000,557,896 | ---- | M] (PacketVideo) -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe PRC - [2011.11.20 08:07:19 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2011.11.17 01:04:20 | 000,822,384 | ---- | M] (ACD Systems) -- C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe PRC - [2011.07.08 02:32:30 | 000,088,704 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe PRC - [2011.07.07 01:20:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe PRC - [2011.06.30 02:16:10 | 000,503,728 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe PRC - [2011.05.27 18:17:20 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011.05.27 15:59:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.05.25 16:53:36 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2011.05.20 21:01:06 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2011.05.11 01:55:40 | 000,338,208 | -H-- | M] (Splashtop Inc.) -- C:\ASUS.SYS\SIONExportService.exe PRC - [2011.03.13 20:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011.01.15 01:41:58 | 001,839,616 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2010.10.08 00:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010.10.06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.10.06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.08.18 00:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.07.10 08:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe PRC - [2010.02.03 10:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2009.11.03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.08.04 18:21:58 | 000,030,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe PRC - [2009.06.24 11:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe PRC - [2009.06.19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.14 07:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe PRC - [2008.06.05 11:19:18 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe ========== Modules (No Company Name) ========== MOD - [2013.07.13 13:47:37 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f752f8cf702b7c7eff6c659b2e0c760a\System.ServiceProcess.ni.dll MOD - [2013.07.13 13:46:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c8ea295fd4dce110b32c3c4f0e3807b2\System.Runtime.Remoting.ni.dll MOD - [2013.07.13 13:45:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll MOD - [2013.07.13 13:45:30 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll MOD - [2013.07.13 13:44:44 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll MOD - [2013.07.13 13:44:35 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll MOD - [2013.07.13 13:44:33 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll MOD - [2013.07.13 13:44:20 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.06.09 05:24:50 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2011.02.19 06:23:22 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2010.11.05 03:57:48 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll MOD - [2009.11.03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.08.04 18:23:16 | 000,063,032 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll MOD - [2009.08.04 18:23:02 | 000,075,320 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2011.11.11 04:08:32 | 000,126,520 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService) SRV:64bit: - [2011.01.26 00:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.04.17 02:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2013.07.13 16:08:47 | 000,386,112 | ---- | M] (Wsys Co., Ltd.) [Auto | Running] -- C:\ProgramData\eSafe\eGdpSvc.exe -- (WsysSvc) SRV - [2013.06.11 20:28:54 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.10.31 23:35:39 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP) SRV - [2012.10.22 12:48:32 | 000,770,888 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe -- (TwonkyProxy) SRV - [2012.10.22 12:48:26 | 000,283,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe -- (TwonkyWebDav) SRV - [2012.10.22 12:48:20 | 000,557,896 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe -- (TwonkyServer) SRV - [2011.07.08 02:32:30 | 000,088,704 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe -- (ASUS InstantOn) SRV - [2011.05.27 18:17:20 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.05.27 15:59:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.05.11 01:55:40 | 000,338,208 | -H-- | M] (Splashtop Inc.) [Auto | Running] -- C:\ASUS.SYS\SIONExportService.exe -- (Splashtop MDES) SRV - [2011.04.20 19:57:02 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56) SRV - [2011.03.13 20:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011.03.13 20:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2011.01.15 01:41:58 | 001,839,616 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2010.10.06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.10.06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.24 11:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.08.07 20:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.31 23:36:49 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.10.08 14:09:34 | 000,054,272 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GigasetGenericUSB_x64.sys -- (GigasetGenericUSB_x64) DRV:64bit: - [2012.09.12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.08 06:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2011.12.08 06:22:38 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2011.10.08 09:28:44 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews) DRV:64bit: - [2011.10.07 11:49:50 | 002,770,944 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.06.09 05:24:50 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.06.02 20:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.06.02 20:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.05.24 03:17:08 | 012,259,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.05.05 14:32:56 | 001,439,792 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.04.26 05:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.03.18 07:36:18 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2011.03.13 20:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.03.13 20:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.03.13 20:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.03.13 20:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.03.13 20:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.03.13 20:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.03.13 20:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.03.04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2011.03.03 15:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.02.26 03:42:18 | 000,016,768 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger) DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.21 19:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.08.24 11:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.04.17 02:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.11.02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008.05.23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2011.05.26 05:06:20 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO_) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521 IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10053&barid={C85C127E-EC11-11E2-978C-742F68E36D21} IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521 IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10053&barid={C85C127E-EC11-11E2-978C-742F68E36D21} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {1040F243-993E-498C-8A81-980D0B85852F} IE - HKCU\..\SearchScopes\{1040F243-993E-498C-8A81-980D0B85852F}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_deDE474 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 15:27:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012.10.31 23:36:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 23:36:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\Lyrics@LyricsContainer.co: C:\Program Files (x86)\LyricsContainer\120.xpi [2013.07.14 01:12:02 | 000,007,589 | ---- | M] () ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = hxxp://www.google.de/search?q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://google.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll CHR - Extension: LyricsContainer = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh\1.120_0\ CHR - Extension: Docs = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Modul zur Link-Untersuchung = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\ CHR - Extension: Plus-HD-1.6 = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.23.23_0\crossrider CHR - Extension: Plus-HD-1.6 = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.23.23_0\ CHR - Extension: Anti-Banner = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Plus-HD-1.6) - {11111111-1111-1111-1111-110311201102} - C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll (Plus HD) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ACPW05DE] C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe (ACD Systems) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC) O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\02 Microsoft Outlook 2010.lnk = C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{013308F2-961A-4F19-9F50-4B85ABC34572}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SISetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.15 19:32:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Anti-Malware [2013.07.15 19:16:37 | 000,000,000 | R--D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.07.15 13:51:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\2 OTL.exe [2013.07.14 23:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.07.14 17:07:55 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2013.07.14 17:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.07.14 17:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.14 17:06:41 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.07.14 17:06:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.07.14 17:06:25 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Programs [2013.07.14 01:13:19 | 000,000,000 | ---D | C] -- C:\Users\xxx\Qtrax [2013.07.14 01:12:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plus-HD-1.6 [2013.07.14 01:12:31 | 004,953,944 | ---- | C] (FLVMPlayer ) -- C:\Users\xxx\Desktop\FLVMPlayer.exe [2013.07.14 01:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricsContainer [2013.07.13 16:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs [2013.07.13 16:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite [2013.07.13 16:15:08 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\NCH Software [2013.07.13 16:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software [2013.07.13 16:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Videoverwandte Programme [2013.07.13 16:14:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Produktpalette [2013.07.13 16:14:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software [2013.07.13 16:08:58 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\WebCake [2013.07.13 16:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.07.13 16:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe [2013.07.13 16:08:18 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\eIntaller [2013.07.13 16:08:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Dealply [2013.07.13 16:07:58 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly [2013.07.13 16:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly [2013.07.13 16:07:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\SwvUpdater ========== Files - Modified Within 30 Days ========== [2013.07.15 19:33:31 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable [2013.07.15 19:32:10 | 001,529,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.15 19:32:10 | 000,665,812 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.15 19:32:10 | 000,627,654 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.15 19:32:10 | 000,133,992 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.15 19:32:10 | 000,110,374 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.15 19:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.15 19:26:52 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx [2013.07.15 19:25:27 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.15 19:25:27 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.15 19:18:11 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\LyricsContainer Update.job [2013.07.15 19:15:23 | 000,001,914 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.6-chromeinstaller.job [2013.07.15 19:15:22 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2013.07.15 19:15:22 | 000,001,206 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.6-codedownloader.job [2013.07.15 19:15:22 | 000,001,202 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.6-updater.job [2013.07.15 19:15:22 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.15 19:15:22 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\Plus-HD-1.6-enabler.job [2013.07.15 19:15:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.15 19:14:58 | 2072,027,135 | -HS- | M] () -- C:\hiberfil.sys [2013.07.15 13:38:04 | 000,377,856 | ---- | M] () -- C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe [2013.07.15 13:36:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\2 OTL.exe [2013.07.15 07:46:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.15 07:08:00 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\Dealply.job [2013.07.15 02:57:15 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.07.14 17:06:44 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.14 16:09:36 | 000,001,574 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2013.07.14 16:08:03 | 000,002,532 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2013.07.14 01:14:16 | 000,002,367 | ---- | M] () -- C:\Users\xxx\Desktop\Qtrax Player.lnk [2013.07.14 01:12:59 | 004,953,944 | ---- | M] (FLVMPlayer ) -- C:\Users\xxx\Desktop\FLVMPlayer.exe [2013.07.13 17:00:27 | 000,203,776 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.07.13 16:15:25 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\VideoPad Videobearbeitungs-Software.lnk [2013.07.13 16:14:26 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Prism Videodatei-Konverter.lnk [2013.07.13 13:30:18 | 000,498,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.03 22:40:44 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.07.03 22:40:43 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.06.23 18:29:39 | 000,001,334 | ---- | M] () -- C:\Users\Public\Desktop\Saturn Fotoservice.lnk [2013.06.22 19:02:42 | 000,000,224 | ---- | M] () -- C:\WifiInfo.ini.enc ========== Files Created - No Company Name ========== [2013.07.15 19:33:31 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable [2013.07.15 19:31:44 | 000,377,856 | ---- | C] () -- C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe [2013.07.14 23:20:40 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.07.14 17:06:44 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.14 01:14:16 | 000,002,367 | ---- | C] () -- C:\Users\xxx\Desktop\Qtrax Player.lnk [2013.07.14 01:14:15 | 000,002,397 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk [2013.07.14 01:13:15 | 000,001,202 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.6-updater.job [2013.07.14 01:13:12 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.6-enabler.job [2013.07.14 01:13:07 | 000,001,206 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.6-codedownloader.job [2013.07.14 01:12:46 | 000,001,914 | ---- | C] () -- C:\Windows\tasks\Plus-HD-1.6-chromeinstaller.job [2013.07.14 01:12:02 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\LyricsContainer Update.job [2013.07.13 16:15:25 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Videobearbeitungs-Software.lnk [2013.07.13 16:15:25 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\VideoPad Videobearbeitungs-Software.lnk [2013.07.13 16:14:26 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Videodatei-Konverter.lnk [2013.07.13 16:14:26 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Prism Videodatei-Konverter.lnk [2013.07.13 16:08:14 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\Dealply.job [2013.07.03 22:40:44 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.07.03 22:40:43 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.24 19:29:18 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv7 [2012.12.02 23:34:28 | 000,000,639 | ---- | C] () -- C:\Users\xxx\_Musik - Verknüpfung.lnk [2012.12.02 23:34:22 | 000,000,639 | ---- | C] () -- C:\Users\xxx\_Fotos - Verknüpfung.lnk [2012.12.02 23:34:16 | 000,000,676 | ---- | C] () -- C:\Users\xxx\_Daten_Jens - Verknüpfung.lnk [2012.12.02 23:34:08 | 000,000,683 | ---- | C] () -- C:\Users\xxx\_Daten_Beide - Verknüpfung.lnk [2012.12.02 23:34:02 | 000,000,676 | ---- | C] () -- C:\Users\xxx\_Daten_Anja - Verknüpfung.lnk [2012.12.02 22:53:38 | 000,038,435 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2012.02.28 19:13:29 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2012.02.27 18:07:48 | 000,017,408 | ---- | C] () -- C:\Users\xxx\AppData\Local\WebpageIcons.db [2012.02.24 18:49:41 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Basic Synth [2012.02.24 18:49:41 | 000,000,268 | RH-- | C] () -- C:\Users\xxx\AppData\Roaming\Authentication [2012.02.24 18:49:41 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2012.02.23 22:48:14 | 000,203,776 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.11.20 07:37:51 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011.08.19 04:33:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.08.19 04:32:39 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.08.19 04:32:36 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.08.19 04:32:34 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.04.13 04:48:48 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.02.23 22:45:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ACD Systems [2012.02.23 21:16:04 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ASUS WebStorage [2012.02.28 19:38:19 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canneverbe Limited [2013.07.13 16:08:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dealply [2013.07.13 16:08:18 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\eIntaller [2012.12.27 20:54:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\elsterformular [2012.02.28 12:01:11 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mp3DirectCut [2013.06.11 11:34:12 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Mp3tag [2012.02.25 14:44:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nikon [2012.02.24 18:28:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Nuance [2013.02.15 23:21:06 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\streamWriter [2012.02.23 21:23:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Tools [2013.02.24 19:29:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TwonkyServer [2013.07.14 23:00:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\WebCake [2012.12.02 19:21:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Windows Live Writer [2012.02.24 18:28:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Zeon ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.07.2013 19:36:33 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,91 Gb Total Physical Memory | 6,10 Gb Available Physical Memory | 77,09% Memory free
15,81 Gb Paging File | 13,91 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 305,67 Gb Total Space | 188,84 Gb Free Space | 61,78% Space Free | Partition Type: NTFS
Drive D: | 367,97 Gb Total Space | 154,03 Gb Free Space | 41,86% Space Free | Partition Type: NTFS
Computer Name: NOTEBOOK | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Saturn Fotoservice\Saturn Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Saturn Fotoservice] -- "C:\Program Files (x86)\Saturn Fotoservice\Saturn Fotoservice\Saturn Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\Saturn Fotoservice\Saturn Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Saturn Fotoservice] -- "C:\Program Files (x86)\Saturn Fotoservice\Saturn Fotoservice\Saturn Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C1C753-55E0-4164-A71D-3624FA36870E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{08FBD584-E9DA-42B0-B03D-901BEB76029A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{08FF5CA9-A7C1-45A7-A0C8-E20899B198EA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{0FB78D79-B012-46DD-BF40-7D40AE18F693}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{11022C34-B7C5-4A39-852B-6469833C889F}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port |
"{14342E1E-E758-4D05-ABF8-F8334CAD3C32}" = rport=139 | protocol=6 | dir=out | app=system |
"{27E89964-EF43-4748-90D0-0438E3952E7D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{5232C3B5-98AD-4BDF-BE97-B5E15C17A52C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5EAFBDE6-01A0-457F-8480-89D15C0E2C0A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{621B01E4-3D4D-4C51-83C9-5C73F9F990DF}" = lport=139 | protocol=6 | dir=in | app=system |
"{6A337210-9D2C-4EBD-91C1-08637204DE6E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6AF7350C-E8B8-4793-8CF9-E170DF7FD65F}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port |
"{6ECC7487-6355-4583-8DE2-B3334BA2C9EE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{71B49517-3461-460B-9259-6B62F0A1DC9A}" = lport=137 | protocol=17 | dir=in | app=system |
"{89B12867-B570-40BF-B205-4E0276211ED4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{90C657B6-61E3-4ACD-86E3-0E055B714C9E}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port |
"{90D89644-1FF6-437A-A1AB-499859A5E52E}" = rport=137 | protocol=17 | dir=out | app=system |
"{9D20EE2C-28C0-46A1-BE7A-1C2171BD6AD9}" = rport=445 | protocol=6 | dir=out | app=system |
"{9D47872D-032B-455C-82C7-4F11B9961491}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{A9C74BAA-BE5F-4DB2-843C-A65F5A19AB54}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ACA190A5-3EC5-4EA1-B19F-52E862DC802C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AE0D7653-2AAC-4D41-A08B-F0B52C04F7D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B4D6D88F-582D-4337-85A9-55DC080E43FF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E1B30A05-E7AF-4C3C-BCAB-81F3FA51382A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F425B16F-F39C-4F7B-833A-30369781EEE7}" = lport=138 | protocol=17 | dir=in | app=system |
"{F4D22AF2-9974-4E19-B152-150034B11609}" = lport=445 | protocol=6 | dir=in | app=system |
"{F85F7116-DDB0-49DC-A974-6FE58ECEC3DE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FCB31791-C535-4C49-8B28-D32579912C36}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FFC14B55-56B3-4214-838E-AD17ACA72510}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0065111C-562F-40E0-847F-56B95B1EB520}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{02D11ED0-6E0F-4655-816D-720936939494}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{06B2A73F-611A-4EA9-A806-614CAC75EC96}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0FE19DF2-A36F-4FE5-9222-3BB52C5D1E78}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{10E59A45-DE8A-42FE-96C5-033CA918E518}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1451AE0A-56A4-4E8F-8058-24EB5089E349}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{14C83036-F564-4ADB-8B72-CB61A53B6706}" = protocol=17 | dir=in | app=c:\ljp1100_p1560_p1600_full_solution\productinst64.exe |
"{2633DC1A-5D9D-4B2F-A43C-90B30108CD04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{265E8AFC-7B6A-4025-8024-42C817ED9D01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2C37F120-69C0-400D-9DCE-01709724B753}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{33E6E1B4-2B9D-4614-B0E6-C88EB7380F28}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{33F7EC75-4949-464A-B548-AA919E6F200E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{383DB608-8E39-4CA0-88B3-896F04875D92}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3BB43EBA-0121-4F84-A90B-5AF71BD86735}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe |
"{4163AF30-AD14-4A72-A044-6B228CB22779}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{41988E21-9BA2-4B6A-9E7E-8CCE0557CFE7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{49E53989-C386-4281-9868-579E95540875}" = protocol=17 | dir=in | app=c:\users\xxx\appdata\local\temp\nsuc012.tmp\sweetim_0307_y-d1264dfa.exe |
"{4BC57399-B218-4C11-B784-FFF888AAF275}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{4C664534-7106-413B-AA0C-67505455F2D0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{54AD3969-AD7C-4C95-8DC5-9A2CD3C6A7BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{62352C51-56E4-4EFF-8425-0CE7EB0E1F6A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6771451D-313F-4ACB-A0D1-A437D40CFFFB}" = protocol=6 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkystarter.exe |
"{6F470A5F-0345-475D-8928-4B026CF7878D}" = protocol=6 | dir=out | app=system |
"{87CB35AF-4F8F-4157-8937-ACB4297D2867}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8B626844-AB1D-45B7-B78C-7C7519775497}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkystarter.exe |
"{95A8B839-2D4F-4CBB-BF0C-1C9FC4084AF0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{96CB79F4-2D43-443C-83E6-018F5D9913A8}" = protocol=6 | dir=in | app=c:\ljp1100_p1560_p1600_full_solution\productinst64.exe |
"{98CA956C-14FB-4018-B62C-472842F33B45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B7F333A-6CCC-48EA-90F5-217FF0D440D3}" = protocol=6 | dir=in | app=c:\users\xxx\appdata\local\temp\nsuc012.tmp\sweetim_0307_y-d1264dfa.exe |
"{A0F1FDE9-EDB9-473B-A0B0-14B5A2A3D1C9}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{A28C1B85-B5D4-4669-9FB3-4F550CD0D0D6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{A51F77F3-3F8B-4D66-A635-52630744A533}" = protocol=17 | dir=in | app=c:\program files (x86)\twonky\twonkyserver\twonkyserver.exe |
"{A7D18DC3-A2B2-4A26-AF2B-A6FAF6CF1F12}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{ABDD64C2-D215-4FC4-8D95-103F36D427DB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ACF9C9CE-64FF-479B-B1C5-0656FD58EEED}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{AF3D4EC5-BB12-4EBD-A60A-98983EEF80B3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B1AD1F66-E5CF-470E-9BD2-AD9690E4D41E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B40650A1-C3F6-4692-AA8B-A7E512F7DFE9}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{BEDD66D0-2B4E-4496-8BCB-7A056A10849A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D33DF40F-164C-4381-90C2-707CB8B03FE7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3AF25A3-52BD-40A2-8ED2-EDEA8623BBC0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D7D32346-3DAF-4264-9FE4-614B6C76CE9C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DC68984B-6E3E-449F-876F-CC5ECA355C5D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E31CE3D2-CA5E-4438-9B5C-2C44D7F905AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E5FAA4B3-05AE-48F0-B068-39273E67E4EE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{E733C864-A0DE-4C3D-949E-AA50395A30B4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{ECF4FA3A-45F2-4E53-A5A9-6A2829A04D86}" = dir=in | app=c:\users\xxx\appdata\local\microsoft\skydrive\skydrive.exe |
"{F06DB4E7-DFF7-4500-A654-28C18B97A763}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{F18C24B0-0045-48FC-81E2-9452F1AA7374}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FACD7A7B-D0E3-405F-B061-ADF174112577}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FE254289-BB29-4D5E-A051-B41D5A10D6D0}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"TCP Query User{999BB7E9-A17B-4673-93A5-63FB9BDB7F25}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
"UDP Query User{3DD1F143-670D-44F9-98EC-24899E23AADB}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{627673ff-f4ea-43fd-893d-28fc6176fb2d}" = Gigaset QuickSync
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.74
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.74
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.74
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"AsMakeLink" = AsMakeLink
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PhotomatixEssentials3x64_is1" = Photomatix Essentials 64-bit version 3.1.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000AD938-EEBB-46F5-BD33-23CB34A57C54}" = Movie Maker
"{01944037-D136-45EE-A007-403EAD929FC7}" = Windows Live Writer
"{01ABAEC3-8F96-4D00-9672-E49AAFDC0685}" = Windows Live Writer Resources
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common
"{06EED60F-7FFC-43A7-936E-AA4A8BD948B4}" = Windows Live Writer
"{087D261B-73AE-4B8A-8F18-2EE80DD2ED8B}" = Фотоальбом
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = SonicMaster
"{0AD576A7-EDCE-469E-ADD7-1AC9DB200C6B}" = Windows Live Mail
"{0BC39E89-506A-4ADA-8924-27AEE2C97618}" = Windows Live Writer
"{0BFF2188-2D8E-4BE2-95D0-B3CCD4C6A0C9}" = Photo Common
"{0E1FE502-7536-4155-BBC6-7BE8E465DE08}" = Firebird SQL Server - MAGIX Edition
"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppP1100P1560P1600SeriesLaserJetService
"{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19AFD9A4-B584-41C8-91EA-38EB2FC1BD50}" = Windows Live Messenger
"{1D03A585-879D-45DB-B77A-C4D5A04E7286}" = Windows Live Family Safety
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2177152C-83DD-4540-B2F0-970F7303B7BA}" = Windows Live Writer Resources
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{241F87F6-CEA4-4493-B4EE-0973C6088FEC}" = Windows Live Family Safety
"{252D22BA-FD4A-48C0-A937-C0E0B799F1EF}" = Windows Live Family Safety
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E}" = Movie Maker
"{2AEAFC79-79E6-4784-9CF9-D9D82932BF88}" = Windows Live Family Safety
"{2B068A64-F867-44E9-8827-A795647C8730}" = Фотографии (общедоступная версия)
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}" = ACDSee Pro 5
"{373EF285-A2DC-44EB-8D79-18918F33CB3A}" = Windows Live Messenger
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3C41298B-A3F5-40C8-8BE3-A9A3F0644B0A}" = Windows Live Writer
"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D44D783-D027-4135-AC39-81E320ED2D3A}" = Windows Live Family Safety
"{3F459DA9-0D88-452E-97A4-5B69C8C8C6B5}" = Windows Live Family Safety
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43CCAC37-4E31-495F-9077-471E4E92DCEA}" = Windows Live Messenger
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{4555BB9E-E715-4260-A178-E8EFD2B653E3}" = Alcor Micro USB Card Reader
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{476C5E21-9418-4A76-80A3-0C6A470AC637}" = Windows Live Essentials
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5006FD66-7E9B-4F92-BD36-275AD7712348}" = معرض الصور
"{525E7EA7-481F-499D-A7F7-4682AC46A454}" = Movie Maker
"{5681FEA2-1CF8-461E-B611-55D2C50FC4EF}" = بريد Windows Live
"{5917D694-AFC3-46BF-8CAB-0DABAF9D6FCB}" = Windows Live UX Platform Language Pack
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5FE3BC4E-2BD5-4D6B-8BC4-640A42626AAD}" = Почта Windows Live
"{62BBCDDC-4979-4E59-9D97-5B8E874C3191}" = Movie Maker
"{631C4E4F-6FDC-4CC0-A067-E9876A9BA7FD}" = 影像中心
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{69FCA957-224F-4623-8BE0-6295CFB2C3E4}" = Windows Live Mail
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72DFDA9F-C07B-40B6-BA5C-C4C04AFF883D}" = Windows Live Family Safety
"{73669388-1011-4B57-A90F-8B0415093AB2}" = Windows Live Writer
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{794D971F-7EC1-4F71-A51C-773074CAB8DA}" = Windows Live Writer
"{79A1AF43-BD17-4A81-B38A-6D6535D3F377}" = Windows Live Writer
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{7C6A4E35-5EEE-426A-A7BF-EA95CDC54DEA}" = Music Now!
