| |
| |||||||
Log-Analyse und Auswertung: windows 7 dieses programm wurde durch eine gruppenrichtlinie blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.05.2014, 11:43
| #1 |
 |  windows 7 dieses programm wurde durch eine gruppenrichtlinie blockiert Hallo, mir ist aufgefallen das plötzlich avast inaktiv war. Beim Versuch Avast zu reaktivieren kommt die Fehlermeldung: "dieses Programm wurde durch eine Gruppenrichtlinie blockiert" Ausderdem erscheint nach der anmeldung eine Fehlermeldung: " Fehler beim Laden des Moduls "C:\ProgramData\EkuwiQaqab.dat" Stellen sie sicher das die Binärdatei am angegebenen Pfad gespeichert ist oder debuggen sie die Datei. Das angegebene Modul wurde nicht gefunden" Leider kann ich die Logs nicht als Code hochladen, sie sind im Anhang zu finden. vielen dank für euer tolles engangement! p.s. sollte ich die Reperaturen im abgesicherten modus duführen? |
|
30.05.2014, 13:27
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | windows 7 dieses programm wurde durch eine gruppenrichtlinie blockiert Hi und
__________________ Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
30.05.2014, 15:15
| #3 |
| | windows 7 dieses programm wurde durch eine gruppenrichtlinie blockiert FRST
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014
Ran by Phillipê (administrator) on DRÖHNKISTE-C35D on 30-05-2014 11:56:30
Running from C:\Users\Phillipê\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
() C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(LogMeIn Inc.) D:\Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\Hamachi\LMIGuardianSvc.exe
(Tunngle.net GmbH) D:\Tunngle\TnglCtrl.exe
(LogMeIn Inc.) D:\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Hamachi\LMIGuardianSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2306448 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762224 2009-06-30] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\Run: [OscarEditor] => C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe [2624512 2010-07-22] ()
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\Run: [Steam] => D:\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\Run: [EkuwiQaqab] => regsvr32.exe "C:\ProgramData\EkuwiQaqab.dat"
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\MountPoints2: H - H:\Autorun.exe
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\MountPoints2: {062f12c3-2890-11e0-bffa-1c6f659604aa} - G:\Autorun.exe
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\MountPoints2: {d6cd9e04-5340-11e2-87a0-1c6f659604aa} - E:\FalloutLauncher.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x693498F99DBCCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
URLSearchHook: HKLM-x32 - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=8EC600FFE8A7A881
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default
FF NetworkProxy: "type", 0
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\daemon-search.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\searchplugins-backup
FF Extension: DAEMON Tools Toolbar - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\DTToolbar@toolbarnet.com [2011-04-25]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\ich@maltegoetz.de [2012-09-16]
FF Extension: ICQ Toolbar - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012-08-05]
FF Extension: Facemoods - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\ffxtlbr@Facemoods.com.xpi [2011-08-18]
FF Extension: Movie2kDownloader - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012-12-13]
FF Extension: Adblock Plus - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-25]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-10-02]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
FF StartMenuInternet: FIREFOX.EXE - D:\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HomePage: hxxp://scholar.google.de/schhp?hl=de
CHR StartupUrls: "hxxp://google.de/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (iTunes Application Detector) - D:\Mozilla Plugins\npitunes.dll ()
CHR Extension: (ProxFlow) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2012-11-06]
CHR Extension: (Movie2kDownloader 2) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf [2013-04-08]
CHR Extension: (YouTube) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google-Suche) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (AdBlock) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-17]
CHR Extension: (avast! Online Security) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-17]
CHR Extension: (Skype Click to Call) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-11-05]