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8030AE22-7FA0-4880-A538-8906EDBF49F4}" = Windows Live Writer Resources
"{81CF4226-47C1-418C-8718-1B3ED2C37878}" = Windows Live Essentials
"{83C9377F-5ED1-4AD8-B113-7C876AEAF3AB}" = Windows Live Messenger
"{853F464A-B2B8-404E-BA3E-B98FF6862C41}" = hppusgP1100P1560P1600Series
"{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{87425773-10F4-4858-8CBF-465093FA43DE}" = Windows Live Mail
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8AAEB5A5-A397-46B6-8AF3-B6DC790C4E48}" = Windows Live Messenger
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E241C05-52BF-4862-AD1F-AAE465C0075B}" = Windows Live Mail
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{96914829-DF65-40AE-8A31-6F3E96BAEBBD}" = Windows Live Mail
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{989889A7-D13D-4DA4-B059-B250784DFABC}" = Photo Common
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4D3AFE-8679-4704-AA4C-BAB0E41870EF}" = Windows Live Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C60D080-84E7-43A5-8ECA-28253D253BD7}" = Windows Live Essentials
"{A0E4C4A6-1CC7-4442-8CAE-2D825B7BC1C1}" = Windows Live Writer Resources
"{A132CE8A-79EA-4BB5-9A24-4348B4DDD48A}" = Photo Common
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A19A8C25-272A-4CD6-8BA8-3772321A021B}" = Συλλογή φωτογραφιών
"{A58FCEF4-3191-466C-8949-0FFFFFB7631D}" = Windows Live Writer Resources
"{A5DC64EE-2FC4-4C35-9975-639DD8499369}" = Windows Live Family Safety
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{ADE1F206-1365-4B14-9A24-4B1A7DD58BAC}" = Windows Live UX Platform Language Pack
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{AECA3622-E634-4A55-A696-70A511CBE06E}" = ASUS USB Charger Plus
"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials
"{B27EDD14-869E-4A44-905A-5DE652F7278F}" = Windows Live Messenger
"{B306F739-A414-4698-BFAD-0AB23F73D14F}" = Windows Live Messenger
"{B328282C-DCE9-49B7-8B98-C08D9AA28C46}" = Windows Live Mail
"{B67B2671-2981-466B-BA14-25538AA871DC}" = Windows Live Messenger
"{B693A4C3-B708-4F25-978E-56CA2517914C}" = Windows Live UX Platform Language Pack
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B77D2795-23C0-4DBD-B7B5-CFB542D1FA3F}" = Windows Live Writer Resources
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{BE5FFB4F-FA58-48DF-BDA9-E7AE79DA9C3E}" = Windows Live Family Safety
"{BFA6D5AD-25EA-475F-AD80-ECD408C674AB}" = Movie Maker
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C40D110E-0718-4E11-A69B-D4EC7BF2EB04}" = Windows Live UX Platform Language Pack
"{C41A3B9E-A238-4E83-AD37-D1EDD1105F5A}" = Windows Live Writer
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4E8BC59-BD60-4B73-999B-758890DF4E62}" = Windows Live Writer Resources
"{C595F480-788A-4F8F-8277-1A91F32CA879}" = Windows Live Writer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C8BBA220-8549-462A-B411-1AF44DE098B5}" = Photo Common
"{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}" = ASUS FancyStart
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack
"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0F03C35-6196-4992-8621-6F390DFA9073}" = Windows Live Messenger
"{D16E0F0C-5D10-45CF-A585-CE3689B5A913}" = Windows Live Writer
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D4EA8070-20E0-4BAF-BC44-D166C292FEBE}" = Windows Live Writer Resources
"{D5082B89-2E86-447E-A02C-922534592FA8}" = Photo Common
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DB169E8F-5332-4DBF-B085-84AA2C373304}" = Windows Live Messenger
"{DD47370C-E0F1-407F-9DB0-3FF98907F1BC}" = ASUS Music Maker
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DF9A76D9-BBFA-483C-AD7F-7D6E7627AD0E}" = Windows Live Family Safety
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B5FDF0-6940-44B2-8204-CFA746A6B4AF}" = Movie Maker
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E37CD6E8-BC51-4D48-9840-803EC3B418D3}" = גלריית התמונות
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E570053D-8ABC-4938-9E23-C634E08E7490}" = Windows Live Mail
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E7AE39C6-B669-433F-A351-CA132C611310}" = Windows Live UX Platform Language Pack
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA2BE047-FF29-4336-BB70-6AF201085BAF}" = Windows Live 程式集
"{EA348D4B-FB4D-4449-8749-654CA51F56A6}" = Windows Live UX Platform Language Pack
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F54A07A9-9716-4094-9E79-F5E929679FFF}" = Windows Live Writer Resources
"{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14}" = Galeria de Fotografias
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{F7304CCF-B4A0-49C7-88A8-CD3F28FFBF9A}" = Основные компоненты Windows Live
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA75723A-BF4A-40A2-BFCB-BBC320C27DC9}" = Windows Live Mail
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FEFD91C5-A25D-48D9-89DA-0FB7BB8B3EF7}" = Windows Live Writer Resources
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"Anti-Twin 2012-03-23 11.35.37" = Anti-Twin (Installation 23.03.2012)
"Asus Vibe2.0" = AsusVibe2.0
"AsusScr_N5_En" = AsusScr_N5_En
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin (64 bit)
"DealPly" = DealPly (remove only)
"ElsterFormular" = ElsterFormular
"FreeCommander_is1" = FreeCommander 2009.02b
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{7C6A4E35-5EEE-426A-A7BF-EA95CDC54DEA}" = Music Now!
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"Lyrics@LyricsContainer.co" = LyricsContainer
"MAGIX_MSI_mm17_silver_asus" = ASUS Music Maker
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mp3tag" = Mp3tag v2.50
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"Plus-HD-1.6" = Plus-HD-1.6
"Prism" = Prism Videodatei-Konverter
"Revo Uninstaller" = Revo Uninstaller 1.93
"Saturn Fotoservice" = Saturn Fotoservice
"streamWriter_is1" = streamWriter
"TwonkyServer" = Twonky 7
"VideoPad" = VideoPad Videobearbeitungs-Software
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WsysControl" = Wsys Control 1.0.0.2539
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2528993004.portal.qtrax.com" = Qtrax Player
"Dealply" = Dealply
"Qtrax" = Qtrax
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.12.2012 15:56:51 | Computer Name = Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ACDSeePro5.exe, Version: 5.2.157.0,
Zeitstempel: 0x4f755eba Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x1e94 Startzeit der fehlerhaften Anwendung: 0x01cde07e3105cbce Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeePro5.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: b99fcb74-4c71-11e2-927d-742f68e36d21
Error - 22.12.2012 16:27:18 | Computer Name = Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.12.2012 16:27:18 | Computer Name = Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2496
Error - 22.12.2012 16:27:18 | Computer Name = Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2496
Error - 22.12.2012 16:27:22 | Computer Name = Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 22.12.2012 16:27:22 | Computer Name = Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6490
Error - 22.12.2012 16:27:22 | Computer Name = Notebook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6490
Error - 22.12.2012 16:40:47 | Computer Name = Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ACDSeePro5.exe, Version: 5.2.157.0,
Zeitstempel: 0x4f755eba Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften
Prozesses: 0x1ce4 Startzeit der fehlerhaften Anwendung: 0x01cde08495b9bc98 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeePro5.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: dce7a36d-4c77-11e2-927d-742f68e36d21
Error - 23.12.2012 07:25:56 | Computer Name = Notebook | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\Tools\freecommander\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\Tools\freecommander\DelZip179.dll" in Zeile 8. Der Wert
"*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 27.12.2012 09:41:38 | Computer Name = Notebook | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\Tools\freecommander\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\Tools\freecommander\DelZip179.dll" in Zeile 8. Der Wert
"*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
[ System Events ]
Error - 13.07.2013 12:57:25 | Computer Name = Notebook | Source = Application Popup | ID = 86
Description = Für ein Dateiobjekt mit wartendem Löschvorgang wurde ein Vorgang angefordert,
der kein Schließvorgang ist.
Error - 13.07.2013 12:57:25 | Computer Name = Notebook | Source = Application Popup | ID = 86
Description = Für ein Dateiobjekt mit wartendem Löschvorgang wurde ein Vorgang angefordert,
der kein Schließvorgang ist.
Error - 14.07.2013 10:07:59 | Computer Name = Notebook | Source = Service Control Manager | ID = 7003
Description = Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64.
Dieser Dienst ist eventuell nicht installiert.
Error - 14.07.2013 10:09:19 | Computer Name = Notebook | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Wsys Service" wurde nicht richtig gestartet.
Error - 14.07.2013 11:34:18 | Computer Name = Notebook | Source = Service Control Manager | ID = 7003
Description = Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64.
Dieser Dienst ist eventuell nicht installiert.
Error - 14.07.2013 11:35:43 | Computer Name = Notebook | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Wsys Service" wurde nicht richtig gestartet.
Error - 14.07.2013 17:00:09 | Computer Name = Notebook | Source = Service Control Manager | ID = 7003
Description = Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64.
Dieser Dienst ist eventuell nicht installiert.
Error - 14.07.2013 17:01:36 | Computer Name = Notebook | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Wsys Service" wurde nicht richtig gestartet.
Error - 15.07.2013 13:15:21 | Computer Name = Notebook | Source = Service Control Manager | ID = 7003
Description = Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64.
Dieser Dienst ist eventuell nicht installiert.
Error - 15.07.2013 13:16:41 | Computer Name = Notebook | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Wsys Service" wurde nicht richtig gestartet.
< End of report >
|
|
16.07.2013, 13:38
| #4 |
| | QVO6.COM wird durch MS IE immer aufgerufen GMER Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-15 20:53:58
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB
Running: 3 gmer_2.1.19163 desktop.exe; Driver: C:\Users\xxx~1\AppData\Local\Temp\fxtdqpow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a1efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a499b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a594d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077a59640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077a7a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdca9940 6 bytes JMP 000007fffdc90148
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffdc90228
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1372] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffdc90260
.text C:\ProgramData\eSafe\eGdpSvc.exe[1616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\ProgramData\eSafe\eGdpSvc.exe[1616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
.text C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a1efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a499b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a594d0 5 bytes JMP 000000016fff0180
.text C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077a59640 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077a7a500 7 bytes JMP 000000016fff01b8
.text C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdca9940 6 bytes JMP 000007fffdc90148
.text C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffdc90228
.text C:\Windows\system32\taskeng.exe[1856] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffdc90260
.text C:\Windows\system32\taskeng.exe[1444] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text C:\Windows\system32\taskeng.exe[1444] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdca9940 6 bytes JMP 000007fffdc90148
.text C:\Windows\system32\taskeng.exe[1444] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text C:\Windows\system32\taskeng.exe[1444] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text C:\Windows\system32\taskeng.exe[1444] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text C:\Windows\system32\taskeng.exe[1444] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text C:\Windows\system32\taskeng.exe[1444] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text C:\Windows\system32\taskeng.exe[1444] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text C:\Windows\system32\taskeng.exe[1444] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffdc90228
.text C:\Windows\system32\taskeng.exe[1444] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffdc90260
.text C:\Windows\SysWOW64\ACEngSvr.exe[2100] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text C:\Windows\SysWOW64\ACEngSvr.exe[2100] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdca9940 6 bytes JMP 000007fffdc90148
.text C:\Windows\SysWOW64\ACEngSvr.exe[2100] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text C:\Windows\SysWOW64\ACEngSvr.exe[2100] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text C:\Windows\SysWOW64\ACEngSvr.exe[2100] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text C:\Windows\SysWOW64\ACEngSvr.exe[2100] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text C:\Windows\SysWOW64\ACEngSvr.exe[2100] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text C:\Windows\SysWOW64\ACEngSvr.exe[2100] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text C:\Windows\SysWOW64\ACEngSvr.exe[2100] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffdc90228
.text C:\Windows\SysWOW64\ACEngSvr.exe[2100] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffdc90260
.text C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000777f1429 7 bytes JMP 00000001755a1e90
.text C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007780b223 5 bytes JMP 00000001755a1da0
.text C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000778888f4 7 bytes JMP 00000001755a1d90
.text C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077888979 5 bytes JMP 00000001755a1e80
.text C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077888ccf 5 bytes JMP 00000001755a1e10
.text C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000774b1d1b 5 bytes JMP 00000001755a2490
.text C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000774b2aa4 5 bytes JMP 00000001755a2560
.text C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000769de9a2 5 bytes JMP 00000001755a1a00
.text C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000769debdc 5 bytes JMP 00000001755a1a90
.text C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077539d0b 5 bytes JMP 00000001755a1c70
.text C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\Windows\AsScrPro.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000777f1429 7 bytes JMP 00000001755a1e90
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007780b223 5 bytes JMP 00000001755a1da0
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000778888f4 7 bytes JMP 00000001755a1d90
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077888979 5 bytes JMP 00000001755a1e80
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077888ccf 5 bytes JMP 00000001755a1e10
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000774b1d1b 5 bytes JMP 00000001755a2490
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000774b2aa4 5 bytes JMP 00000001755a2560
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000769de9a2 5 bytes JMP 00000001755a1a00
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000769debdc 5 bytes JMP 00000001755a1a90
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2240] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077539d0b 5 bytes JMP 00000001755a1c70
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000777f1429 7 bytes JMP 00000001755a1e90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007780b223 5 bytes JMP 00000001755a1da0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000778888f4 7 bytes JMP 00000001755a1d90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077888979 5 bytes JMP 00000001755a1e80
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077888ccf 5 bytes JMP 00000001755a1e10
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000774b1d1b 5 bytes JMP 00000001755a2490
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000774b2aa4 5 bytes JMP 00000001755a2560
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000769de9a2 5 bytes JMP 00000001755a1a00
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000769debdc 5 bytes JMP 00000001755a1a90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2276] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077539d0b 5 bytes JMP 00000001755a1c70
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a1efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a499b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a594d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077a59640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077a7a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdca9940 6 bytes JMP 000007fffdc90148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffdc90228
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2320] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffdc90260
.text C:\Windows\system32\Dwm.exe[2548] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text C:\Windows\system32\Dwm.exe[2548] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdca9940 6 bytes JMP 000007fffdc90148
.text C:\Windows\system32\Dwm.exe[2548] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text C:\Windows\system32\Dwm.exe[2548] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text C:\Windows\system32\Dwm.exe[2548] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text C:\Windows\system32\Dwm.exe[2548] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text C:\Windows\system32\Dwm.exe[2548] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text C:\Windows\system32\Dwm.exe[2548] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a1efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a499b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a594d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077a59640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077a7a500 7 bytes JMP 000000016fff01b8
.text C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdca9940 6 bytes JMP 000007fffdc90148
.text C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffdc90228
.text C:\Windows\System32\igfxpers.exe[2748] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffdc90260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a1efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a499b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a594d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077a59640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077a7a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdca9940 6 bytes JMP 000007fffdc90148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffdc90228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffdc90260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2772] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a1efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a499b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a594d0 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077a59640 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077a7a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdca9940 6 bytes JMP 000007fffdc90148
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffdc90228
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2784] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffdc90260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a1efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a499b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a594d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077a59640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077a7a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdca9940 6 bytes JMP 000007fffdc90148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffdc90228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2844] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffdc90260
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a1efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a499b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a594d0 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077a59640 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077a7a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdca9940 6 bytes JMP 000007fffdc90148
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffdc90228
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2924] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffdc90260
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 0000000077a1efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077a499b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077a594d0 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077a59640 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077a7a500 7 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdca9940 6 bytes JMP 000007fffdc90148
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\ole32.dll!CoCreateInstance 000007feff877490 11 bytes JMP 000007fffdc90228
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3008] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff88bf00 7 bytes JMP 000007fffdc90260
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000777f1429 7 bytes JMP 00000001755a1e90
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007780b223 5 bytes JMP 00000001755a1da0
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000778888f4 7 bytes JMP 00000001755a1d90
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077888979 5 bytes JMP 00000001755a1e80
.text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1956] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077888ccf 5 bytes JMP 00000001755a1e10
.text C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000777f1429 7 bytes JMP 00000001755a1e90
.text C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007780b223 5 bytes JMP 00000001755a1da0
.text C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000778888f4 7 bytes JMP 00000001755a1d90
.text C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077888979 5 bytes JMP 00000001755a1e80
.text C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077888ccf 5 bytes JMP 00000001755a1e10
.text C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000774b1d1b 5 bytes JMP 00000001755a2490
.text C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000774b2aa4 5 bytes JMP 00000001755a2560
.text C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000769de9a2 5 bytes JMP 00000001755a1a00
.text C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000769debdc 5 bytes JMP 00000001755a1a90
.text C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe[2732] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077539d0b 5 bytes JMP 00000001755a1c70
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000777f1429 7 bytes JMP 00000001755a1e90
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007780b223 5 bytes JMP 00000001755a1da0
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000778888f4 7 bytes JMP 00000001755a1d90
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077888979 5 bytes JMP 00000001755a1e80
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077888ccf 5 bytes JMP 00000001755a1e10
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000774b1d1b 5 bytes JMP 00000001755a2490
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000774b2aa4 5 bytes JMP 00000001755a2560