CHR Extension: (Simply Block Ads!) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjefnfnmmnkcckbjjcganphignempo [2012-10-08]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2012-09-14]
CHR Extension: (Google Wallet) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-02-26]
CHR Extension: (Google Mail) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-08]
CHR HKLM-x32\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader10.crx [2012-12-13]
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn11.crx [2012-12-13]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
==================== Services (Whitelisted) =================
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-03-24] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R2 Hamachi2Svc; D:\Hamachi\hamachi-2.exe [2228048 2014-05-13] (LogMeIn Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-26] ()
R2 TunngleService; D:\Tunngle\TnglCtrl.exe [741224 2011-08-09] (Tunngle.net GmbH)
==================== Drivers (Whitelisted) ====================
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-10] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-10] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-10] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-11-17] ()
S3 cleanhlp; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-01-25] (DT Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-08-09] ()
S3 hidusbf; C:\Windows\System32\DRIVERS\hidusbf.sys [7040 2006-11-09] (SweetLow)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-11-17] ()
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] ()
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 cpuz136; \??\C:\Users\PHILLI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 afrdiaoc; \??\C:\Users\PHILLI~1\AppData\Local\Temp\afrdiaoc.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-30 11:51 - 2014-05-30 11:56 - 00027543 _____ () C:\Users\Phillipê\Desktop\FRST.txt
2014-05-30 11:51 - 2014-05-30 11:56 - 00000000 ____D () C:\FRST
2014-05-30 11:50 - 2014-05-30 11:50 - 00050477 _____ () C:\Users\Phillipê\Desktop\Defogger.exe
2014-05-30 11:50 - 2014-05-30 11:50 - 00000548 _____ () C:\Users\Phillipê\Desktop\defogger_disable.log
2014-05-30 11:50 - 2014-05-30 11:50 - 00000168 _____ () C:\Users\Phillipê\defogger_reenable
2014-05-30 11:49 - 2014-05-30 11:49 - 02066944 _____ (Farbar) C:\Users\Phillipê\Desktop\FRST64.exe
2014-05-30 11:47 - 2014-05-30 11:47 - 00380416 _____ () C:\Users\Phillipê\Desktop\kom09zc9.exe
2014-05-30 11:40 - 2014-05-30 11:40 - 00020372 _____ () C:\Users\Phillipê\Desktop\Emsisoft1.txt
2014-05-30 09:34 - 2014-05-30 11:40 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-30 09:34 - 2014-05-30 09:34 - 00001103 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\Users\Phillipê\Documents\Anti-Malware
2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-05-30 09:26 - 2014-05-30 09:26 - 00009858 _____ () C:\Windows\PFRO.log
2014-05-30 09:25 - 2014-05-30 09:25 - 00018221 _____ () C:\Users\Phillipê\Desktop\malwarebytes 30.05.txt
2014-05-30 09:16 - 2014-05-30 09:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 09:15 - 2014-05-30 09:15 - 00000629 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 09:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-30 09:15 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-30 09:15 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-30 08:55 - 2014-05-30 08:55 - 00000000 ____D () C:\Windows\pss
2014-05-30 05:38 - 2014-05-30 11:42 - 00000392 _____ () C:\Windows\setupact.log
2014-05-30 05:38 - 2014-05-30 05:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-30 04:42 - 2014-05-30 11:49 - 00064056 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 18:08 - 2014-05-29 18:08 - 00000993 _____ () C:\Users\Phillipê\Desktop\Fallout3ng.exe - Verknüpfung.lnk
2014-05-15 20:26 - 2014-05-15 22:33 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Darksiders
2014-05-15 17:17 - 2014-05-15 17:17 - 00000000 ____D () C:\Users\Phillipê\Documents\Darksiders Soundtrack Comic
2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\Program Files (x86)\THQ