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077539d0b 5 bytes JMP 00000001755a1c70
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000769de9a2 5 bytes JMP 00000001755a1a00
.text C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe[2256] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000769debdc 5 bytes JMP 00000001755a1a90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000777f1429 7 bytes JMP 00000001755a1e90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007780b223 5 bytes JMP 00000001755a1da0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000778888f4 7 bytes JMP 00000001755a1d90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077888979 5 bytes JMP 00000001755a1e80
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077888ccf 5 bytes JMP 00000001755a1e10
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000774b1d1b 5 bytes JMP 00000001755a2490
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000774b2aa4 5 bytes JMP 00000001755a2560
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000769de9a2 5 bytes JMP 00000001755a1a00
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000769debdc 5 bytes JMP 00000001755a1a90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[2948] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077539d0b 5 bytes JMP 00000001755a1c70
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000777f1429 7 bytes JMP 00000001755a1e90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007780b223 5 bytes JMP 00000001755a1da0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000778888f4 7 bytes JMP 00000001755a1d90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077888979 5 bytes JMP 00000001755a1e80
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077888ccf 5 bytes JMP 00000001755a1e10
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000774b1d1b 5 bytes JMP 00000001755a2490
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000774b2aa4 5 bytes JMP 00000001755a2560
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000769de9a2 5 bytes JMP 00000001755a1a00
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000769debdc 5 bytes JMP 00000001755a1a90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[3076] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077539d0b 5 bytes JMP 00000001755a1c70
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000777f1429 7 bytes JMP 00000001755a1e90
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007780b223 5 bytes JMP 00000001755a1da0
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000778888f4 7 bytes JMP 00000001755a1d90
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077888979 5 bytes JMP 00000001755a1e80
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077888ccf 5 bytes JMP 00000001755a1e10
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000774b1d1b 5 bytes JMP 00000001755a2490
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000774b2aa4 5 bytes JMP 00000001755a2560
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000769de9a2 5 bytes JMP 00000001755a1a00
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000769debdc 5 bytes JMP 00000001755a1a90
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text C:\Program Files (x86)\CyberLink\Shared files\brs.exe[3112] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077539d0b 5 bytes JMP 00000001755a1c70
.text C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000777f1429 7 bytes JMP 00000001755a1e90
.text C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007780b223 5 bytes JMP 00000001755a1da0
.text C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000778888f4 7 bytes JMP 00000001755a1d90
.text C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077888979 5 bytes JMP 00000001755a1e80
.text C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077888ccf 5 bytes JMP 00000001755a1e10
.text C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000774b1d1b 5 bytes JMP 00000001755a2490
.text C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000774b2aa4 5 bytes JMP 00000001755a2560
.text C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000769de9a2 5 bytes JMP 00000001755a1a00
.text C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe[3244] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000769debdc 5 bytes JMP 00000001755a1a90
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000777f1429 7 bytes JMP 00000001755a1e90
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007780b223 5 bytes JMP 00000001755a1da0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000778888f4 7 bytes JMP 00000001755a1d90
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077888979 5 bytes JMP 00000001755a1e80
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077888ccf 5 bytes JMP 00000001755a1e10
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000774b1d1b 5 bytes JMP 00000001755a2490
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000774b2aa4 5 bytes JMP 00000001755a2560
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000769de9a2 5 bytes JMP 00000001755a1a00
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000769debdc 5 bytes JMP 00000001755a1a90
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3504] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077539d0b 5 bytes JMP 00000001755a1c70
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000777f1429 7 bytes JMP 00000001755a1e90
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007780b223 5 bytes JMP 00000001755a1da0
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000778888f4 7 bytes JMP 00000001755a1d90
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077888979 5 bytes JMP 00000001755a1e80
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077888ccf 5 bytes JMP 00000001755a1e10
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000774b1d1b 5 bytes JMP 00000001755a2490
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000774b2aa4 5 bytes JMP 00000001755a2560
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000769de9a2 5 bytes JMP 00000001755a1a00
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000769debdc 5 bytes JMP 00000001755a1a90
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe[4152] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077539d0b 5 bytes JMP 00000001755a1c70
.text C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[4752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
.text C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe[4836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
.text C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe[5428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000777f1429 7 bytes JMP 00000001755a1e90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007780b223 5 bytes JMP 00000001755a1da0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000778888f4 7 bytes JMP 00000001755a1d90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077888979 5 bytes JMP 00000001755a1e80
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077888ccf 5 bytes JMP 00000001755a1e10
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000774b1d1b 5 bytes JMP 00000001755a2490
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000774b2aa4 5 bytes JMP 00000001755a2560
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000769de9a2 5 bytes JMP 00000001755a1a00
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000769debdc 5 bytes JMP 00000001755a1a90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[4352] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077539d0b 5 bytes JMP 00000001755a1c70
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000777f1429 7 bytes JMP 00000001755a1e90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007780b223 5 bytes JMP 00000001755a1da0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000778888f4 7 bytes JMP 00000001755a1d90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077888979 5 bytes JMP 00000001755a1e80
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077888ccf 5 bytes JMP 00000001755a1e10
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000774b1d1b 5 bytes JMP 00000001755a2490
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000774b2aa4 5 bytes JMP 00000001755a2560
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000769de9a2 5 bytes JMP 00000001755a1a00
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000769debdc 5 bytes JMP 00000001755a1a90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4348] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077539d0b 5 bytes JMP 00000001755a1c70
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000777f1429 7 bytes JMP 00000001755a1e90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007780b223 5 bytes JMP 00000001755a1da0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000778888f4 7 bytes JMP 00000001755a1d90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077888979 5 bytes JMP 00000001755a1e80
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077888ccf 5 bytes JMP 00000001755a1e10
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000774b1d1b 5 bytes JMP 00000001755a2490
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000774b2aa4 5 bytes JMP 00000001755a2560
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000769de9a2 5 bytes JMP 00000001755a1a00
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000769debdc 5 bytes JMP 00000001755a1a90
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000077505ea5 5 bytes JMP 00000001755a1ce0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4404] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000077539d0b 5 bytes JMP 00000001755a1c70
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6472] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefdca3460 7 bytes JMP 000007fffdc900d8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6472] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefdca9940 6 bytes JMP 000007fffdc90148
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6472] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefdca9fb0 5 bytes JMP 000007fffdc90180
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6472] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefdcaa150 5 bytes JMP 000007fffdc90110
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6472] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefe1089e0 3 bytes JMP 000007fffdc901f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6472] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo + 4 000007fefe1089e4 4 bytes [FF, CC, CC, CC]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6472] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefe10be40 3 bytes JMP 000007fffdc901b8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6472] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList + 4 000007fefe10be44 4 bytes [FF, CC, CC, CC]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c61465 2 bytes [C6, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5480] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c614bb 2 bytes [C6, 76]
.text ... * 2
.text C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000777f1429 7 bytes JMP 00000001755a1e90
.text C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007780b223 5 bytes JMP 00000001755a1da0
.text C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000778888f4 7 bytes JMP 00000001755a1d90
.text C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077888979 5 bytes JMP 00000001755a1e80
.text C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077888ccf 5 bytes JMP 00000001755a1e10
.text C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000774b1d1b 5 bytes JMP 00000001755a2490
.text C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000774b1dc9 5 bytes JMP 00000001755a24f0
.text C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000774b2aa4 5 bytes JMP 00000001755a2560
.text C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000774b2d0a 5 bytes JMP 00000001755a26b0
.text C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000769de9a2 5 bytes JMP 00000001755a1a00
.text C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe[3960] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000769debdc 5 bytes JMP 00000001755a1a90
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [2076:1932] 000007fef0599688
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5252:5528] 000007fefbc92a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5252:7112] 000007fef0ddd618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5252:5084] 000007fef0d79730
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5252:4580] 000007fef0ddd618
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68e36d21
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f68e36d21@0007614b1f7a 0x0F 0x1C 0x8D 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68e36d21 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f68e36d21@0007614b1f7a 0x0F 0x1C 0x8D 0x7C ...
---- EOF - GMER 2.1 ----
|
|
16.07.2013, 13:43
| #5 |
| /// the machine /// TB-Ausbilder | QVO6.COM wird durch MS IE immer aufgerufen FRST bitte noch 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.07.2013, 21:59
| #6 |
| | QVO6.COM wird durch MS IE immer aufgerufen FRST.TXT Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-07-2013 03 Ran by Siemering at 2013-07-16 22:54:37 Running from C:\Users\xxx\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= ACDSee Pro 5 (x32 Version: 5.2.157) Adobe Flash Player 10 Plugin (x32 Version: 10.0.32.18) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) akeLink Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443) Anti-Twin (Installation 23.03.2012) (x32) Apple Application Support (x32 Version: 2.1.7) Apple Mobile Device Support (Version: 5.1.1.4) Apple Software Update (x32 Version: 2.1.3.127) Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.12.5.0) ASUS AI Recovery (x32 Version: 1.0.24) ASUS FancyStart (x32 Version: 1.1.1) ASUS LifeFrame3 (x32 Version: 3.0.22) ASUS Live Update (x32 Version: 2.5.9) ASUS Music Maker (x32 Version: 17.0.2.22) ASUS Power4Gear Hybrid (Version: 1.1.43) ASUS SmartLogon (x32 Version: 1.0.0011) ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0031) ASUS USB Charger Plus (x32 Version: 2.0.3) ASUS Video Magic (x32 Version: 6.0.4710) ASUS Virtual Camera (x32 Version: 1.0.21) AsusScr_N5_En (x32 Version: 1.0.0001) AsusVibe2.0 (x32 Version: 2.0.4.617) Atheros Client Installation Program (x32 Version: 7.0) ATK Package (x32 Version: 1.0.0010) Audiograbber 1.83 SE (x32 Version: 1.83 SE ) Audiograbber MP3-Plugin (64 bit) (x32 Version: 1.0) Bluetooth Win7 Suite (64) (Version: 7.2.0.65) Bonjour (Version: 3.0.0.10) CDBurnerXP (x32 Version: 4.4.2.3442) CyberLink LabelPrint (x32 Version: 2.5.1908) CyberLink Power2Go (x32 Version: 6.1.3602c) CyberLink PowerDirector (x32 Version: 8.0.3327) CyberLink PowerDVD 10 (x32 Version: 10.0.3122.52) D3DX10 (x32 Version: 15.4.2368.0902) Dealply (HKCU) DealPly (remove only) (x32 Version: 4.8.6.6) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) ElsterFormular (x32 Version: 13.4.1.10296) Fast Boot (Version: 1.0.9) Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.29.0) Fotogalerie (x32 Version: 16.4.3505.0912) FreeCommander 2009.02b (x32 Version: 2009.02) Galeria de Fotografias (x32 Version: 16.4.3505.0912) Galería de fotos (x32 Version: 16.4.3505.0912) Galerie de photos (x32 Version: 16.4.3505.0912) Gigaset QuickSync (Version: 8.0.0856.1) Google Chrome (x32 Version: 28.0.1500.72) Google Earth Plug-in (x32 Version: 7.0.3.8542) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358) Google Update Helper (x32 Version: 1.3.21.153) HP LaserJet Professional P1100-P1560-P1600 Series hppLaserJetService (x32 Version: 001.001.0.0) hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0) hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1) HPSSupply (x32 Version: 2.1.1.0000) InstantOn for NB (x32 Version: 2.1.2) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Management Engine Components (x32 Version: 7.0.0.1118) Intel(R) Processor Graphics (x32 Version: 8.15.10.2405) Intel(R) Turbo Boost Technology Monitor (Version: 1.0.400.4) iTunes (Version: 10.6.0.40) Junk Mail filter update (x32 Version: 16.4.3505.0912) Kaspersky Anti-Virus 2012 (x32 Version: 12.0.0.374) LyricsContainer (x32) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) MarketResearch (x32 Version: 130.0.374.000) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SkyDrive (HKCU Version: 16.4.6013.0910) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Movie Maker (x32 Version: 16.4.3505.0912) Mp3tag v2.50 (x32 Version: v2.50) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Music Now! (x32 Version: 1.0.9.0) Nikon Message Center (x32 Version: 0.92.000) Nikon Transfer (x32 Version: 1.1.1) NVIDIA 3D Vision Driver 268.74 (Version: 268.74) NVIDIA Control Panel 268.74 (Version: 268.74) NVIDIA Graphics Driver 268.74 (Version: 268.74) NVIDIA HD Audio Driver 1.2.22.1 (Version: 1.2.22.1) NVIDIA Install Application (Version: 2.265.41.0) NVIDIA Optimus 1.0.23 (Version: 1.0.23) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6874) NVIDIA Update Components (Version: 1.0.23) Photo Common (x32 Version: 16.4.3505.0912) Photo Gallery (x32 Version: 16.4.3505.0912) Photomatix Essentials 64-bit version 3.1.1 (Version: 3.1.1) Picasa 3 (x32 Version: 3.8) Plus-HD-1.6 (x32 Version: 1.27.153.8) Prism Videodatei-Konverter (x32) Qtrax (HKCU Version: 20.13.06.24) Qtrax Player (HKCU) Raccolta foto (x32 Version: 16.4.3505.0912) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6413) Revo Uninstaller 1.93 (x32 Version: 1.93) SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0) Saturn Fotoservice (x32 Version: 5.0.4) SonicMaster (x32 Version: 1.0.0.4) streamWriter (x32) Synaptics Pointing Device Driver (Version: 15.3.6.0) syncables desktop SE (x32 Version: 5.5.746.11492) Twonky 7 (x32 Version: 7.1.2.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft Office 2010 (KB2494150) (x32) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553092) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) VideoPad Videobearbeitungs-Software (x32) WebCake 3.00 (Version: 3.00) Winamp (x32 Version: 5.623 ) Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1) Windows Live Communications Platform (x32 Version: 16.4.3505.0912) Windows Live Essentials (x32 Version: 16.4.3505.0912) Windows Live Family Safety (Version: 16.4.3505.0912) Windows Live Family Safety (x32 Version: 16.4.3505.0912) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (x32 Version: 16.4.3505.0912) Windows Live Mail (x32 Version: 16.4.3505.0912) Windows Live Messenger (x32 Version: 16.4.3505.0912) Windows Live MIME IFilter (Version: 16.4.3505.0912) Windows Live Photo Common (x32 Version: 16.4.3505.0912) Windows Live PIMT Platform (x32 Version: 16.4.3505.0912) Windows Live SOXE (x32 Version: 16.4.3505.0912) Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912) Windows Live UX Platform (x32 Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912) Windows Live Writer (x32 Version: 16.4.3505.0912) Windows Live Writer Resources (x32 Version: 16.4.3505.0912) Windows Live 程式集 (x32 Version: 16.4.3505.0912) WinFlash (x32 Version: 2.31.1) Wireless Console 3 (x32 Version: 3.0.19) Wsys Control 1.0.0.2539 (x32 Version: 1.0.0.2539) Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912) Основные компоненты Windows Live (x32 Version: 16.4.3505.0912) Почта Windows Live (x32 Version: 16.4.3505.0912) Фотоальбом (x32 Version: 16.4.3505.0912) Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912) גלריית התמונות (x32 Version: 16.4.3505.0912) بريد Windows Live (x32 Version: 16.4.3505.0912) معرض الصور (x32 Version: 16.4.3505.0912) 影像中心 (x32 Version: 16.4.3505.0912) ==================== Restore Points ========================= 29-06-2013 17:10:13 Windows Update 03-07-2013 12:47:43 Windows Update 03-07-2013 13:24:35 Windows Update 03-07-2013 20:35:30 Windows Update 12-07-2013 22:24:58 Windows Update 12-07-2013 22:38:00 Windows Update 14-07-2013 21:24:29 Removed Internet Explorer Toolbar 4.9 by SweetPacks ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0F878681-35E4-444F-B3BF-A3145F2B0A5F} - System32\Tasks\LyricsContainer Update => C:\Program Files (x86)\LyricsContainer\LrcsCtrUpdr.exe [2013-07-08] (RYD Software) Task: {18387617-6EB2-4EF7-8A9F-68E875C70382} - System32\Tasks\Plus-HD-1.6-codedownloader => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe [2013-07-14] (Plus HD) Task: {1D667096-8482-4EA4-8A91-567CE3E5D246} - System32\Tasks\DealPlyUpdate => C:\Program No File Task: {1DA69E7F-EDCB-499B-82DF-5C78D95CB117} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS) Task: {42DEA711-8B2F-4861-A18D-2CF9AEC5CDE0} - System32\Tasks\USBChargerPlus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2011-06-30] (ASUSTek Computer Inc.) Task: {504216D4-8E67-441B-981C-8D77969D8638} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated) Task: {611C23BE-BB80-4822-8D96-590CFF7EB529} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS) Task: {62E8CE4D-3FC6-4B08-96F9-B60B45E10802} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] () Task: {6B777E35-5966-4345-B850-0365437A137B} - System32\Tasks\NCH Software\videopadShakeIcon => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [2013-07-13] (NCH Software) Task: {6E94109F-2AF3-4419-A80B-C63B2B3DDAD9} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS) Task: {7B4C7171-E3A0-4C45-9D55-1B81B8288ADF} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {7F0901EE-0C75-4B06-9AAC-E5F79D981AE5} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe No File Task: {7F2B3B36-39EE-4DBD-B605-A844A9F68A6D} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS) Task: {9C22813A-BF70-409A-9638-26AFAB8EBE57} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1038504468-1263906284-4239949246-1002 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {9CCA9DB4-ACF2-4C0E-A89C-735E94390DFF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: {9F907014-6D8A-40ED-AF2C-6D7FAC507E6E} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe No File Task: {A1B339F7-738C-410D-AE56-9F5555C4CCE8} - System32\Tasks\NCH Software\videopadSevenDays => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [2013-07-13] (NCH Software) Task: {B31C0C03-924E-4D49-AC4A-E928DF7ECDFD} - System32\Tasks\Plus-HD-1.6-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe [2013-07-14] (Plus HD) Task: {C6B88561-4648-4249-9E00-431A2F0BCD71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27] (Google Inc.) Task: {CEBCBBC3-BB28-4A7B-94AD-30123FC978B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27] (Google Inc.) Task: {D02FCF48-91BA-424B-89AD-30C91DFD2D45} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {DBD9B0F2-9794-4B7F-A066-F6043D403F8E} - System32\Tasks\Plus-HD-1.6-enabler => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe [2013-07-14] (Plus HD) Task: {E9FE1CC5-0C9D-47B6-845D-DEE936689AF5} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {EA6CA77E-0AD5-4F13-9A77-63ADA5B92841} - System32\Tasks\Plus-HD-1.6-updater => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe [2013-07-14] (Plus HD) Task: {F3E58099-D38B-4FE3-AC42-318231512A39} - System32\Tasks\Dealply => C:\Users\SIEMER~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE [2013-07-13] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Dealply.job => ? Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\LyricsContainer Update.job => C:\Program Files (x86)\LyricsContainer\LrcsCtrUpdr.exe Task: C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe Task: C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe Task: C:\Windows\Tasks\Plus-HD-1.6-enabler.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe Task: C:\Windows\Tasks\Plus-HD-1.6-updater.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/15/2013 03:27:35 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error: (07/14/2013 01:14:52 AM) (Source: MsiInstaller) (User: NOTEBOOK) Description: Product: Internet Explorer Toolbar 4.9 by SweetPacks -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance. Error: (07/14/2013 01:14:25 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: notification.exe, Version: 0.0.0.0, Zeitstempel: 0x51cda4f4 Name des fehlerhaften Moduls: notification.exe, Version: 0.0.0.0, Zeitstempel: 0x51cda4f4 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000030e2 ID des fehlerhaften Prozesses: 0x277c Startzeit der fehlerhaften Anwendung: 0xnotification.exe0 Pfad der fehlerhaften Anwendung: notification.exe1 Pfad des fehlerhaften Moduls: notification.exe2 Berichtskennung: notification.exe3 Error: (07/13/2013 10:28:50 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6240 Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6240 Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/13/2013 05:24:04 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: ACDSeePro5.exe, Version: 5.2.157.0, Zeitstempel: 0x4f755eba Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften Prozesses: 0x9f4 Startzeit der fehlerhaften Anwendung: 0xACDSeePro5.exe0 Pfad der fehlerhaften Anwendung: ACDSeePro5.exe1 Pfad des fehlerhaften Moduls: ACDSeePro5.exe2 Berichtskennung: ACDSeePro5.exe3 Error: (07/13/2013 04:06:14 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (07/13/2013 03:47:09 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1965 System errors: ============= Error: (07/16/2013 10:43:31 PM) (Source: NetBT) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.247 registriert werden. Der Computer mit IP-Adresse 10.0.0.130 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (07/16/2013 09:30:46 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet. Error: (07/16/2013 09:29:21 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert. Error: (07/15/2013 07:16:41 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet. Error: (07/15/2013 07:15:21 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert. Error: (07/14/2013 11:01:36 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet. Error: (07/14/2013 11:00:09 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert. Error: (07/14/2013 05:35:43 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet. Error: (07/14/2013 05:34:18 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert. Error: (07/14/2013 04:09:19 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet. Microsoft Office Sessions: ========================= Error: (07/15/2013 03:27:35 AM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\Tools\freecommander\DelZip179.dllc:\program files (x86)\Tools\freecommander\DelZip179.dll8 Error: (07/14/2013 01:14:52 AM) (Source: MsiInstaller)(User: NOTEBOOK) Description: Product: Internet Explorer Toolbar 4.9 by SweetPacks -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/14/2013 01:14:25 AM) (Source: Application Error)(User: ) Description: notification.exe0.0.0.051cda4f4notification.exe0.0.0.051cda4f4c0000005000030e2277c01ce801eb426cfe9C:\Users\Siemering\Qtrax\Player\notification.exeC:\Users\Siemering\Qtrax\Player\notification.exef4ef8b6e-ec11-11e2-978c-742f68e36d21 Error: (07/13/2013 10:28:50 PM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\Tools\freecommander\DelZip179.dllc:\program files (x86)\Tools\freecommander\DelZip179.dll8 Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6240 Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6240 Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/13/2013 05:24:04 PM) (Source: Application Error)(User: ) Description: ACDSeePro5.exe5.2.157.04f755ebantdll.dll6.1.7601.177254ec49b8fc0000374000ce6c39f401ce7fbd71c7cfa7C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeePro5.exeC:\Windows\SysWOW64\ntdll.dll401e513e-ebd0-11e2-978c-742f68e36d21 Error: (07/13/2013 04:06:14 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Siemering\Downloads\SoftonicDownloader_for_volume-control.exe Error: (07/13/2013 03:47:09 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1965 ==================== Memory info =========================== Percentage of memory in use: 30% Total physical RAM: 8096.05 MB Available physical RAM: 5663.23 MB Total Pagefile: 16190.29 MB Available Pagefile: 13526.02 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:305.67 GB) (Free:188.71 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:367.97 GB) (Free:154.03 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: A383324B) Partition 1: (Not Active) - (Size=25 GB) - (Type=1C) Partition 2: (Active) - (Size=306 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-07-2013 03 Ran by Siemering at 2013-07-16 22:54:37 Running from C:\Users\Siemering\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= ACDSee Pro 5 (x32 Version: 5.2.157) Adobe Flash Player 10 Plugin (x32 Version: 10.0.32.18) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) akeLink Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443) Anti-Twin (Installation 23.03.2012) (x32) Apple Application Support (x32 Version: 2.1.7) Apple Mobile Device Support (Version: 5.1.1.4) Apple Software Update (x32 Version: 2.1.3.127) Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.12.5.0) ASUS AI Recovery (x32 Version: 1.0.24) ASUS FancyStart (x32 Version: 1.1.1) ASUS LifeFrame3 (x32 Version: 3.0.22) ASUS Live Update (x32 Version: 2.5.9) ASUS Music Maker (x32 Version: 17.0.2.22) ASUS Power4Gear Hybrid (Version: 1.1.43) ASUS SmartLogon (x32 Version: 1.0.0011) ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0031) ASUS USB Charger Plus (x32 Version: 2.0.3) ASUS Video Magic (x32 Version: 6.0.4710) ASUS Virtual Camera (x32 Version: 1.0.21) AsusScr_N5_En (x32 Version: 1.0.0001) AsusVibe2.0 (x32 Version: 2.0.4.617) Atheros Client Installation Program (x32 Version: 7.0) ATK Package (x32 Version: 1.0.0010) Audiograbber 1.83 SE (x32 Version: 1.83 SE ) Audiograbber MP3-Plugin (64 bit) (x32 Version: 1.0) Bluetooth Win7 Suite (64) (Version: 7.2.0.65) Bonjour (Version: 3.0.0.10) CDBurnerXP (x32 Version: 4.4.2.3442) CyberLink LabelPrint (x32 Version: 2.5.1908) CyberLink Power2Go (x32 Version: 6.1.3602c) CyberLink PowerDirector (x32 Version: 8.0.3327) CyberLink PowerDVD 10 (x32 Version: 10.0.3122.52) D3DX10 (x32 Version: 15.4.2368.0902) Dealply (HKCU) DealPly (remove only) (x32 Version: 4.8.6.6) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) ElsterFormular (x32 Version: 13.4.1.10296) Fast Boot (Version: 1.0.9) Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.29.0) Fotogalerie (x32 Version: 16.4.3505.0912) FreeCommander 2009.02b (x32 Version: 2009.02) Galeria de Fotografias (x32 Version: 16.4.3505.0912) Galería de fotos (x32 Version: 16.4.3505.0912) Galerie de photos (x32 Version: 16.4.3505.0912) Gigaset QuickSync (Version: 8.0.0856.1) Google Chrome (x32 Version: 28.0.1500.72) Google Earth Plug-in (x32 Version: 7.0.3.8542) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358) Google Update Helper (x32 Version: 1.3.21.153) HP LaserJet Professional P1100-P1560-P1600 Series hppLaserJetService (x32 Version: 001.001.0.0) hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0) hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1) HPSSupply (x32 Version: 2.1.1.0000) InstantOn for NB (x32 Version: 2.1.2) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Management Engine Components (x32 Version: 7.0.0.1118) Intel(R) Processor Graphics (x32 Version: 8.15.10.2405) Intel(R) Turbo Boost Technology Monitor (Version: 1.0.400.4) iTunes (Version: 10.6.0.40) Junk Mail filter update (x32 Version: 16.4.3505.0912) Kaspersky Anti-Virus 2012 (x32 Version: 12.0.0.374) LyricsContainer (x32) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) MarketResearch (x32 Version: 130.0.374.000) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SkyDrive (HKCU Version: 16.4.6013.0910) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Movie Maker (x32 Version: 16.4.3505.0912) Mp3tag v2.50 (x32 Version: v2.50) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Music Now! (x32 Version: 1.0.9.0) Nikon Message Center (x32 Version: 0.92.000) Nikon Transfer (x32 Version: 1.1.1) NVIDIA 3D Vision Driver 268.74 (Version: 268.74) NVIDIA Control Panel 268.74 (Version: 268.74) NVIDIA Graphics Driver 268.74 (Version: 268.74) NVIDIA HD Audio Driver 1.2.22.1 (Version: 1.2.22.1) NVIDIA Install Application (Version: 2.265.41.0) NVIDIA Optimus 1.0.23 (Version: 1.0.23) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6874) NVIDIA Update Components (Version: 1.0.23) Photo Common (x32 Version: 16.4.3505.0912) Photo Gallery (x32 Version: 16.4.3505.0912) Photomatix Essentials 64-bit version 3.1.1 (Version: 3.1.1) Picasa 3 (x32 Version: 3.8) Plus-HD-1.6 (x32 Version: 1.27.153.8) Prism Videodatei-Konverter (x32) Qtrax (HKCU Version: 20.13.06.24) Qtrax Player (HKCU) Raccolta foto (x32 Version: 16.4.3505.0912) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6413) Revo Uninstaller 1.93 (x32 Version: 1.93) SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0) Saturn Fotoservice (x32 Version: 5.0.4) SonicMaster (x32 Version: 1.0.0.4) streamWriter (x32) Synaptics Pointing Device Driver (Version: 15.3.6.0) syncables desktop SE (x32 Version: 5.5.746.11492) Twonky 7 (x32 Version: 7.1.2.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft Office 2010 (KB2494150) (x32) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553092) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) VideoPad Videobearbeitungs-Software (x32) WebCake 3.00 (Version: 3.00) Winamp (x32 Version: 5.623 ) Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1) Windows Live Communications Platform (x32 Version: 16.4.3505.0912) Windows Live Essentials (x32 Version: 16.4.3505.0912) Windows Live Family Safety (Version: 16.4.3505.0912) Windows Live Family Safety (x32 Version: 16.4.3505.0912) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (x32 Version: 16.4.3505.0912) Windows Live Mail (x32 Version: 16.4.3505.0912) Windows Live Messenger (x32 Version: 16.4.3505.0912) Windows Live MIME IFilter (Version: 16.4.3505.0912) Windows Live Photo Common (x32 Version: 16.4.3505.0912) Windows Live PIMT Platform (x32 Version: 16.4.3505.0912) Windows Live SOXE (x32 Version: 16.4.3505.0912) Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912) Windows Live UX Platform (x32 Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912) Windows Live Writer (x32 Version: 16.4.3505.0912) Windows Live Writer Resources (x32 Version: 16.4.3505.0912) Windows Live 程式集 (x32 Version: 16.4.3505.0912) WinFlash (x32 Version: 2.31.1) Wireless Console 3 (x32 Version: 3.0.19) Wsys Control 1.0.0.2539 (x32 Version: 1.0.0.2539) Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912) Основные компоненты Windows Live (x32 Version: 16.4.3505.0912) Почта Windows Live (x32 Version: 16.4.3505.0912) Фотоальбом (x32 Version: 16.4.3505.0912) Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912) גלריית התמונות (x32 Version: 16.4.3505.0912) بريد Windows Live (x32 Version: 16.4.3505.0912) معرض الصور (x32 Version: 16.4.3505.0912) 影像中心 (x32 Version: 16.4.3505.0912) ==================== Restore Points ========================= 29-06-2013 17:10:13 Windows Update 03-07-2013 12:47:43 Windows Update 03-07-2013 13:24:35 Windows Update 03-07-2013 20:35:30 Windows Update 12-07-2013 22:24:58 Windows Update 12-07-2013 22:38:00 Windows Update 14-07-2013 21:24:29 Removed Internet Explorer Toolbar 4.9 by SweetPacks ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0F878681-35E4-444F-B3BF-A3145F2B0A5F} - System32\Tasks\LyricsContainer Update => C:\Program Files (x86)\LyricsContainer\LrcsCtrUpdr.exe [2013-07-08] (RYD Software) Task: {18387617-6EB2-4EF7-8A9F-68E875C70382} - System32\Tasks\Plus-HD-1.6-codedownloader => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe [2013-07-14] (Plus HD) Task: {1D667096-8482-4EA4-8A91-567CE3E5D246} - System32\Tasks\DealPlyUpdate => C:\Program No File Task: {1DA69E7F-EDCB-499B-82DF-5C78D95CB117} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS) Task: {42DEA711-8B2F-4861-A18D-2CF9AEC5CDE0} - System32\Tasks\USBChargerPlus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2011-06-30] (ASUSTek Computer Inc.) Task: {504216D4-8E67-441B-981C-8D77969D8638} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated) Task: {611C23BE-BB80-4822-8D96-590CFF7EB529} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS) Task: {62E8CE4D-3FC6-4B08-96F9-B60B45E10802} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] () Task: {6B777E35-5966-4345-B850-0365437A137B} - System32\Tasks\NCH Software\videopadShakeIcon => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [2013-07-13] (NCH Software) Task: {6E94109F-2AF3-4419-A80B-C63B2B3DDAD9} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS) Task: {7B4C7171-E3A0-4C45-9D55-1B81B8288ADF} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {7F0901EE-0C75-4B06-9AAC-E5F79D981AE5} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe No File Task: {7F2B3B36-39EE-4DBD-B605-A844A9F68A6D} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS) Task: {9C22813A-BF70-409A-9638-26AFAB8EBE57} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1038504468-1263906284-4239949246-1002 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {9CCA9DB4-ACF2-4C0E-A89C-735E94390DFF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: {9F907014-6D8A-40ED-AF2C-6D7FAC507E6E} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe No File Task: {A1B339F7-738C-410D-AE56-9F5555C4CCE8} - System32\Tasks\NCH Software\videopadSevenDays => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [2013-07-13] (NCH Software) Task: {B31C0C03-924E-4D49-AC4A-E928DF7ECDFD} - System32\Tasks\Plus-HD-1.6-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe [2013-07-14] (Plus HD) Task: {C6B88561-4648-4249-9E00-431A2F0BCD71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27] (Google Inc.) Task: {CEBCBBC3-BB28-4A7B-94AD-30123FC978B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27] (Google Inc.) Task: {D02FCF48-91BA-424B-89AD-30C91DFD2D45} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {DBD9B0F2-9794-4B7F-A066-F6043D403F8E} - System32\Tasks\Plus-HD-1.6-enabler => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe [2013-07-14] (Plus HD) Task: {E9FE1CC5-0C9D-47B6-845D-DEE936689AF5} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {EA6CA77E-0AD5-4F13-9A77-63ADA5B92841} - System32\Tasks\Plus-HD-1.6-updater => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe [2013-07-14] (Plus HD) Task: {F3E58099-D38B-4FE3-AC42-318231512A39} - System32\Tasks\Dealply => C:\Users\SIEMER~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE [2013-07-13] () Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Dealply.job => ? Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\LyricsContainer Update.job => C:\Program Files (x86)\LyricsContainer\LrcsCtrUpdr.exe Task: C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe Task: C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe Task: C:\Windows\Tasks\Plus-HD-1.6-enabler.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe Task: C:\Windows\Tasks\Plus-HD-1.6-updater.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/15/2013 03:27:35 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error: (07/14/2013 01:14:52 AM) (Source: MsiInstaller) (User: NOTEBOOK) Description: Product: Internet Explorer Toolbar 4.9 by SweetPacks -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance. Error: (07/14/2013 01:14:25 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: notification.exe, Version: 0.0.0.0, Zeitstempel: 0x51cda4f4 Name des fehlerhaften Moduls: notification.exe, Version: 0.0.0.0, Zeitstempel: 0x51cda4f4 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000030e2 ID des fehlerhaften Prozesses: 0x277c Startzeit der fehlerhaften Anwendung: 0xnotification.exe0 Pfad der fehlerhaften Anwendung: notification.exe1 Pfad des fehlerhaften Moduls: notification.exe2 Berichtskennung: notification.exe3 Error: (07/13/2013 10:28:50 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6240 Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6240 Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/13/2013 05:24:04 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: ACDSeePro5.exe, Version: 5.2.157.0, Zeitstempel: 0x4f755eba Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce6c3 ID des fehlerhaften Prozesses: 0x9f4 Startzeit der fehlerhaften Anwendung: 0xACDSeePro5.exe0 Pfad der fehlerhaften Anwendung: ACDSeePro5.exe1 Pfad des fehlerhaften Moduls: ACDSeePro5.exe2 Berichtskennung: ACDSeePro5.exe3 Error: (07/13/2013 04:06:14 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (07/13/2013 03:47:09 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1965 System errors: ============= Error: (07/16/2013 10:43:31 PM) (Source: NetBT) (User: ) Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 10.0.0.247 registriert werden. Der Computer mit IP-Adresse 10.0.0.130 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error: (07/16/2013 09:30:46 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet. Error: (07/16/2013 09:29:21 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert. Error: (07/15/2013 07:16:41 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet. Error: (07/15/2013 07:15:21 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert. Error: (07/14/2013 11:01:36 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet. Error: (07/14/2013 11:00:09 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert. Error: (07/14/2013 05:35:43 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet. Error: (07/14/2013 05:34:18 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert. Error: (07/14/2013 04:09:19 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Wsys Service" wurde nicht richtig gestartet. Microsoft Office Sessions: ========================= Error: (07/15/2013 03:27:35 AM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\Tools\freecommander\DelZip179.dllc:\program files (x86)\Tools\freecommander\DelZip179.dll8 Error: (07/14/2013 01:14:52 AM) (Source: MsiInstaller)(User: NOTEBOOK) Description: Product: Internet Explorer Toolbar 4.9 by SweetPacks -- Error 1719.The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/14/2013 01:14:25 AM) (Source: Application Error)(User: ) Description: notification.exe0.0.0.051cda4f4notification.exe0.0.0.051cda4f4c0000005000030e2277c01ce801eb426cfe9C:\Users\Siemering\Qtrax\Player\notification.exeC:\Users\Siemering\Qtrax\Player\notification.exef4ef8b6e-ec11-11e2-978c-742f68e36d21 Error: (07/13/2013 10:28:50 PM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\Tools\freecommander\DelZip179.dllc:\program files (x86)\Tools\freecommander\DelZip179.dll8 Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6240 Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 6240 Error: (07/13/2013 05:41:32 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/13/2013 05:24:04 PM) (Source: Application Error)(User: ) Description: ACDSeePro5.exe5.2.157.04f755ebantdll.dll6.1.7601.177254ec49b8fc0000374000ce6c39f401ce7fbd71c7cfa7C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeePro5.exeC:\Windows\SysWOW64\ntdll.dll401e513e-ebd0-11e2-978c-742f68e36d21 Error: (07/13/2013 04:06:14 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Siemering\Downloads\SoftonicDownloader_for_volume-control.exe Error: (07/13/2013 03:47:09 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1965 ==================== Memory info =========================== Percentage of memory in use: 30% Total physical RAM: 8096.05 MB Available physical RAM: 5663.23 MB Total Pagefile: 16190.29 MB Available Pagefile: 13526.02 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:305.67 GB) (Free:188.71 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:367.97 GB) (Free:154.03 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: A383324B) Partition 1: (Not Active) - (Size=25 GB) - (Type=1C) Partition 2: (Active) - (Size=306 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
17.07.2013, 08:16
| #7 |
| /// the machine /// TB-Ausbilder | QVO6.COM wird durch MS IE immer aufgerufen Du hast 2mal die Additional.txt gepostet und die FRST.txt vergessen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.07.2013, 21:51
| #8 |
| | QVO6.COM wird durch MS IE immer aufgerufen FSRT die 2. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-07-2013 03
Ran by xxx (administrator) on 16-07-2013 22:52:51
Running from C:\Users\xxx\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(Wsys Co., Ltd.) C:\ProgramData\eSafe\eGdpSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncablesMAPI.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUS) C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Splashtop Inc.) C:\ASUS.SYS\SIONExportService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Splashtop Inc.) C:\ASUS.SYS\wifiexport.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4156 2010-04-17] ()
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd [x]
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-27] (Google Inc.)
HKCU\...\Run: [Syncables] - C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
MountPoints2: F - F:\SISetup.exe
HKLM-x32\...\Run: [ASUSPRP] - "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-18] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-08] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [RemoteControl10] - "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-05-25] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] - "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2010-11-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ACPW05DE] - "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05DE [822384 2011-11-17] (ACD Systems)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] - "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [206448 2012-10-31] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-06-09] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [193128 2011-06-09] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Nikon Monitor.lnk
ShortcutTarget: Nikon Monitor.lnk -> C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\TwonkyServer.lnk
ShortcutTarget: TwonkyServer.lnk -> C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
Startup: C:\Users\Siemering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\02 Microsoft Outlook 2010.lnk
ShortcutTarget: 02 Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10053&barid={C85C127E-EC11-11E2-978C-742F68E36D21}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10053&barid={C85C127E-EC11-11E2-978C-742F68E36D21}
HKCU SearchScopes: DefaultScope {1040F243-993E-498C-8A81-980D0B85852F} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_deDE474
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {1040F243-993E-498C-8A81-980D0B85852F} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_deDE474
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Plus-HD-1.6 - {11111111-1111-1111-1111-110311201102} - C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll (Plus HD)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Chrome:
=======
CHR HomePage: hxxp://google.de/
CHR RestoreOnStartup: "hxxp://google.de/"
CHR DefaultSearchURL: (Google) - hxxp://www.google.de/search?q={searchTerms}
CHR DefaultSuggestURL: (Google) - "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Users\Siemering\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (LyricsContainer) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh\1.120_0
CHR Extension: (Docs) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0
CHR Extension: (Virtual Keyboard) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0
CHR Extension: (Plus-HD-1.6) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.23.23_0
CHR Extension: (Anti-Banner) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0
==================== Services (Whitelisted) =================
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [249856 2011-02-15] ()
R2 Splashtop MDES; C:\ASUS.SYS\SIONExportService.exe [338208 2011-05-11] (Splashtop Inc.)