2014-05-14 22:39 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:39 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:39 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 22:39 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 22:39 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 22:39 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 19:08 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 19:08 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 19:08 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 19:08 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 19:08 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 19:08 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 19:08 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 19:08 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 19:08 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 19:08 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 19:08 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 19:08 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 19:08 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 19:08 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 19:08 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 19:08 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 19:08 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 19:08 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 19:08 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 19:08 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 18:57 - 2014-05-14 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-06 22:07 - 2014-05-15 16:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
==================== One Month Modified Files and Folders =======
2014-05-30 11:56 - 2014-05-30 11:51 - 00027543 _____ () C:\Users\Phillipê\Desktop\FRST.txt
2014-05-30 11:56 - 2014-05-30 11:51 - 00000000 ____D () C:\FRST
2014-05-30 11:56 - 2011-01-25 16:26 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Temp
2014-05-30 11:50 - 2014-05-30 11:50 - 00050477 _____ () C:\Users\Phillipê\Desktop\Defogger.exe
2014-05-30 11:50 - 2014-05-30 11:50 - 00000548 _____ () C:\Users\Phillipê\Desktop\defogger_disable.log
2014-05-30 11:50 - 2014-05-30 11:50 - 00000168 _____ () C:\Users\Phillipê\defogger_reenable
2014-05-30 11:50 - 2011-01-25 16:26 - 00000000 ____D () C:\Users\Phillipê
2014-05-30 11:49 - 2014-05-30 11:49 - 02066944 _____ (Farbar) C:\Users\Phillipê\Desktop\FRST64.exe
2014-05-30 11:49 - 2014-05-30 04:42 - 00064056 _____ () C:\Windows\WindowsUpdate.log
2014-05-30 11:47 - 2014-05-30 11:47 - 00380416 _____ () C:\Users\Phillipê\Desktop\kom09zc9.exe
2014-05-30 11:43 - 2012-05-19 13:41 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\LogMeIn Hamachi
2014-05-30 11:42 - 2014-05-30 05:38 - 00000392 _____ () C:\Windows\setupact.log
2014-05-30 11:42 - 2011-02-26 13:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-30 11:42 - 2011-01-25 17:27 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-05-30 11:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-30 11:40 - 2014-05-30 11:40 - 00020372 _____ () C:\Users\Phillipê\Desktop\Emsisoft1.txt
2014-05-30 11:40 - 2014-05-30 09:34 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-30 09:34 - 2014-05-30 09:34 - 00001103 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\Users\Phillipê\Documents\Anti-Malware
2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-05-30 09:26 - 2014-05-30 09:26 - 00009858 _____ () C:\Windows\PFRO.log
2014-05-30 09:25 - 2014-05-30 09:25 - 00018221 _____ () C:\Users\Phillipê\Desktop\malwarebytes 30.05.txt
2014-05-30 09:24 - 2014-02-10 21:10 - 00000000 ____D () C:\Users\Phillipê\AppData\Roaming\DigitalSites
2014-05-30 09:16 - 2014-05-30 09:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 09:15 - 2014-05-30 09:15 - 00000629 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 08:56 - 2011-02-13 12:56 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-05-30 08:55 - 2014-05-30 08:55 - 00000000 ____D () C:\Windows\pss
2014-05-30 05:49 - 2009-07-14 06:45 - 00026432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-30 05:49 - 2009-07-14 06:45 - 00026432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-30 05:38 - 2014-05-30 05:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-30 05:24 - 2011-02-26 13:33 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-30 05:10 - 2014-02-15 15:10 - 00000320 _____ () C:\Windows\Tasks\Digital Sites.job
2014-05-30 05:10 - 2013-06-19 21:10 - 00000306 _____ () C:\Windows\Tasks\DSite.job
2014-05-30 05:04 - 2012-04-02 00:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-30 04:32 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-05-30 00:10 - 2013-07-27 00:10 - 00000063 _____ () C:\Users\Phillipê\AppData\Roaming\WB.CFG
2014-05-29 18:08 - 2014-05-29 18:08 - 00000993 _____ () C:\Users\Phillipê\Desktop\Fallout3ng.exe - Verknüpfung.lnk