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [770888 2012-10-22] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [557896 2012-10-22] (PacketVideo)
R2 TwonkyWebDav; C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [283464 2012-10-22] ()
R2 WsysSvc; C:\ProgramData\eSafe\eGdpSvc.exe [386112 2013-07-13] (Wsys Co., Ltd.)
==================== Drivers (Whitelisted) ====================
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-05-26] (ASUS)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-05-26] (ASUS)
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2012-10-08] (Siemens Home and Office Communication Devices GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-31] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-10-08] (Marvell Semiconductor, Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-16 22:52 - 2013-07-16 22:52 - 00000000 ____D C:\FRST
2013-07-16 22:51 - 2013-07-16 22:51 - 01778253 _____ (Farbar) C:\Users\Siemering\Downloads\FRST64.exe
2013-07-16 21:30 - 2013-07-16 21:30 - 00000000 ___RD C:\Users\Siemering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\Siemering\defogger_reenable
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\Siemering\defogger_reenable
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\Siemering\defogger_reenable
2013-07-15 19:32 - 2013-07-15 20:03 - 00000000 ____D C:\Users\Siemering\Desktop\Anti-Malware
2013-07-15 19:31 - 2013-07-15 13:38 - 00377856 _____ C:\Users\Siemering\Desktop\3 gmer_2.1.19163 desktop.exe
2013-07-14 23:20 - 2013-07-15 02:57 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-14 17:07 - 2013-07-14 17:07 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-14 17:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-14 17:05 - 2013-07-14 17:06 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Siemering\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-14 01:14 - 2013-07-14 01:14 - 00002397 _____ C:\Users\Siemering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-14 01:14 - 2013-07-14 01:14 - 00002367 _____ C:\Users\Siemering\Desktop\Qtrax Player.lnk
2013-07-14 01:13 - 2013-07-16 21:29 - 00001206 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
2013-07-14 01:13 - 2013-07-16 21:29 - 00001202 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job
2013-07-14 01:13 - 2013-07-16 21:29 - 00001106 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job
2013-07-14 01:13 - 2013-07-14 01:13 - 00004236 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-codedownloader
2013-07-14 01:13 - 2013-07-14 01:13 - 00004232 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-updater
2013-07-14 01:13 - 2013-07-14 01:13 - 00004136 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-enabler
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\Siemering\Qtrax
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\Siemering\Qtrax
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\Siemering\Qtrax
2013-07-14 01:13 - 2011-06-11 01:15 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2013-07-14 01:13 - 2011-06-11 01:15 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2013-07-14 01:12 - 2013-07-16 21:32 - 00000416 _____ C:\Windows\Tasks\LyricsContainer Update.job
2013-07-14 01:12 - 2013-07-16 21:29 - 00001914 _____ C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job
2013-07-14 01:12 - 2013-07-14 01:13 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.6
2013-07-14 01:12 - 2013-07-14 01:12 - 04953944 _____ (FLVMPlayer ) C:\Users\Siemering\Desktop\FLVMPlayer.exe
2013-07-14 01:12 - 2013-07-14 01:12 - 00003072 _____ C:\Windows\System32\Tasks\LyricsContainer Update
2013-07-14 01:12 - 2013-07-14 01:12 - 00000000 ____D C:\Program Files (x86)\LyricsContainer
2013-07-13 16:15 - 2013-07-13 16:15 - 00001176 _____ C:\Users\Public\Desktop\VideoPad Videobearbeitungs-Software.lnk
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\ProgramData\NCH Software
2013-07-13 16:14 - 2013-07-13 16:15 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-07-13 16:14 - 2013-07-13 16:14 - 00558104 _____ (NCH Software) C:\Users\Siemering\Downloads\prismpsetup.exe
2013-07-13 16:14 - 2013-07-13 16:14 - 00001134 _____ C:\Users\Public\Desktop\Prism Videodatei-Konverter.lnk
2013-07-13 16:08 - 2013-07-16 22:45 - 00000000 ____D C:\ProgramData\eSafe
2013-07-13 16:08 - 2013-07-16 22:09 - 00000304 _____ C:\Windows\Tasks\Dealply.job
2013-07-13 16:08 - 2013-07-14 23:00 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\WebCake
2013-07-13 16:08 - 2013-07-13 16:08 - 00003374 _____ C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-13 16:08 - 2013-07-13 16:08 - 00003252 _____ C:\Windows\System32\Tasks\Dealply
2013-07-13 16:08 - 2013-07-13 16:08 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\eIntaller
2013-07-13 16:08 - 2013-07-13 16:08 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\Dealply
2013-07-13 16:07 - 2013-07-14 17:33 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\SwvUpdater
2013-07-13 16:07 - 2013-07-13 16:07 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-07-13 16:07 - 2013-07-13 16:07 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-07-13 00:51 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 00:51 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 00:51 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 00:51 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 00:51 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 00:51 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 00:51 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 00:51 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 00:51 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-13 00:26 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-13 00:26 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-13 00:26 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-13 00:26 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-13 00:25 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-13 00:24 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-13 00:24 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-03 22:36 - 2013-07-03 22:53 - 00009228 _____ C:\Windows\IE10_main.log
==================== One Month Modified Files and Folders =======
2013-07-16 22:52 - 2013-07-16 22:52 - 00000000 ____D C:\FRST
2013-07-16 22:51 - 2013-07-16 22:51 - 01778253 _____ (Farbar) C:\Users\Siemering\Downloads\FRST64.exe
2013-07-16 22:51 - 2012-02-27 16:19 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-16 22:51 - 2012-02-27 16:19 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-16 22:47 - 2012-02-25 18:46 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-16 22:46 - 2012-02-27 16:19 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 22:46 - 2012-02-27 16:19 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-16 22:45 - 2013-07-13 16:08 - 00000000 ____D C:\ProgramData\eSafe
2013-07-16 22:43 - 2013-02-24 19:29 - 00000000 ____D C:\ProgramData\TwonkyServer
2013-07-16 22:42 - 2012-03-04 19:43 - 00000000 ____D C:\Users\Siemering\Outlook-Dateien
2013-07-16 22:42 - 2012-03-04 19:43 - 00000000 ____D C:\Users\Siemering\Outlook-Dateien
2013-07-16 22:42 - 2012-03-04 19:43 - 00000000 ____D C:\Users\Siemering\Outlook-Dateien
2013-07-16 22:41 - 2012-02-28 19:10 - 00000177 ____H C:\dvmexp.idx
2013-07-16 22:28 - 2013-02-23 16:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-16 22:09 - 2013-07-13 16:08 - 00000304 _____ C:\Windows\Tasks\Dealply.job
2013-07-16 21:39 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-16 21:39 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-16 21:32 - 2013-07-14 01:12 - 00000416 _____ C:\Windows\Tasks\LyricsContainer Update.job
2013-07-16 21:30 - 2013-07-16 21:30 - 00000000 ___RD C:\Users\Siemering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-07-16 21:30 - 2012-02-22 19:34 - 00000000 ___HD C:\ASUS.DAT
2013-07-16 21:30 - 2012-02-22 19:34 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\VirtualStore
2013-07-16 21:30 - 2011-11-20 07:42 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-16 21:29 - 2013-07-14 01:13 - 00001206 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
2013-07-16 21:29 - 2013-07-14 01:13 - 00001202 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job
2013-07-16 21:29 - 2013-07-14 01:13 - 00001106 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job
2013-07-16 21:29 - 2013-07-14 01:12 - 00001914 _____ C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job
2013-07-16 21:29 - 2011-11-20 08:09 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-07-16 21:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-16 21:29 - 2009-07-14 06:51 - 00105462 _____ C:\Windows\setupact.log
2013-07-15 20:56 - 2011-11-20 07:32 - 01095607 _____ C:\Windows\WindowsUpdate.log
2013-07-15 20:03 - 2013-07-15 19:32 - 00000000 ____D C:\Users\Siemering\Desktop\Anti-Malware
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\Siemering\defogger_reenable
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\Siemering\defogger_reenable
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\Siemering\defogger_reenable
2013-07-15 19:33 - 2012-02-22 19:34 - 00000000 ___RD C:\Users\Siemering
2013-07-15 19:32 - 2011-02-19 06:24 - 00665812 _____ C:\Windows\system32\perfh007.dat
2013-07-15 19:32 - 2011-02-19 06:24 - 00133992 _____ C:\Windows\system32\perfc007.dat
2013-07-15 19:32 - 2009-07-14 07:13 - 01529502 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-15 13:38 - 2013-07-15 19:31 - 00377856 _____ C:\Users\Siemering\Desktop\3 gmer_2.1.19163 desktop.exe
2013-07-15 02:57 - 2013-07-14 23:20 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-14 23:17 - 2012-02-23 21:19 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\Google
2013-07-14 23:00 - 2013-07-13 16:08 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\WebCake
2013-07-14 23:00 - 2011-04-13 03:39 - 00370596 _____ C:\Windows\PFRO.log
2013-07-14 17:33 - 2013-07-13 16:07 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\SwvUpdater
2013-07-14 17:07 - 2013-07-14 17:07 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-14 17:06 - 2013-07-14 17:05 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Siemering\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-14 16:09 - 2011-11-20 07:55 - 00001574 _____ C:\Windows\system32\ServiceFilter.ini
2013-07-14 16:08 - 2011-11-20 07:55 - 00002532 _____ C:\Windows\system32\AutoRunFilter.ini
2013-07-14 01:14 - 2013-07-14 01:14 - 00002397 _____ C:\Users\Siemering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-14 01:14 - 2013-07-14 01:14 - 00002367 _____ C:\Users\Siemering\Desktop\Qtrax Player.lnk
2013-07-14 01:14 - 2012-02-24 12:14 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\CrashDumps
2013-07-14 01:13 - 2013-07-14 01:13 - 00004236 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-codedownloader
2013-07-14 01:13 - 2013-07-14 01:13 - 00004232 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-updater
2013-07-14 01:13 - 2013-07-14 01:13 - 00004136 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-enabler
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\Siemering\Qtrax
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\Siemering\Qtrax
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\Siemering\Qtrax
2013-07-14 01:13 - 2013-07-14 01:12 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.6
2013-07-14 01:12 - 2013-07-14 01:12 - 04953944 _____ (FLVMPlayer ) C:\Users\Siemering\Desktop\FLVMPlayer.exe
2013-07-14 01:12 - 2013-07-14 01:12 - 00003072 _____ C:\Windows\System32\Tasks\LyricsContainer Update
2013-07-14 01:12 - 2013-07-14 01:12 - 00000000 ____D C:\Program Files (x86)\LyricsContainer
2013-07-13 17:00 - 2012-02-23 22:48 - 00203776 _____ C:\Users\SIEMER~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-13 16:15 - 2013-07-13 16:15 - 00001176 _____ C:\Users\Public\Desktop\VideoPad Videobearbeitungs-Software.lnk
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\ProgramData\NCH Software
2013-07-13 16:15 - 2013-07-13 16:14 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-07-13 16:14 - 2013-07-13 16:14 - 00558104 _____ (NCH Software) C:\Users\Siemering\Downloads\prismpsetup.exe
2013-07-13 16:14 - 2013-07-13 16:14 - 00001134 _____ C:\Users\Public\Desktop\Prism Videodatei-Konverter.lnk
2013-07-13 16:08 - 2013-07-13 16:08 - 00003374 _____ C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-13 16:08 - 2013-07-13 16:08 - 00003252 _____ C:\Windows\System32\Tasks\Dealply
2013-07-13 16:08 - 2013-07-13 16:08 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\eIntaller
2013-07-13 16:08 - 2013-07-13 16:08 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\Dealply
2013-07-13 16:08 - 2012-02-22 19:35 - 00001683 _____ C:\Users\Siemering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-13 16:07 - 2013-07-13 16:07 - 00000000 ____D C:\Users\Siemering\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-07-13 16:07 - 2013-07-13 16:07 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-07-13 13:30 - 2009-07-14 06:45 - 00498832 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 13:28 - 2013-03-12 22:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 13:28 - 2013-03-12 22:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 13:28 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 13:28 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 13:28 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 01:04 - 2012-02-23 23:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-13 00:54 - 2012-02-25 14:39 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-04 20:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-04 20:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2013-07-04 20:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-07-04 20:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\he-IL
2013-07-04 20:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\ar-SA
2013-07-04 20:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-03 22:53 - 2013-07-03 22:36 - 00009228 _____ C:\Windows\IE10_main.log
2013-07-03 22:40 - 2013-07-03 22:40 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-29 19:48 - 2012-02-23 22:57 - 00000000 ____D C:\ProgramData\tmp
2013-06-23 18:29 - 2012-11-30 17:42 - 00001334 _____ C:\Users\Public\Desktop\Saturn Fotoservice.lnk
2013-06-22 19:02 - 2011-11-20 08:19 - 00000224 _____ C:\WifiInfo.ini.enc
2013-06-16 17:05 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-06-16 17:05 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
Files to move or delete:
====================
C:\ProgramData\FullRemove.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 22:26
==================== End Of Log ============================
|
|
18.07.2013, 08:11
| #9 | |
| /// the machine /// TB-Ausbilder | QVO6.COM wird durch MS IE immer aufgerufenCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.07.2013, 21:35
| #10 |
| | QVO6.COM wird durch MS IE immer aufgerufen Combofix Code:
ATTFilter ComboFix 13-07-18.04 - xxx 18.07.2013 21:24:11.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8096.5958 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\xxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\{68ADA97B-ADA9-428A-8BF8-3F07B320F635}.xps
c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
c:\windows\msvcr71.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WsysSvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-18 bis 2013-07-18 ))))))))))))))))))))))))))))))
.
.
2013-07-18 19:39 . 2013-07-18 19:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-18 19:39 . 2013-07-18 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-18 19:14 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5001AA8A-2356-4D04-A5DE-B9881CA87E62}\mpengine.dll
2013-07-18 15:45 . 2013-07-18 15:45 -------- d-----w- c:\program files (x86)\LyricsContainer
2013-07-16 20:52 . 2013-07-16 20:52 -------- d-----w- C:\FRST
2013-07-14 15:07 . 2013-07-14 15:07 -------- d-----w- c:\users\xxx\AppData\Roaming\Malwarebytes
2013-07-14 15:06 . 2013-07-14 15:06 -------- d-----w- c:\programdata\Malwarebytes
2013-07-14 15:06 . 2013-07-14 15:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-07-14 15:06 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-14 15:06 . 2013-07-14 15:06 -------- d-----w- c:\users\xxx\AppData\Local\Programs
2013-07-13 23:13 . 2011-06-10 23:15 829264 ----a-w- c:\windows\system32\msvcr100.dll
2013-07-13 23:13 . 2011-06-10 23:15 608080 ----a-w- c:\windows\system32\msvcp100.dll
2013-07-13 23:13 . 2013-07-13 23:13 -------- d-----w- c:\users\xxx\Qtrax
2013-07-13 23:12 . 2013-07-13 23:13 -------- d-----w- c:\program files (x86)\Plus-HD-1.6
2013-07-13 14:15 . 2013-07-13 14:15 -------- d-----w- c:\users\xxx\AppData\Roaming\NCH Software
2013-07-13 14:15 . 2013-07-13 14:15 -------- d-----w- c:\programdata\NCH Software
2013-07-13 14:14 . 2013-07-13 14:15 -------- d-----w- c:\program files (x86)\NCH Software
2013-07-13 14:08 . 2013-07-14 21:00 -------- d-----w- c:\users\xxx\AppData\Roaming\WebCake
2013-07-13 14:08 . 2013-07-14 20:58 -------- d-----w- c:\programdata\Tarma Installer
2013-07-13 14:08 . 2013-07-18 19:11 -------- d-----w- c:\programdata\eSafe
2013-07-13 14:08 . 2013-07-13 14:08 -------- d-----w- c:\users\xxx\AppData\Roaming\eIntaller
2013-07-13 14:08 . 2013-07-13 14:08 -------- d-----w- c:\users\xxx\AppData\Roaming\Dealply
2013-07-13 14:07 . 2013-07-13 14:07 -------- d-----w- c:\program files (x86)\DealPly
2013-07-13 14:07 . 2013-07-14 15:33 -------- d-----w- c:\users\xxx\AppData\Local\SwvUpdater
2013-07-12 22:26 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-12 22:26 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-12 22:26 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-12 22:26 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-12 22:26 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-12 22:26 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-12 22:26 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-12 22:26 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-12 22:26 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-12 22:26 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-12 22:26 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-12 22:25 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-12 22:25 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-12 22:25 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-12 22:25 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-12 22:25 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 22:25 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 22:24 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-12 22:24 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-18 19:40 . 2011-11-20 06:09 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-07-12 22:54 . 2012-02-25 12:39 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-11 18:28 . 2013-02-23 14:30 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 18:28 . 2012-02-28 14:40 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 19:35 . 2012-07-17 13:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-13 19:02 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-13 19:02 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-13 19:02 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-13 19:02 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-13 19:02 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-13 19:02 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-13 19:02 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-13 19:02 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-13 19:02 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-13 19:02 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-13 19:02 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-13 19:02 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-13 19:02 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 00:06 . 2012-02-26 09:37 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-26 05:51 . 2013-06-13 19:02 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-13 19:02 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-13 19:02 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110311201102}]
2013-07-13 23:13 752488 ----a-w- c:\program files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{DA3D98A6-868D-4E1B-BB78-0887230DA405}]
2013-07-16 22:40 134144 ----a-w- c:\program files (x86)\LyricsContainer\122.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-02 17:06 220632 ----a-w- c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-02 17:06 220632 ----a-w- c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-02 17:06 220632 ----a-w- c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-27 39408]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-05-25 75048]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-24 222504]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ACPW05DE"="c:\program files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" [2011-11-16 822384]
"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2012-10-31 206448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-13 548528]
FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe -d [2011-11-20 12862]
Nikon Monitor.lnk - c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [2008-6-5 479232]
TwonkyServer.lnk - c:\program files (x86)\Twonky\TwonkyServer\twonkytray.exe [2012-10-22 1135432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/11/19 22:04;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 GigasetGenericUSB_x64;GigasetGenericUSB_x64;c:\windows\system32\DRIVERS\GigasetGenericUSB_x64.sys;c:\windows\SYSNATIVE\DRIVERS\GigasetGenericUSB_x64.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys;c:\windows\SYSNATIVE\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\Common Files\InstantOn\InsOnSrv.exe;c:\program files (x86)\Common Files\InstantOn\InsOnSrv.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 Splashtop MDES;Splashtop Meta Data Export Service;c:\asus.sys\SIONExportService.exe;c:\asus.sys\SIONExportService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S2 TwonkyProxy;TwonkyProxy;c:\program files (x86)\Twonky\TwonkyServer\twonkyproxy.exe;c:\program files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [x]
S2 TwonkyServer;TwonkyServer;c:\program files (x86)\Twonky\TwonkyServer\twonkystarter.exe;c:\program files (x86)\Twonky\TwonkyServer\twonkystarter.exe [x]
S2 TwonkyWebDav;TwonkyWebDav;c:\program files (x86)\Twonky\TwonkyServer\twonkywebdav.exe;c:\program files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-15 00:49 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-23 18:28]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 14:19]
.
2013-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27 14:19]
.
2013-07-18 c:\windows\Tasks\LyricsContainer Update.job
- c:\program files (x86)\LyricsContainer\LrcsCtrUpdr.exe [2013-07-16 22:40]
.
2013-07-18 c:\windows\Tasks\Plus-HD-1.6-chromeinstaller.job
- c:\program files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe [2013-07-13 23:12]
.
2013-07-18 c:\windows\Tasks\Plus-HD-1.6-codedownloader.job
- c:\program files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe [2013-07-13 23:12]
.
2013-07-18 c:\windows\Tasks\Plus-HD-1.6-enabler.job
- c:\program files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe [2013-07-13 23:13]
.