2014-05-29 15:57 - 2011-01-26 21:33 - 00000000 ____D () C:\Users\Phillipê\Documents\My games
2014-05-29 15:31 - 2011-01-25 16:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-28 19:12 - 2011-04-15 16:53 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Fallout3
2014-05-26 18:24 - 2012-08-29 17:58 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-26 06:36 - 2013-01-30 23:17 - 01632188 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-26 06:36 - 2009-07-14 19:58 - 00713594 _____ () C:\Windows\system32\perfh007.dat
2014-05-26 06:36 - 2009-07-14 19:58 - 00155530 _____ () C:\Windows\system32\perfc007.dat
2014-05-26 06:36 - 2009-07-14 07:13 - 01632188 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-15 22:33 - 2014-05-15 20:26 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Darksiders
2014-05-15 18:56 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-15 17:17 - 2014-05-15 17:17 - 00000000 ____D () C:\Users\Phillipê\Documents\Darksiders Soundtrack Comic
2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\Program Files (x86)\THQ
2014-05-15 17:15 - 2011-01-25 17:53 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-05-15 16:58 - 2012-11-02 22:37 - 00000000 ___RD () C:\Users\Phillipê\Desktop\GameZ
2014-05-15 16:58 - 2011-01-25 16:26 - 00000000 ___RD () C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 16:58 - 2011-01-25 16:26 - 00000000 ___RD () C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 16:55 - 2014-05-06 22:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 16:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 22:38 - 2013-08-14 22:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 22:38 - 2011-02-27 15:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 22:37 - 2011-08-07 16:45 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 19:05 - 2012-04-02 00:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 19:05 - 2012-04-02 00:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 19:05 - 2011-08-07 16:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 18:57 - 2014-05-14 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-13 20:20 - 2013-06-11 20:12 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-12 07:26 - 2014-05-30 09:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-30 09:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-30 09:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 08:14 - 2014-05-14 19:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 19:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 21:19 - 2011-02-26 13:33 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 21:19 - 2011-02-26 13:33 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 06:40 - 2014-05-14 22:39 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 22:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 22:39 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 22:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 22:39 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 22:39 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 15:39 - 2011-03-20 14:47 - 00000000 ____D () C:\Users\Phillipê\AppData\Roaming\vlc
Some content of TEMP:
====================
C:\Users\Phillipê\AppData\Local\Temp\drm_dyndata_7380014.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-29 19:17
==================== End Of Log ============================
|
|
30.05.2014, 15:16
| #4 |
| | windows 7 dieses programm wurde durch eine gruppenrichtlinie blockiert FRST Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2014
Ran by Phillipê at 2014-05-30 11:51:59
Running from C:\Users\Phillipê\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.09 - GIGABYTE)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.831.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{0BD776F3-057D-4C11-020C-4FA9B13D04F9}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
ANNO 1404 - Venice (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.0.5008.0 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARMA 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)
ARMA 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)
ATI AVIVO64 Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd)
AutoGreen B10.1021.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B10.1021.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1489.0 - AVAST Software)
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.5.0000 - 2K Games)
BioShock Infinite version 1.0.0.0 (HKLM-x32\...\BioShock Infinite_is1) (Version: 1.0.0.0 - )
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.8.0.29343 - BitTorrent Inc.)
Black & White® 2 (HKLM-x32\...\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}) (Version: 1.00.0000 - Lionhead Studios)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.0.9 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
BulletStorm (x32 Version: 1.0.0001.130 - EA) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.1125.2148.39102 - ATI) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.1125.2148.39102 - ATI) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2010.1125.2148.39102 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help English (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help French (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help German (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
ccc-core-static (x32 Version: 2010.1125.2148.39102 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.1125.2148.39102 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Darksiders (HKLM-x32\...\Steam App 50620) (Version: - Vigil Games)
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - THQ)
DayZ Commander (HKLM-x32\...\{67BE448F-7813-4466-A767-85EF5BBAC1D1}) (Version: 1.09.70 - Dotjosh Studios)
Dead Rising 2 (HKLM-x32\...\GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}) (Version: 1.0.0000.130 - Capcom)
Dead Rising 2 (x32 Version: 1.0.0000.130 - Capcom) Hidden
Deponia (HKLM-x32\...\Deponia) (Version: 1.0 - Daedalic Entertainment)
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Deus Ex - Invisible War (HKLM-x32\...\{47BE1E5F-8978-484B-BE86-B616C00EA75A}) (Version: 1.00.0000 - )
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Easy Tune 6 B10.1024.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.1024.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version: - )
FLAC To MP3 V4.0.5 (HKLM-x32\...\FLAC To MP3_is1) (Version: - FLAC To MP3, Inc.)
Foldit (HKLM-x32\...\Foldit) (Version: - )
Free Studio version 5.0.3 (HKLM-x32\...\Free Studio_is1) (Version: - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{C768E610-4DFB-4A60-A59B-71549EB7BF75}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Kane and Lynch: Dead Men (HKLM-x32\...\{A66C4716-7E10-4A53-8101-00C3C11D6A9C}) (Version: 1.00.0000 - Eidos)
K-Lite Codec Pack 9.9.5 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.193 - LogMeIn, Inc.) Hidden
Mafia II (HKLM-x32\...\Mafia II_is1) (Version: - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.01.0.0 - Electronic Arts)
Mathematica Extras 9.0 (4092550) (HKLM\...\A-WIN-Extras 9.0.1 4092550_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version: - Rockstar Studios)
Metro: Last Light (HKLM-x32\...\Metro: Last Light_is1) (Version: - Deep Silver)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.0 (HKLM\...\{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mouse Editor (HKLM-x32\...\InstallShield_{8973F26D-3E74-481C-AF11-FDC7D0089E96}) (Version: 10.07.0002 - Ihr Firmenname)
MOUSE Editor (x32 Version: 10.07.0002 - Ihr Firmenname) Hidden
Mozilla Firefox 16.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 16.0.1 (x86 en-US)) (Version: 16.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 16.0.1 - Mozilla)
MSI Afterburner 2.0.0 (HKLM-x32\...\Afterburner) (Version: 2.0.0 - MSI Co., LTD)
My Game Long Name (HKLM\...\UDK-964f1b46-0a2c-4960-ac16-5d146edf634d) (Version: - Epic Games, Inc.)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1509 - Electronic Arts)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.4 - )
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RAGE (HKLM-x32\...\Steam App 9200) (Version: - id Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.26.902.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.20.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.20.0 - Renesas Electronics Corporation) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Singularity (HKLM-x32\...\Steam App 42670) (Version: - )
Six Updater (HKLM-x32\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7016 - Six Projects)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: - TeamSpeak Systems GmbH)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Wolfram CDF Player (M-WIN-D 9.0.1 4092685) (HKLM-x32\...\M-WIN-D 9.0.1 4092685_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
==================== Restore Points =========================
30-05-2014 09:48:23 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2011-07-30 13:57 - 00000857 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {0740D52B-D79C-49D5-AC41-0E24D20CB325} - System32\Tasks\Digital Sites => C:\Users\PHILLI~1\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: {18FF80B1-9A8C-4ECE-BDF1-60958BD91B36} - System32\Tasks\QtraxPlayer => C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe
Task: {1D47DC25-E59E-4DF6-9532-794AA82A0868} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26] (Google Inc.)