2013-07-18 c:\windows\Tasks\Plus-HD-1.6-updater.job
- c:\program files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe [2013-07-13 23:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-12-02 17:06 244696 ----a-w- c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-12-02 17:06 244696 ----a-w- c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-12-02 17:06 244696 ----a-w- c:\users\xxx\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mDefault_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521
mStart Page = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10053&barid={C85C127E-EC11-11E2-978C-742F68E36D21}
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\02 Microsoft Outlook 2010.lnk - c:\windows\Installer\{91140000-0011-0000-0000-0000000FF1CE}\outicon.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.032"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.abr"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ani"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.apd"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.arw"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.bay"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-1038504468-1263906284-4239949246-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.bmp"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.bw"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.cr2"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.crw"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.cs1"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.cur"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.dcr"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.dcx"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.dib"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.djv"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.djvu"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.dng"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.emf"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.eps"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.erf"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.fff"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.fpx"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-1038504468-1263906284-4239949246-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.gif"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.hdr"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.icl"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.icn"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ico"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.iff"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ilbm"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.int"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.inta"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.iw4"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.j2c"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.j2k"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jbr"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jfif"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jif"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jp2"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpc"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-1038504468-1263906284-4239949246-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpe"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-1038504468-1263906284-4239949246-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpeg"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-1038504468-1263906284-4239949246-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpg"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpk"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.jpx"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.kdc"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.lbm"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.mef"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.mos"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.mrw"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.nef"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.nrw"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.orf"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pbm"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pbr"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pcd"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pct"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pcx"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pef"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pgm"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pic"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pict"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pix"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-1038504468-1263906284-4239949246-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.png"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ppm"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.psd"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.psp"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pspbrush"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.pspimage"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.raf"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ras"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.raw"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rgb"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rgba"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rle"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rsb"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rw2"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.rwl"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sgi"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.sr2"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.srf"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.srw"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.tga"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.thm"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-1038504468-1263906284-4239949246-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.tif"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-1038504468-1263906284-4239949246-1002)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.tiff"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ttc"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.ttf"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50po"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50pp"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.v50ppf"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.wbm"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.wbmp"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.wmf"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xbm"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xif"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xmp"
.
[HKEY_USERS\S-1-5-21-1038504468-1263906284-4239949246-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 5.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\InstantOn\InsOnWMI.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\windows\SysWOW64\DllHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-18 21:55:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-07-18 19:55
.
Vor Suchlauf: 14 Verzeichnis(se), 219.399.634.944 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 220.152.819.712 Bytes frei
.
- - End Of File - - D55EA4D6CADFCE2C586D6970B6B70645
D41D8CD98F00B204E9800998ECF8427E
|
|
19.07.2013, 10:41
| #11 |
| /// the machine /// TB-Ausbilder | QVO6.COM wird durch MS IE immer aufgerufen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.07.2013, 12:07
| #12 |
| | QVO6.COM wird durch MS IE immer aufgerufen ADW Cleaner [S1] Code:
ATTFilter # AdwCleaner v2.305 - Datei am 19/07/2013 um 12:11:37 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : xxx - NOTEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxx\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Desinfiziert : C:\Users\xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Datei Desinfiziert : C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Datei Desinfiziert : C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Datei Gelöscht : C:\Windows\Tasks\LyricsContainer Update.job
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\Program Files (x86)\LyricsContainer
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Ordner Gelöscht : C:\Users\xxx\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\xxx\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\xxx\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\Users\xxx\AppData\Roaming\WebCake
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsContainer
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0032002.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0032002.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0032002.Sandbox.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311201102}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311201102}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322202202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311201102}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Lyrics@LyricsContainer.co
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.qvo6.com/?utm_source=b&utm_medium=amt&from=amt&uid=HitachiXHTS547575A9E384_J2540054CYWYPECYWYPEX&ts=1373724521 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10053&barid={C85C127E-EC11-11E2-978C-742F68E36D21} --> hxxp://www.google.com
-\\ Google Chrome v28.0.1500.72
Datei : C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [6375 octets] - [19/07/2013 12:11:37]
########## EOF - C:\AdwCleaner[S1].txt - [6435 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Windows 7 Home Premium x64
Ran by xxx on 19.07.2013 at 12:19:26,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{bb975e58-e769-4e5a-ba12-b765bc559ff3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{f511afdb-726e-4458-90e7-1ecb97406544}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{fb684d26-01f4-4d9d-87cb-f486beba56dc}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.07.2013 at 12:36:37,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by xxx (administrator) on 19-07-2013 12:59:27
Running from C:\Users\xxx\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUS) C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Splashtop Inc.) C:\ASUS.SYS\SIONExportService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(syncables, LLC) C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4156 2010-04-17] ()
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd [x]
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-27] (Google Inc.)
HKCU\...\Run: [Syncables] - C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
HKLM-x32\...\Run: [ASUSPRP] - "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-18] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-08] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [RemoteControl10] - "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-05-25] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] - "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2010-11-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ACPW05DE] - "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05DE [822384 2011-11-17] (ACD Systems)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] - "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [206448 2012-10-31] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [226920 2011-06-09] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [193128 2011-06-09] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
ShortcutTarget: Nikon Monitor.lnk -> C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TwonkyServer.lnk
ShortcutTarget: TwonkyServer.lnk -> C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {1040F243-993E-498C-8A81-980D0B85852F} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_deDE474
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {1040F243-993E-498C-8A81-980D0B85852F} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_deDE474
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: LyricsContainer - {DA3D98A6-868D-4E1B-BB78-0887230DA405} - C:\Program Files (x86)\LyricsContainer\122.dll No File
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
CHR HomePage: hxxp://google.de/
CHR RestoreOnStartup: "hxxp://google.de/"
CHR DefaultSearchURL: (Google) - hxxp://www.google.de/search?q={searchTerms}
CHR DefaultSuggestURL: (Google) - "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0
CHR Extension: (Virtual Keyboard) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0
CHR Extension: (Plus-HD-1.6) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.23.23_0
CHR Extension: (Anti-Banner) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0
==================== Services (Whitelisted) =================
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [249856 2011-02-15] ()
R2 Splashtop MDES; C:\ASUS.SYS\SIONExportService.exe [338208 2011-05-11] (Splashtop Inc.)
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [770888 2012-10-22] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [557896 2012-10-22] (PacketVideo)
R2 TwonkyWebDav; C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [283464 2012-10-22] ()
==================== Drivers (Whitelisted) ====================
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-05-26] (ASUS)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-05-26] (ASUS)
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2012-10-08] (Siemens Home and Office Communication Devices GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-31] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-10-08] (Marvell Semiconductor, Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-19 12:40 - 2013-07-19 12:40 - 00000000 ___RD C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-07-19 12:36 - 2013-07-19 12:36 - 00001081 _____ C:\Users\xxx\Desktop\JRT.txt
2013-07-19 12:19 - 2013-07-19 12:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-19 12:18 - 2013-07-19 12:08 - 00559341 _____ (Oleg N. Scherbakov) C:\Users\xxx\Desktop\JRT.exe
2013-07-19 12:11 - 2013-07-19 12:12 - 00006488 _____ C:\AdwCleaner[S1].txt
2013-07-19 12:11 - 2013-07-19 12:06 - 00662345 _____ C:\Users\xxx\Desktop\adwcleaner.exe
2013-07-19 12:04 - 2013-07-19 12:04 - 00277440 _____ C:\Users\xxx\Downloads\Setup.exe
2013-07-18 21:56 - 2013-07-18 21:56 - 00050429 _____ C:\ComboFix.txt
2013-07-18 21:21 - 2013-07-18 21:56 - 00000000 ____D C:\ComboFix
2013-07-18 17:50 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-18 17:50 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-18 17:50 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-18 17:50 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-18 17:50 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-18 17:50 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-18 17:50 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-18 17:50 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-18 17:42 - 2013-07-18 21:56 - 00000000 ____D C:\Qoobox
2013-07-18 17:42 - 2013-07-18 21:51 - 00000000 ____D C:\Windows\erdnt
2013-07-18 17:41 - 2013-07-18 21:20 - 05091168 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe
2013-07-17 21:48 - 2013-07-17 13:30 - 01778209 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-07-16 22:55 - 2013-07-16 22:55 - 00055548 _____ C:\Users\xxx\Downloads\FRST.txt
2013-07-16 22:54 - 2013-07-16 22:55 - 00025805 _____ C:\Users\xxx\Downloads\Addition.txt
2013-07-16 22:52 - 2013-07-16 22:52 - 00000000 ____D C:\FRST
2013-07-16 22:51 - 2013-07-16 22:51 - 01778253 _____ (Farbar) C:\Users\xxx\Downloads\FRST64.exe
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\xxx\defogger_reenable
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\xxx\defogger_reenable
2013-07-15 19:32 - 2013-07-15 20:03 - 00000000 ____D C:\Users\xxx\Desktop\Anti-Malware
2013-07-15 19:31 - 2013-07-15 13:38 - 00377856 _____ C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe
2013-07-14 23:20 - 2013-07-15 02:57 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-14 17:07 - 2013-07-14 17:07 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-14 17:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-14 17:05 - 2013-07-14 17:06 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\xxx\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-14 01:14 - 2013-07-14 01:14 - 00002397 _____ C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-14 01:14 - 2013-07-14 01:14 - 00002367 _____ C:\Users\xxx\Desktop\Qtrax Player.lnk
2013-07-14 01:13 - 2013-07-19 12:39 - 00001206 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
2013-07-14 01:13 - 2013-07-19 12:39 - 00001202 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job
2013-07-14 01:13 - 2013-07-19 12:39 - 00001106 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job
2013-07-14 01:13 - 2013-07-14 01:13 - 00004236 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-codedownloader
2013-07-14 01:13 - 2013-07-14 01:13 - 00004232 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-updater
2013-07-14 01:13 - 2013-07-14 01:13 - 00004136 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-enabler
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\xxx\Qtrax
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\xxx\Qtrax
2013-07-14 01:13 - 2011-06-11 01:15 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2013-07-14 01:13 - 2011-06-11 01:15 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2013-07-14 01:12 - 2013-07-19 12:39 - 00001914 _____ C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job
2013-07-14 01:12 - 2013-07-14 01:13 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.6
2013-07-14 01:12 - 2013-07-14 01:12 - 04953944 _____ (FLVMPlayer ) C:\Users\xxx\Desktop\FLVMPlayer.exe
2013-07-13 16:15 - 2013-07-13 16:15 - 00001176 _____ C:\Users\Public\Desktop\VideoPad Videobearbeitungs-Software.lnk
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Users\xxx\AppData\Roaming\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\ProgramData\NCH Software
2013-07-13 16:14 - 2013-07-13 16:15 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-07-13 16:14 - 2013-07-13 16:14 - 00558104 _____ (NCH Software) C:\Users\xxx\Downloads\prismpsetup.exe
2013-07-13 16:14 - 2013-07-13 16:14 - 00001134 _____ C:\Users\Public\Desktop\Prism Videodatei-Konverter.lnk
2013-07-13 16:08 - 2013-07-13 16:08 - 00003374 _____ C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-13 00:51 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 00:51 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 00:51 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 00:51 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 00:51 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 00:51 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 00:51 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 00:51 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 00:51 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-13 00:26 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-13 00:26 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-13 00:26 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-13 00:26 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-13 00:25 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-13 00:24 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-13 00:24 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-03 22:36 - 2013-07-03 22:53 - 00009228 _____ C:\Windows\IE10_main.log
==================== One Month Modified Files and Folders =======
2013-07-19 12:51 - 2012-02-28 19:10 - 00000177 ____H C:\dvmexp.idx
2013-07-19 12:51 - 2012-02-27 16:19 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-19 12:49 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-19 12:49 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-19 12:45 - 2011-11-20 07:32 - 01277181 _____ C:\Windows\WindowsUpdate.log
2013-07-19 12:44 - 2013-02-24 19:29 - 00000000 ____D C:\ProgramData\TwonkyServer
2013-07-19 12:41 - 2012-02-25 18:46 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-19 12:40 - 2013-07-19 12:40 - 00000000 ___RD C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-07-19 12:40 - 2012-02-22 19:34 - 00000000 ___HD C:\ASUS.DAT
2013-07-19 12:39 - 2013-07-14 01:13 - 00001206 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
2013-07-19 12:39 - 2013-07-14 01:13 - 00001202 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job
2013-07-19 12:39 - 2013-07-14 01:13 - 00001106 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job
2013-07-19 12:39 - 2013-07-14 01:12 - 00001914 _____ C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job
2013-07-19 12:39 - 2012-02-27 16:19 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-19 12:39 - 2011-11-20 08:09 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-07-19 12:39 - 2011-11-20 07:42 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-19 12:39 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-19 12:39 - 2009-07-14 06:51 - 00105966 _____ C:\Windows\setupact.log
2013-07-19 12:36 - 2013-07-19 12:36 - 00001081 _____ C:\Users\xxx\Desktop\JRT.txt
2013-07-19 12:28 - 2013-02-23 16:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-19 12:19 - 2013-07-19 12:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-19 12:12 - 2013-07-19 12:11 - 00006488 _____ C:\AdwCleaner[S1].txt
2013-07-19 12:11 - 2012-02-22 19:35 - 00001005 _____ C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-19 12:08 - 2013-07-19 12:18 - 00559341 _____ (Oleg N. Scherbakov) C:\Users\xxx\Desktop\JRT.exe
2013-07-19 12:06 - 2013-07-19 12:11 - 00662345 _____ C:\Users\xxx\Desktop\adwcleaner.exe
2013-07-19 12:04 - 2013-07-19 12:04 - 00277440 _____ C:\Users\xxx\Downloads\Setup.exe
2013-07-18 21:56 - 2013-07-18 21:56 - 00050429 _____ C:\ComboFix.txt
2013-07-18 21:56 - 2013-07-18 21:21 - 00000000 ____D C:\ComboFix
2013-07-18 21:56 - 2013-07-18 17:42 - 00000000 ____D C:\Qoobox
2013-07-18 21:56 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-18 21:52 - 2012-02-22 19:35 - 00000000 ___RD C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-18 21:51 - 2013-07-18 17:42 - 00000000 ____D C:\Windows\erdnt
2013-07-18 21:48 - 2009-07-14 04:34 - 00000248 _____ C:\Windows\system.ini
2013-07-18 21:40 - 2011-04-13 03:39 - 00371926 _____ C:\Windows\PFRO.log
2013-07-18 21:40 - 2009-07-14 04:34 - 88342528 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-07-18 21:40 - 2009-07-14 04:34 - 19660800 _____ C:\Windows\system32\config\SYSTEM.bak
2013-07-18 21:40 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-07-18 21:40 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-07-18 21:40 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-07-18 21:20 - 2013-07-18 17:41 - 05091168 ____R (Swearware) C:\Users\xxx\Desktop\ComboFix.exe
2013-07-18 21:17 - 2012-03-04 19:43 - 00000000 ____D C:\Users\xxx\Outlook-Dateien
2013-07-18 21:17 - 2012-03-04 19:43 - 00000000 ____D C:\Users\xxx\Outlook-Dateien
2013-07-17 13:30 - 2013-07-17 21:48 - 01778209 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-07-16 22:55 - 2013-07-16 22:55 - 00055548 _____ C:\Users\xxx\Downloads\FRST.txt
2013-07-16 22:55 - 2013-07-16 22:54 - 00025805 _____ C:\Users\xxx\Downloads\Addition.txt
2013-07-16 22:52 - 2013-07-16 22:52 - 00000000 ____D C:\FRST
2013-07-16 22:51 - 2013-07-16 22:51 - 01778253 _____ (Farbar) C:\Users\xxx\Downloads\FRST64.exe
2013-07-16 22:46 - 2012-02-27 16:19 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 22:46 - 2012-02-27 16:19 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-16 21:30 - 2012-02-22 19:34 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\VirtualStore
2013-07-15 20:03 - 2013-07-15 19:32 - 00000000 ____D C:\Users\xxx\Desktop\Anti-Malware
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\xxx\defogger_reenable
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\xxx\defogger_reenable
2013-07-15 19:33 - 2012-02-22 19:34 - 00000000 ___RD C:\Users\xxx
2013-07-15 19:32 - 2011-02-19 06:24 - 00665812 _____ C:\Windows\system32\perfh007.dat
2013-07-15 19:32 - 2011-02-19 06:24 - 00133992 _____ C:\Windows\system32\perfc007.dat
2013-07-15 19:32 - 2009-07-14 07:13 - 01529502 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-15 13:38 - 2013-07-15 19:31 - 00377856 _____ C:\Users\xxx\Desktop\3 gmer_2.1.19163 desktop.exe
2013-07-15 02:57 - 2013-07-14 23:20 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-14 23:17 - 2012-02-23 21:19 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\Google
2013-07-14 17:07 - 2013-07-14 17:07 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-14 17:06 - 2013-07-14 17:05 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\xxx\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-14 16:09 - 2011-11-20 07:55 - 00001574 _____ C:\Windows\system32\ServiceFilter.ini
2013-07-14 16:08 - 2011-11-20 07:55 - 00002532 _____ C:\Windows\system32\AutoRunFilter.ini
2013-07-14 01:14 - 2013-07-14 01:14 - 00002397 _____ C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-14 01:14 - 2013-07-14 01:14 - 00002367 _____ C:\Users\xxx\Desktop\Qtrax Player.lnk
2013-07-14 01:14 - 2012-02-24 12:14 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\CrashDumps
2013-07-14 01:13 - 2013-07-14 01:13 - 00004236 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-codedownloader
2013-07-14 01:13 - 2013-07-14 01:13 - 00004232 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-updater
2013-07-14 01:13 - 2013-07-14 01:13 - 00004136 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-enabler
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\xxx\Qtrax
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\xxx\Qtrax
2013-07-14 01:13 - 2013-07-14 01:12 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.6
2013-07-14 01:12 - 2013-07-14 01:12 - 04953944 _____ (FLVMPlayer ) C:\Users\xxx\Desktop\FLVMPlayer.exe
2013-07-13 17:00 - 2012-02-23 22:48 - 00203776 _____ C:\Users\SIEMER~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-13 16:15 - 2013-07-13 16:15 - 00001176 _____ C:\Users\Public\Desktop\VideoPad Videobearbeitungs-Software.lnk
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Users\xxx\AppData\Roaming\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\ProgramData\NCH Software
2013-07-13 16:15 - 2013-07-13 16:14 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-07-13 16:14 - 2013-07-13 16:14 - 00558104 _____ (NCH Software) C:\Users\xxx\Downloads\prismpsetup.exe
2013-07-13 16:14 - 2013-07-13 16:14 - 00001134 _____ C:\Users\Public\Desktop\Prism Videodatei-Konverter.lnk
2013-07-13 16:08 - 2013-07-13 16:08 - 00003374 _____ C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-13 13:30 - 2009-07-14 06:45 - 00498832 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 13:28 - 2013-03-12 22:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 13:28 - 2013-03-12 22:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 13:28 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 13:28 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 13:28 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 01:04 - 2012-02-23 23:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-13 00:54 - 2012-02-25 14:39 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-04 20:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-04 20:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2013-07-04 20:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-07-04 20:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\he-IL
2013-07-04 20:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\ar-SA
2013-07-04 20:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-03 22:53 - 2013-07-03 22:36 - 00009228 _____ C:\Windows\IE10_main.log
2013-07-03 22:40 - 2013-07-03 22:40 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-29 19:48 - 2012-02-23 22:57 - 00000000 ____D C:\ProgramData\tmp
2013-06-23 18:29 - 2012-11-30 17:42 - 00001334 _____ C:\Users\Public\Desktop\Saturn Fotoservice.lnk
2013-06-22 19:02 - 2011-11-20 08:19 - 00000224 _____ C:\WifiInfo.ini.enc
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 22:26
==================== End Of Log ============================
--- --- --- --- --- --- Addition 19.7.13 Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2013 02 Ran by xxx at 2013-07-19 13:00:36 Running from C:\Users\xxx\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= ACDSee Pro 5 (x32 Version: 5.2.157) Adobe Flash Player 10 Plugin (x32 Version: 10.0.32.18) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) akeLink Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443) Anti-Twin (Installation 23.03.2012) (x32) Apple Application Support (x32 Version: 2.1.7) Apple Mobile Device Support (Version: 5.1.1.4) Apple Software Update (x32 Version: 2.1.3.127) Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.12.5.0) ASUS AI Recovery (x32 Version: 1.0.24) ASUS FancyStart (x32 Version: 1.1.1) ASUS LifeFrame3 (x32 Version: 3.0.22) ASUS Live Update (x32 Version: 2.5.9) ASUS Music Maker (x32 Version: 17.0.2.22) ASUS Power4Gear Hybrid (Version: 1.1.43) ASUS SmartLogon (x32 Version: 1.0.0011) ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0031) ASUS USB Charger Plus (x32 Version: 2.0.3) ASUS Video Magic (x32 Version: 6.0.4710) ASUS Virtual Camera (x32 Version: 1.0.21) AsusScr_N5_En (x32 Version: 1.0.0001) AsusVibe2.0 (x32 Version: 2.0.4.617) Atheros Client Installation Program (x32 Version: 7.0) ATK Package (x32 Version: 1.0.0010) Audiograbber 1.83 SE (x32 Version: 1.83 SE ) Audiograbber MP3-Plugin (64 bit) (x32 Version: 1.0) Bluetooth Win7 Suite (64) (Version: 7.2.0.65) Bonjour (Version: 3.0.0.10) CDBurnerXP (x32 Version: 4.4.2.3442) CyberLink LabelPrint (x32 Version: 2.5.1908) CyberLink Power2Go (x32 Version: 6.1.3602c) CyberLink PowerDirector (x32 Version: 8.0.3327) CyberLink PowerDVD 10 (x32 Version: 10.0.3122.52) D3DX10 (x32 Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) ElsterFormular (x32 Version: 13.4.1.10296) Fast Boot (Version: 1.0.9) Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.29.0) Fotogalerie (x32 Version: 16.4.3505.0912) FreeCommander 2009.02b (x32 Version: 2009.02) Galeria de Fotografias (x32 Version: 16.4.3505.0912) Galería de fotos (x32 Version: 16.4.3505.0912) Galerie de photos (x32 Version: 16.4.3505.0912) Gigaset QuickSync (Version: 8.0.0856.1) Google Chrome (x32 Version: 28.0.1500.72) Google Earth Plug-in (x32 Version: 7.0.3.8542) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358) Google Update Helper (x32 Version: 1.3.21.153) HP LaserJet Professional P1100-P1560-P1600 Series hppLaserJetService (x32 Version: 001.001.0.0) hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0) hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1) HPSSupply (x32 Version: 2.1.1.0000) InstantOn for NB (x32 Version: 2.1.2) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Management Engine Components (x32 Version: 7.0.0.1118) Intel(R) Processor Graphics (x32 Version: 8.15.10.2405) Intel(R) Turbo Boost Technology Monitor (Version: 1.0.400.4) iTunes (Version: 10.6.0.40) Junk Mail filter update (x32 Version: 16.4.3505.0912) Kaspersky Anti-Virus 2012 (x32 Version: 12.0.0.374) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) MarketResearch (x32 Version: 130.0.374.000) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SkyDrive (HKCU Version: 16.4.6013.0910) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Movie Maker (x32 Version: 16.4.3505.0912) Mp3tag v2.50 (x32 Version: v2.50) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Music Now! (x32 Version: 1.0.9.0) Nikon Message Center (x32 Version: 0.92.000) Nikon Transfer (x32 Version: 1.1.1) NVIDIA 3D Vision Driver 268.74 (Version: 268.74) NVIDIA Control Panel 268.74 (Version: 268.74) NVIDIA Graphics Driver 268.74 (Version: 268.74) NVIDIA HD Audio Driver 1.2.22.1 (Version: 1.2.22.1) NVIDIA Install Application (Version: 2.265.41.0) NVIDIA Optimus 1.0.23 (Version: 1.0.23) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6874) NVIDIA Update Components (Version: 1.0.23) Photo Common (x32 Version: 16.4.3505.0912) Photo Gallery (x32 Version: 16.4.3505.0912) Photomatix Essentials 64-bit version 3.1.1 (Version: 3.1.1) Picasa 3 (x32 Version: 3.8) Plus-HD-1.6 (x32 Version: 1.27.153.8) Prism Videodatei-Konverter (x32) Qtrax (HKCU Version: 20.13.06.24) Qtrax Player (HKCU) Raccolta foto (x32 Version: 16.4.3505.0912) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6413) Revo Uninstaller 1.93 (x32 Version: 1.93) SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0) Saturn Fotoservice (x32 Version: 5.0.4) SonicMaster (x32 Version: 1.0.0.4) streamWriter (x32) Synaptics Pointing Device Driver (Version: 15.3.6.0) syncables desktop SE (x32 Version: 5.5.746.11492) Twonky 7 (x32 Version: 7.1.2.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft Office 2010 (KB2494150) (x32) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553092) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) VideoPad Videobearbeitungs-Software (x32) Winamp (x32 Version: 5.623 ) Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1) Windows Live Communications Platform (x32 Version: 16.4.3505.0912) Windows Live Essentials (x32 Version: 16.4.3505.0912) Windows Live Family Safety (Version: 16.4.3505.0912) Windows Live Family Safety (x32 Version: 16.4.3505.0912) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (x32 Version: 16.4.3505.0912) Windows Live Mail (x32 Version: 16.4.3505.0912) Windows Live Messenger (x32 Version: 16.4.3505.0912) Windows Live MIME IFilter (Version: 16.4.3505.0912) Windows Live Photo Common (x32 Version: 16.4.3505.0912) Windows Live PIMT Platform (x32 Version: 16.4.3505.0912) Windows Live SOXE (x32 Version: 16.4.3505.0912) Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912) Windows Live UX Platform (x32 Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912) Windows Live Writer (x32 Version: 16.4.3505.0912) Windows Live Writer Resources (x32 Version: 16.4.3505.0912) Windows Live 程式集 (x32 Version: 16.4.3505.0912) WinFlash (x32 Version: 2.31.1) Wireless Console 3 (x32 Version: 3.0.19) Wsys Control 1.0.0.2539 (x32 Version: 1.0.0.2539) Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912) Основные компоненты Windows Live (x32 Version: 16.4.3505.0912) Почта Windows Live (x32 Version: 16.4.3505.0912) Фотоальбом (x32 Version: 16.4.3505.0912) Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912) גלריית התמונות (x32 Version: 16.4.3505.0912) بريد Windows Live (x32 Version: 16.4.3505.0912) معرض الصور (x32 Version: 16.4.3505.0912) 影像中心 (x32 Version: 16.4.3505.0912) ==================== Restore Points ========================= 03-07-2013 13:24:35 Windows Update 03-07-2013 20:35:30 Windows Update 12-07-2013 22:24:58 Windows Update 12-07-2013 22:38:00 Windows Update 14-07-2013 21:24:29 Removed Internet Explorer Toolbar 4.9 by SweetPacks 18-07-2013 15:51:09 ComboFix created restore point 18-07-2013 19:12:34 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-07-18 21:47 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {18387617-6EB2-4EF7-8A9F-68E875C70382} - System32\Tasks\Plus-HD-1.6-codedownloader => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe [2013-07-14] (Plus HD) Task: {1D667096-8482-4EA4-8A91-567CE3E5D246} - System32\Tasks\DealPlyUpdate => C:\Program No File Task: {1DA69E7F-EDCB-499B-82DF-5C78D95CB117} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS) Task: {42DEA711-8B2F-4861-A18D-2CF9AEC5CDE0} - System32\Tasks\USBChargerPlus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2011-06-30] (ASUSTek Computer Inc.) Task: {488C007D-FF73-44AE-A398-F3D95FF06464} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {504216D4-8E67-441B-981C-8D77969D8638} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated) Task: {611C23BE-BB80-4822-8D96-590CFF7EB529} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS) Task: {62E8CE4D-3FC6-4B08-96F9-B60B45E10802} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] () Task: {6B777E35-5966-4345-B850-0365437A137B} - System32\Tasks\NCH Software\videopadShakeIcon => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [2013-07-13] (NCH Software) Task: {6E94109F-2AF3-4419-A80B-C63B2B3DDAD9} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS) Task: {7F0901EE-0C75-4B06-9AAC-E5F79D981AE5} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe No File Task: {7F2B3B36-39EE-4DBD-B605-A844A9F68A6D} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS) Task: {9C22813A-BF70-409A-9638-26AFAB8EBE57} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1038504468-1263906284-4239949246-1002 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {9CCA9DB4-ACF2-4C0E-A89C-735E94390DFF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: {9F907014-6D8A-40ED-AF2C-6D7FAC507E6E} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe No File Task: {A1B339F7-738C-410D-AE56-9F5555C4CCE8} - System32\Tasks\NCH Software\videopadSevenDays => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [2013-07-13] (NCH Software) Task: {B31C0C03-924E-4D49-AC4A-E928DF7ECDFD} - System32\Tasks\Plus-HD-1.6-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe [2013-07-14] (Plus HD) Task: {C6B88561-4648-4249-9E00-431A2F0BCD71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27] (Google Inc.) Task: {CEBCBBC3-BB28-4A7B-94AD-30123FC978B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27] (Google Inc.) Task: {D02FCF48-91BA-424B-89AD-30C91DFD2D45} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {DBD9B0F2-9794-4B7F-A066-F6043D403F8E} - System32\Tasks\Plus-HD-1.6-enabler => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe [2013-07-14] (Plus HD) Task: {E9FE1CC5-0C9D-47B6-845D-DEE936689AF5} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {EA6CA77E-0AD5-4F13-9A77-63ADA5B92841} - System32\Tasks\Plus-HD-1.6-updater => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe [2013-07-14] (Plus HD) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe Task: C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe Task: C:\Windows\Tasks\Plus-HD-1.6-enabler.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe Task: C:\Windows\Tasks\Plus-HD-1.6-updater.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (07/19/2013 00:44:12 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde nicht richtig gestartet. Error: (07/19/2013 00:43:06 PM) (Source: DCOM) (User: ) Description: {30D49246-D217-465F-B00B-AC9DDD652EB7} Error: (07/19/2013 00:40:38 PM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (07/19/2013 00:39:03 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-07-18 21:37:54.228 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-18 21:37:53.916 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 24% Total physical RAM: 8096.05 MB Available physical RAM: 6072.08 MB Total Pagefile: 16190.29 MB Available Pagefile: 14144.49 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:305.67 GB) (Free:204.3 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:367.97 GB) (Free:174.43 GB) NTFS (Disk=0 Partition=3) Drive f: () (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32 (Disk=1 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: A383324B) Partition 1: (Not Active) - (Size=25 GB) - (Type=1C) Partition 2: (Active) - (Size=306 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 00000000) Partition 1: (Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================ |
|
19.07.2013, 12:24
| #13 |
| /// the machine /// TB-Ausbilder | QVO6.COM wird durch MS IE immer aufgerufenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.07.2013, 14:30
| #14 |
| | QVO6.COM wird durch MS IE immer aufgerufen ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bf53e6255294654686a0b56bcd643f4c
# engine=14457
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-19 06:09:14
# local_time=2013-07-19 08:09:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1284 16777214 100 98 25107 70905266 0 0
# compatibility_mode=5893 16776573 100 94 23861 125887204 0 0
# scanned=271840
# found=0
# cleaned=0
# scan_time=21676
Code:
ATTFilter Results of screen317's Security Check version 0.99.70 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Anti-Virus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 10.1.7 Adobe Reader out of Date! Google Chrome 28.0.1500.71 Google Chrome 28.0.1500.72 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by xxx (administrator) on 20-07-2013 15:18:36
Running from C:\Users\xxx\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUSTeK Computer Inc.) C:\Windows\system32\FBAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUS) C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Splashtop Inc.) C:\ASUS.SYS\SIONExportService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4156 2010-04-17] ()
HKLM\...\Run: [Setwallpaper] - c:\programdata\SetWallpaper.cmd [x]
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-27] (Google Inc.)
HKCU\...\Run: [Syncables] - C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex [814472 2013-06-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] - "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [2018032 2011-04-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-18] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-08] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-24] ()
HKLM-x32\...\Run: [RemoteControl10] - "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-05-25] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] - "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [222504 2010-11-25] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ACPW05DE] - "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05DE [822384 2011-11-17] (ACD Systems)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] - "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] - "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [206448 2012-10-31] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [226920 2011-06-09] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [193128 2011-06-09] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
ShortcutTarget: Nikon Monitor.lnk -> C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TwonkyServer.lnk
ShortcutTarget: TwonkyServer.lnk -> C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK - Verknüpfung.lnk
ShortcutTarget: OUTLOOK - Verknüpfung.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.radiobremen.de/bremenvier/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {1040F243-993E-498C-8A81-980D0B85852F} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_deDE474
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {1040F243-993E-498C-8A81-980D0B85852F} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADRA_deDE474
BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: LyricsContainer - {DA3D98A6-868D-4E1B-BB78-0887230DA405} - C:\Program Files (x86)\LyricsContainer\122.dll No File
BHO-x32: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
CHR HomePage: hxxp://google.de/
CHR RestoreOnStartup: "hxxp://google.de/"
CHR DefaultSearchURL: (Google) - hxxp://www.google.de/search?q={searchTerms}
CHR DefaultSuggestURL: (Google) - "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Users\xxx\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Kaspersky URL Advisor) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0
CHR Extension: (Virtual Keyboard) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0
CHR Extension: (Plus-HD-1.6) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.23.23_0
CHR Extension: (Anti-Banner) - C:\Users\SIEMER~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0
==================== Services (Whitelisted) =================
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [206448 2012-10-31] (Kaspersky Lab ZAO)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [249856 2011-02-15] ()
R2 Splashtop MDES; C:\ASUS.SYS\SIONExportService.exe [338208 2011-05-11] (Splashtop Inc.)
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [770888 2012-10-22] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [557896 2012-10-22] (PacketVideo)
R2 TwonkyWebDav; C:\Program Files (x86)\Twonky\TwonkyServer\twonkywebdav.exe [283464 2012-10-22] ()
==================== Drivers (Whitelisted) ====================
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-05-26] (ASUS)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-05-26] (ASUS)
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2012-10-08] (Siemens Home and Office Communication Devices GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-03-04] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-03-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [637272 2012-10-31] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-03-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-10-08] (Marvell Semiconductor, Inc.)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-20 14:52 - 2013-07-20 14:52 - 00861184 _____ (Microsoft Corporation) C:\Users\xxx\Downloads\IE10-Windows6.1-de-de.exe
2013-07-20 14:34 - 2013-07-20 14:34 - 00000000 ___RD C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-07-19 22:01 - 2013-07-19 22:01 - 00000000 ____D C:\Users\Public\Documents\Neuer Ordner (3)
2013-07-19 22:01 - 2013-07-19 22:01 - 00000000 ____D C:\Users\Public\Documents\Neuer Ordner (2)
2013-07-19 22:01 - 2013-07-19 22:01 - 00000000 ____D C:\Users\Public\Documents\Neuer Ordner
2013-07-19 12:19 - 2013-07-19 12:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-19 12:11 - 2013-07-19 12:12 - 00006488 _____ C:\AdwCleaner[S1].txt
2013-07-19 12:04 - 2013-07-19 12:04 - 00277440 _____ C:\Users\xxx\Downloads\Setup.exe
2013-07-18 21:56 - 2013-07-18 21:56 - 00050429 _____ C:\ComboFix.txt
2013-07-18 21:21 - 2013-07-18 21:56 - 00000000 ____D C:\ComboFix
2013-07-18 17:50 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-18 17:50 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-18 17:50 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-18 17:50 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-18 17:50 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-18 17:50 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-18 17:50 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-18 17:50 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-18 17:42 - 2013-07-18 21:56 - 00000000 ____D C:\Qoobox
2013-07-18 17:42 - 2013-07-18 21:51 - 00000000 ____D C:\Windows\erdnt
2013-07-17 21:48 - 2013-07-17 13:30 - 01778209 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-07-16 22:55 - 2013-07-16 22:55 - 00055548 _____ C:\Users\xxx\Downloads\FRST.txt
2013-07-16 22:54 - 2013-07-16 22:55 - 00025805 _____ C:\Users\xxx\Downloads\Addition.txt
2013-07-16 22:52 - 2013-07-16 22:52 - 00000000 ____D C:\FRST
2013-07-16 22:51 - 2013-07-16 22:51 - 01778253 _____ (Farbar) C:\Users\xxx\Downloads\FRST64.exe
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\xxx\defogger_reenable
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\xxx\defogger_reenable
2013-07-15 19:32 - 2013-07-15 20:03 - 00000000 ____D C:\Users\xxx\Desktop\Anti-Malware
2013-07-14 23:20 - 2013-07-15 02:57 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-14 17:07 - 2013-07-14 17:07 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-14 17:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-14 17:05 - 2013-07-14 17:06 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\xxx\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-14 01:14 - 2013-07-14 01:14 - 00002397 _____ C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-14 01:14 - 2013-07-14 01:14 - 00002367 _____ C:\Users\xxx\Desktop\Qtrax Player.lnk
2013-07-14 01:13 - 2013-07-20 14:33 - 00001206 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
2013-07-14 01:13 - 2013-07-20 14:33 - 00001202 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job
2013-07-14 01:13 - 2013-07-20 14:33 - 00001106 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job
2013-07-14 01:13 - 2013-07-14 01:13 - 00004236 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-codedownloader
2013-07-14 01:13 - 2013-07-14 01:13 - 00004232 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-updater
2013-07-14 01:13 - 2013-07-14 01:13 - 00004136 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-enabler
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\xxx\Qtrax
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\xxx\Qtrax
2013-07-14 01:13 - 2011-06-11 01:15 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2013-07-14 01:13 - 2011-06-11 01:15 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2013-07-14 01:12 - 2013-07-20 14:33 - 00001914 _____ C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job
2013-07-14 01:12 - 2013-07-14 01:13 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.6
2013-07-14 01:12 - 2013-07-14 01:12 - 04953944 _____ (FLVMPlayer ) C:\Users\xxx\Desktop\FLVMPlayer.exe
2013-07-13 16:15 - 2013-07-13 16:15 - 00001176 _____ C:\Users\Public\Desktop\VideoPad Videobearbeitungs-Software.lnk
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Users\xxx\AppData\Roaming\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\ProgramData\NCH Software
2013-07-13 16:14 - 2013-07-13 16:15 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-07-13 16:14 - 2013-07-13 16:14 - 00558104 _____ (NCH Software) C:\Users\xxx\Downloads\prismpsetup.exe
2013-07-13 16:14 - 2013-07-13 16:14 - 00001134 _____ C:\Users\Public\Desktop\Prism Videodatei-Konverter.lnk
2013-07-13 16:08 - 2013-07-13 16:08 - 00003374 _____ C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-13 00:51 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 00:51 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 00:51 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 00:51 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 00:51 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 00:51 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 00:51 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 00:51 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 00:51 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 00:51 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 00:51 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 00:51 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-13 00:26 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-13 00:26 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-13 00:26 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-13 00:26 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-13 00:25 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-13 00:24 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-13 00:24 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-03 22:36 - 2013-07-20 14:52 - 00010422 _____ C:\Windows\IE10_main.log
==================== One Month Modified Files and Folders =======
2013-07-20 15:16 - 2012-02-28 19:10 - 00000177 ____H C:\dvmexp.idx
2013-07-20 15:14 - 2012-03-04 19:43 - 00000000 ____D C:\Users\xxx\Outlook-Dateien
2013-07-20 15:14 - 2012-03-04 19:43 - 00000000 ____D C:\Users\xxx\Outlook-Dateien
2013-07-20 14:56 - 2012-02-22 19:35 - 00000000 ___RD C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-20 14:52 - 2013-07-20 14:52 - 00861184 _____ (Microsoft Corporation) C:\Users\xxx\Downloads\IE10-Windows6.1-de-de.exe
2013-07-20 14:52 - 2013-07-03 22:36 - 00010422 _____ C:\Windows\IE10_main.log
2013-07-20 14:51 - 2012-02-27 16:19 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-20 14:44 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-20 14:44 - 2009-07-14 06:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-20 14:39 - 2013-02-24 19:29 - 00000000 ____D C:\ProgramData\TwonkyServer
2013-07-20 14:35 - 2012-02-25 18:46 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-20 14:34 - 2013-07-20 14:34 - 00000000 ___RD C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2013-07-20 14:34 - 2012-02-22 19:34 - 00000000 ___HD C:\ASUS.DAT
2013-07-20 14:33 - 2013-07-14 01:13 - 00001206 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
2013-07-20 14:33 - 2013-07-14 01:13 - 00001202 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job
2013-07-20 14:33 - 2013-07-14 01:13 - 00001106 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job
2013-07-20 14:33 - 2013-07-14 01:12 - 00001914 _____ C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job
2013-07-20 14:33 - 2012-02-27 16:19 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-20 14:33 - 2011-11-20 08:09 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2013-07-20 14:33 - 2011-11-20 07:42 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-20 14:33 - 2011-04-13 03:39 - 00372760 _____ C:\Windows\PFRO.log
2013-07-20 14:33 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-20 14:33 - 2009-07-14 06:51 - 00106078 _____ C:\Windows\setupact.log
2013-07-19 22:53 - 2011-11-20 07:32 - 01382466 _____ C:\Windows\WindowsUpdate.log
2013-07-19 22:28 - 2013-02-23 16:30 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-19 22:01 - 2013-07-19 22:01 - 00000000 ____D C:\Users\Public\Documents\Neuer Ordner (3)
2013-07-19 22:01 - 2013-07-19 22:01 - 00000000 ____D C:\Users\Public\Documents\Neuer Ordner (2)
2013-07-19 22:01 - 2013-07-19 22:01 - 00000000 ____D C:\Users\Public\Documents\Neuer Ordner
2013-07-19 12:19 - 2013-07-19 12:19 - 00000000 ____D C:\Windows\ERUNT
2013-07-19 12:12 - 2013-07-19 12:11 - 00006488 _____ C:\AdwCleaner[S1].txt
2013-07-19 12:11 - 2012-02-22 19:35 - 00001005 _____ C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-19 12:04 - 2013-07-19 12:04 - 00277440 _____ C:\Users\xxx\Downloads\Setup.exe
2013-07-18 21:56 - 2013-07-18 21:56 - 00050429 _____ C:\ComboFix.txt
2013-07-18 21:56 - 2013-07-18 21:21 - 00000000 ____D C:\ComboFix
2013-07-18 21:56 - 2013-07-18 17:42 - 00000000 ____D C:\Qoobox
2013-07-18 21:56 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-07-18 21:51 - 2013-07-18 17:42 - 00000000 ____D C:\Windows\erdnt
2013-07-18 21:48 - 2009-07-14 04:34 - 00000248 _____ C:\Windows\system.ini
2013-07-18 21:40 - 2009-07-14 04:34 - 88342528 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-07-18 21:40 - 2009-07-14 04:34 - 19660800 _____ C:\Windows\system32\config\SYSTEM.bak
2013-07-18 21:40 - 2009-07-14 04:34 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2013-07-18 21:40 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-07-18 21:40 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-07-17 13:30 - 2013-07-17 21:48 - 01778209 _____ (Farbar) C:\Users\xxx\Desktop\FRST64.exe
2013-07-16 22:55 - 2013-07-16 22:55 - 00055548 _____ C:\Users\xxx\Downloads\FRST.txt
2013-07-16 22:55 - 2013-07-16 22:54 - 00025805 _____ C:\Users\xxx\Downloads\Addition.txt
2013-07-16 22:52 - 2013-07-16 22:52 - 00000000 ____D C:\FRST
2013-07-16 22:51 - 2013-07-16 22:51 - 01778253 _____ (Farbar) C:\Users\xxx\Downloads\FRST64.exe
2013-07-16 22:46 - 2012-02-27 16:19 - 00004112 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 22:46 - 2012-02-27 16:19 - 00003860 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-16 21:30 - 2012-02-22 19:34 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\VirtualStore
2013-07-15 20:03 - 2013-07-15 19:32 - 00000000 ____D C:\Users\xxx\Desktop\Anti-Malware
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\xxx\defogger_reenable
2013-07-15 19:33 - 2013-07-15 19:33 - 00000000 _____ C:\Users\xxx\defogger_reenable
2013-07-15 19:33 - 2012-02-22 19:34 - 00000000 ___RD C:\Users\xxx
2013-07-15 19:32 - 2011-02-19 06:24 - 00665812 _____ C:\Windows\system32\perfh007.dat
2013-07-15 19:32 - 2011-02-19 06:24 - 00133992 _____ C:\Windows\system32\perfc007.dat
2013-07-15 19:32 - 2009-07-14 07:13 - 01529502 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-15 02:57 - 2013-07-14 23:20 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-14 23:17 - 2012-02-23 21:19 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\Google
2013-07-14 17:07 - 2013-07-14 17:07 - 00000000 ____D C:\Users\xxx\AppData\Roaming\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-14 17:06 - 2013-07-14 17:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-14 17:06 - 2013-07-14 17:05 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\xxx\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-14 16:09 - 2011-11-20 07:55 - 00001574 _____ C:\Windows\system32\ServiceFilter.ini
2013-07-14 16:08 - 2011-11-20 07:55 - 00002532 _____ C:\Windows\system32\AutoRunFilter.ini
2013-07-14 01:14 - 2013-07-14 01:14 - 00002397 _____ C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
2013-07-14 01:14 - 2013-07-14 01:14 - 00002367 _____ C:\Users\xxx\Desktop\Qtrax Player.lnk
2013-07-14 01:14 - 2012-02-24 12:14 - 00000000 ____D C:\Users\SIEMER~1\AppData\Local\CrashDumps
2013-07-14 01:13 - 2013-07-14 01:13 - 00004236 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-codedownloader
2013-07-14 01:13 - 2013-07-14 01:13 - 00004232 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-updater
2013-07-14 01:13 - 2013-07-14 01:13 - 00004136 _____ C:\Windows\System32\Tasks\Plus-HD-1.6-enabler
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\xxx\Qtrax
2013-07-14 01:13 - 2013-07-14 01:13 - 00000000 ____D C:\Users\xxx\Qtrax
2013-07-14 01:13 - 2013-07-14 01:12 - 00000000 ____D C:\Program Files (x86)\Plus-HD-1.6
2013-07-14 01:12 - 2013-07-14 01:12 - 04953944 _____ (FLVMPlayer ) C:\Users\xxx\Desktop\FLVMPlayer.exe
2013-07-13 17:00 - 2012-02-23 22:48 - 00203776 _____ C:\Users\SIEMER~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-13 16:15 - 2013-07-13 16:15 - 00001176 _____ C:\Users\Public\Desktop\VideoPad Videobearbeitungs-Software.lnk
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\Users\xxx\AppData\Roaming\NCH Software
2013-07-13 16:15 - 2013-07-13 16:15 - 00000000 ____D C:\ProgramData\NCH Software
2013-07-13 16:15 - 2013-07-13 16:14 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-07-13 16:14 - 2013-07-13 16:14 - 00558104 _____ (NCH Software) C:\Users\xxx\Downloads\prismpsetup.exe
2013-07-13 16:14 - 2013-07-13 16:14 - 00001134 _____ C:\Users\Public\Desktop\Prism Videodatei-Konverter.lnk
2013-07-13 16:08 - 2013-07-13 16:08 - 00003374 _____ C:\Windows\System32\Tasks\DealPlyUpdate
2013-07-13 13:30 - 2009-07-14 06:45 - 00498832 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 13:28 - 2013-03-12 22:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 13:28 - 2013-03-12 22:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-13 13:28 - 2009-07-14 09:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 13:28 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 13:28 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 01:04 - 2012-02-23 23:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-13 00:54 - 2012-02-25 14:39 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-04 20:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-07-04 20:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2013-07-04 20:01 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2013-07-04 20:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\he-IL
2013-07-04 20:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\ar-SA
2013-07-04 20:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-07-03 22:40 - 2013-07-03 22:40 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-07-03 22:40 - 2013-07-03 22:40 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-03 22:40 - 2013-07-03 22:40 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-07-03 22:40 - 2013-07-03 22:40 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-03 22:40 - 2013-07-03 22:40 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-03 22:40 - 2013-07-03 22:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-29 19:48 - 2012-02-23 22:57 - 00000000 ____D C:\ProgramData\tmp
2013-06-23 18:29 - 2012-11-30 17:42 - 00001334 _____ C:\Users\Public\Desktop\Saturn Fotoservice.lnk
2013-06-22 19:02 - 2011-11-20 08:19 - 00000224 _____ C:\WifiInfo.ini.enc
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-13 22:26
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Addition(3) Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2013 02 Ran by xxx at 2013-07-20 15:20:05 Running from C:\Users\xxx\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= ACDSee Pro 5 (x32 Version: 5.2.157) Adobe Flash Player 10 Plugin (x32 Version: 10.0.32.18) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Reader X (10.1.7) - Deutsch (x32 Version: 10.1.7) akeLink Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443) Anti-Twin (Installation 23.03.2012) (x32) Apple Application Support (x32 Version: 2.1.7) Apple Mobile Device Support (Version: 5.1.1.4) Apple Software Update (x32 Version: 2.1.3.127) Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.12.5.0) ASUS AI Recovery (x32 Version: 1.0.24) ASUS FancyStart (x32 Version: 1.1.1) ASUS LifeFrame3 (x32 Version: 3.0.22) ASUS Live Update (x32 Version: 2.5.9) ASUS Music Maker (x32 Version: 17.0.2.22) ASUS Power4Gear Hybrid (Version: 1.1.43) ASUS SmartLogon (x32 Version: 1.0.0011) ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0031) ASUS USB Charger Plus (x32 Version: 2.0.3) ASUS Video Magic (x32 Version: 6.0.4710) ASUS Virtual Camera (x32 Version: 1.0.21) AsusScr_N5_En (x32 Version: 1.0.0001) AsusVibe2.0 (x32 Version: 2.0.4.617) Atheros Client Installation Program (x32 Version: 7.0) ATK Package (x32 Version: 1.0.0010) Audiograbber 1.83 SE (x32 Version: 1.83 SE ) Audiograbber MP3-Plugin (64 bit) (x32 Version: 1.0) Bluetooth Win7 Suite (64) (Version: 7.2.0.65) Bonjour (Version: 3.0.0.10) CDBurnerXP (x32 Version: 4.4.2.3442) CyberLink LabelPrint (x32 Version: 2.5.1908) CyberLink Power2Go (x32 Version: 6.1.3602c) CyberLink PowerDirector (x32 Version: 8.0.3327) CyberLink PowerDVD 10 (x32 Version: 10.0.3122.52) D3DX10 (x32 Version: 15.4.2368.0902) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) ElsterFormular (x32 Version: 13.4.1.10296) Fast Boot (Version: 1.0.9) Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.29.0) Fotogalerie (x32 Version: 16.4.3505.0912) FreeCommander 2009.02b (x32 Version: 2009.02) Galeria de Fotografias (x32 Version: 16.4.3505.0912) Galería de fotos (x32 Version: 16.4.3505.0912) Galerie de photos (x32 Version: 16.4.3505.0912) Gigaset QuickSync (Version: 8.0.0856.1) Google Chrome (x32 Version: 28.0.1500.72) Google Earth Plug-in (x32 Version: 7.0.3.8542) Google Toolbar for Internet Explorer (x32 Version: 1.0.0) Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358) Google Update Helper (x32 Version: 1.3.21.153) HP LaserJet Professional P1100-P1560-P1600 Series hppLaserJetService (x32 Version: 001.001.0.0) hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0) hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1) HPSSupply (x32 Version: 2.1.1.0000) InstantOn for NB (x32 Version: 2.1.2) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Management Engine Components (x32 Version: 7.0.0.1118) Intel(R) Processor Graphics (x32 Version: 8.15.10.2405) Intel(R) Turbo Boost Technology Monitor (Version: 1.0.400.4) iTunes (Version: 10.6.0.40) Junk Mail filter update (x32 Version: 16.4.3505.0912) Kaspersky Anti-Virus 2012 (x32 Version: 12.0.0.374) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) MarketResearch (x32 Version: 130.0.374.000) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SkyDrive (HKCU Version: 16.4.6013.0910) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Movie Maker (x32 Version: 16.4.3505.0912) Mp3tag v2.50 (x32 Version: v2.50) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Music Now! (x32 Version: 1.0.9.0) Nikon Message Center (x32 Version: 0.92.000) Nikon Transfer (x32 Version: 1.1.1) NVIDIA 3D Vision Driver 268.74 (Version: 268.74) NVIDIA Control Panel 268.74 (Version: 268.74) NVIDIA Graphics Driver 268.74 (Version: 268.74) NVIDIA HD Audio Driver 1.2.22.1 (Version: 1.2.22.1) NVIDIA Install Application (Version: 2.265.41.0) NVIDIA Optimus 1.0.23 (Version: 1.0.23) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6874) NVIDIA Update Components (Version: 1.0.23) Photo Common (x32 Version: 16.4.3505.0912) Photo Gallery (x32 Version: 16.4.3505.0912) Photomatix Essentials 64-bit version 3.1.1 (Version: 3.1.1) Picasa 3 (x32 Version: 3.8) Plus-HD-1.6 (x32 Version: 1.27.153.8) Prism Videodatei-Konverter (x32) Qtrax (HKCU Version: 20.13.06.24) Qtrax Player (HKCU) Raccolta foto (x32 Version: 16.4.3505.0912) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6413) Revo Uninstaller 1.93 (x32 Version: 1.93) SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0) Saturn Fotoservice (x32 Version: 5.0.4) SonicMaster (x32 Version: 1.0.0.4) streamWriter (x32) Synaptics Pointing Device Driver (Version: 15.3.6.0) syncables desktop SE (x32 Version: 5.5.746.11492) Twonky 7 (x32 Version: 7.1.2.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft Office 2010 (KB2494150) (x32) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553092) (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) VideoPad Videobearbeitungs-Software (x32) Winamp (x32 Version: 5.623 ) Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1) Windows Live Communications Platform (x32 Version: 16.4.3505.0912) Windows Live Essentials (x32 Version: 16.4.3505.0912) Windows Live Family Safety (Version: 16.4.3505.0912) Windows Live Family Safety (x32 Version: 16.4.3505.0912) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (x32 Version: 16.4.3505.0912) Windows Live Mail (x32 Version: 16.4.3505.0912) Windows Live Messenger (x32 Version: 16.4.3505.0912) Windows Live MIME IFilter (Version: 16.4.3505.0912) Windows Live Photo Common (x32 Version: 16.4.3505.0912) Windows Live PIMT Platform (x32 Version: 16.4.3505.0912) Windows Live SOXE (x32 Version: 16.4.3505.0912) Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912) Windows Live UX Platform (x32 Version: 16.4.3505.0912) Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912) Windows Live Writer (x32 Version: 16.4.3505.0912) Windows Live Writer Resources (x32 Version: 16.4.3505.0912) Windows Live 程式集 (x32 Version: 16.4.3505.0912) WinFlash (x32 Version: 2.31.1) Wireless Console 3 (x32 Version: 3.0.19) Wsys Control 1.0.0.2539 (x32 Version: 1.0.0.2539) Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912) Основные компоненты Windows Live (x32 Version: 16.4.3505.0912) Почта Windows Live (x32 Version: 16.4.3505.0912) Фотоальбом (x32 Version: 16.4.3505.0912) Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912) גלריית התמונות (x32 Version: 16.4.3505.0912) بريد Windows Live (x32 Version: 16.4.3505.0912) معرض الصور (x32 Version: 16.4.3505.0912) 影像中心 (x32 Version: 16.4.3505.0912) ==================== Restore Points ========================= 03-07-2013 13:24:35 Windows Update 03-07-2013 20:35:30 Windows Update 12-07-2013 22:24:58 Windows Update 12-07-2013 22:38:00 Windows Update 14-07-2013 21:24:29 Removed Internet Explorer Toolbar 4.9 by SweetPacks 18-07-2013 15:51:09 ComboFix created restore point 18-07-2013 19:12:34 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-07-18 21:47 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {18387617-6EB2-4EF7-8A9F-68E875C70382} - System32\Tasks\Plus-HD-1.6-codedownloader => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe [2013-07-14] (Plus HD) Task: {1D667096-8482-4EA4-8A91-567CE3E5D246} - System32\Tasks\DealPlyUpdate => C:\Program No File Task: {1DA69E7F-EDCB-499B-82DF-5C78D95CB117} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS) Task: {42DEA711-8B2F-4861-A18D-2CF9AEC5CDE0} - System32\Tasks\USBChargerPlus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2011-06-30] (ASUSTek Computer Inc.) Task: {504216D4-8E67-441B-981C-8D77969D8638} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated) Task: {611C23BE-BB80-4822-8D96-590CFF7EB529} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-02] (ASUS) Task: {62E8CE4D-3FC6-4B08-96F9-B60B45E10802} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] () Task: {6B777E35-5966-4345-B850-0365437A137B} - System32\Tasks\NCH Software\videopadShakeIcon => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [2013-07-13] (NCH Software) Task: {6E5690FF-03D3-4DA7-84C8-B3819B2664B4} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {6E94109F-2AF3-4419-A80B-C63B2B3DDAD9} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS) Task: {7F0901EE-0C75-4B06-9AAC-E5F79D981AE5} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe No File Task: {7F2B3B36-39EE-4DBD-B605-A844A9F68A6D} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS) Task: {9C22813A-BF70-409A-9638-26AFAB8EBE57} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1038504468-1263906284-4239949246-1002 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation) Task: {9CCA9DB4-ACF2-4C0E-A89C-735E94390DFF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: {9F907014-6D8A-40ED-AF2C-6D7FAC507E6E} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe No File Task: {A1B339F7-738C-410D-AE56-9F5555C4CCE8} - System32\Tasks\NCH Software\videopadSevenDays => C:\Program Files (x86)\NCH Software\VideoPad\VideoPad.exe [2013-07-13] (NCH Software) Task: {B31C0C03-924E-4D49-AC4A-E928DF7ECDFD} - System32\Tasks\Plus-HD-1.6-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe [2013-07-14] (Plus HD) Task: {C6B88561-4648-4249-9E00-431A2F0BCD71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27] (Google Inc.) Task: {CEBCBBC3-BB28-4A7B-94AD-30123FC978B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-27] (Google Inc.) Task: {D02FCF48-91BA-424B-89AD-30C91DFD2D45} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {DBD9B0F2-9794-4B7F-A066-F6043D403F8E} - System32\Tasks\Plus-HD-1.6-enabler => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe [2013-07-14] (Plus HD) Task: {E9FE1CC5-0C9D-47B6-845D-DEE936689AF5} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {EA6CA77E-0AD5-4F13-9A77-63ADA5B92841} - System32\Tasks\Plus-HD-1.6-updater => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe [2013-07-14] (Plus HD) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe Task: C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe Task: C:\Windows\Tasks\Plus-HD-1.6-enabler.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe Task: C:\Windows\Tasks\Plus-HD-1.6-updater.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/19/2013 10:41:41 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/19/2013 02:04:10 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/19/2013 02:04:07 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/19/2013 02:03:15 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/19/2013 02:03:03 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/19/2013 01:54:54 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3. Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig. System errors: ============= Error: (07/20/2013 02:38:42 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde nicht richtig gestartet. Error: (07/20/2013 02:38:17 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht. Error: (07/20/2013 02:38:16 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SysMain erreicht. Error: (07/20/2013 02:37:38 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht. Error: (07/20/2013 02:33:51 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert. Error: (07/19/2013 01:10:39 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert. Error: (07/19/2013 00:44:12 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde nicht richtig gestartet. Error: (07/19/2013 00:43:06 PM) (Source: DCOM) (User: ) Description: {30D49246-D217-465F-B00B-AC9DDD652EB7} Error: (07/19/2013 00:40:38 PM) (Source: DCOM) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (07/19/2013 00:39:03 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "ATKGFNEX Service" ist von folgendem Dienst abhängig: ASMMAP64. Dieser Dienst ist eventuell nicht installiert. Microsoft Office Sessions: ========================= Error: (07/19/2013 10:41:41 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (07/19/2013 02:04:10 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\xxx\Desktop\esetsmartinstaller_enu.exe Error: (07/19/2013 02:04:07 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\xxx\Desktop\esetsmartinstaller_enu.exe Error: (07/19/2013 02:03:15 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\xxx\Desktop\esetsmartinstaller_enu.exe Error: (07/19/2013 02:03:03 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestF:\esetsmartinstaller_enu.exe Error: (07/19/2013 01:54:54 PM) (Source: SideBySide)(User: ) Description: assemblyIdentitylanguage*c:\program files (x86)\Tools\freecommander\DelZip179.dllc:\program files (x86)\Tools\freecommander\DelZip179.dll8 CodeIntegrity Errors: =================================== Date: 2013-07-18 21:37:54.228 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-07-18 21:37:53.916 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 8096.05 MB Available physical RAM: 6156.37 MB Total Pagefile: 16190.29 MB Available Pagefile: 14162.63 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:305.67 GB) (Free:197.07 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:367.97 GB) (Free:174.43 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: A383324B) Partition 1: (Not Active) - (Size=25 GB) - (Type=1C) Partition 2: (Active) - (Size=306 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS) ==================== End Of Log ============================ es funktioniert wieder alles normal. Ich hoffe, es bleibt so ! Ganz herzlichen Dank für Deine Hilfe !!! Ich werde jetzt mal aufräumen, mich dann dem Thema Donation und dann dem Thema "Wie sichere meinen Rechner besser ab?" zuwenden. |
|
20.07.2013, 20:01
| #15 |
| /// the machine /// TB-Ausbilder | QVO6.COM wird durch MS IE immer aufgerufen Flash und Adobe updaten. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu QVO6.COM wird durch MS IE immer aufgerufen |
| .com, addons, bereits, durchgeführt, eingefangen, erfolg, gefangen, gefunde, gen, hoffe, installier, installiert, neu, problem, qvo6.com, scan, seite, startseite, troja, trojaner, trojaner eingefangen, verdächtige, zu lang |
Linear-Darstellung