Task: {2529AC27-E1A5-459E-93AD-1B7AE188DAFB} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {267E2320-6708-4151-A59C-159688C336D4} - System32\Tasks\DSite => C:\Users\PHILLI~1\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: {42945CE0-7500-4909-8CEF-667BC0A3D4F9} - System32\Tasks\{24ECB2F1-8B87-4CE4-BDF6-8055A5D64855} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {7B3C30B0-63D4-4085-B134-4B7298F8AC27} - System32\Tasks\DealPly => C:\Users\PHILLI~1\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: {925BCC9E-3CD0-40EB-8689-E392FAE14F29} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {A2AC332B-6B8C-4817-8310-681AD8A09CEB} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {B05C7659-234E-43D3-9B6F-CFB04FB12371} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {B40C0A91-7445-4597-B684-DA4330385069} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BE1F2ADC-A293-4886-8B4D-25D5AF0B92D3} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2010-07-21] (Microsoft Corporation)
Task: {E813C1C9-B934-4D36-BE6E-15E401A255A5} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {EA42980F-B5F2-463C-B881-285129EF7341} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\PHILLI~1\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\PHILLI~1\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-01-25 17:11 - 2010-03-15 12:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-01-25 16:42 - 2009-06-17 17:13 - 00068136 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
2011-01-25 18:04 - 2013-05-26 15:38 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-07-22 08:15 - 2010-07-22 08:15 - 02624512 _____ () C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
2011-07-29 01:08 - 2011-07-29 01:08 - 01259376 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-05-29 15:14 - 2014-05-29 10:07 - 02295808 _____ () C:\Program Files\Alwil Software\Avast5\defs\14052900\algo.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-25 16:42 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
2010-06-01 05:41 - 2010-06-01 05:41 - 00098816 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_MouseDeviceManager.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00094208 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ZoomControl.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00062976 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ScrollbarControl.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00069632 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInRight.dll
2010-04-03 05:36 - 2010-04-03 05:36 - 00069632 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInOne.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00127488 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_Wheel4D.dll
2010-05-07 17:05 - 2010-05-07 17:05 - 00042496 _____ () C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll
2011-07-29 01:09 - 2011-07-29 01:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2011-02-11 17:28 - 2011-05-31 18:07 - 01852759 _____ () D:\Tunngle\libeay32.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GoogleChromeAutoLaunch_ABA4318D4E55179246F0B38EF7E0EE65 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Officejet 6600 (NET) => "C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" -deviceID "CN22F190YK05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "D:\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "D:\Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: STCAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
MSCONFIG\startupreg: WhatPulse => F:\WhatPulse\WhatPulse.exe
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Phillipê\AppData\Roaming\Yontoo\YontooDesktop.exe"
MSCONFIG\startupreg: ZyngaGamesAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/30/2014 05:47:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.13.24161, Zeitstempel: 0x537360b2
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x8a4
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3
Error: (05/30/2014 05:47:07 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentException
Stapel:
bei Avira.OE.ServiceHost.ServiceModelListStorage.GetServiceModel(System.String, System.String)
bei Avira.OE.ServiceHost.ServicesListManager.CheckBundledProductsConfiguration()
bei Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/30/2014 05:45:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.13.24161, Zeitstempel: 0x537360b2
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xf58
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3
Error: (05/30/2014 05:45:22 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentException
Stapel:
bei Avira.OE.ServiceHost.ServiceModelListStorage.GetServiceModel(System.String, System.String)
bei Avira.OE.ServiceHost.ServicesListManager.CheckBundledProductsConfiguration()
bei Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/30/2014 05:45:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.13.24161, Zeitstempel: 0x537360b2
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xe7c
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3
Error: (05/30/2014 05:45:11 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentException
Stapel:
bei Avira.OE.ServiceHost.ServiceModelListStorage.GetServiceModel(System.String, System.String)
bei Avira.OE.ServiceHost.ServicesListManager.CheckBundledProductsConfiguration()
bei Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/30/2014 05:44:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.13.24161, Zeitstempel: 0x537360b2
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x9c8
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3
Error: (05/30/2014 05:44:58 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentException
Stapel:
bei Avira.OE.ServiceHost.ServiceModelListStorage.GetServiceModel(System.String, System.String)
bei Avira.OE.ServiceHost.ServicesListManager.CheckBundledProductsConfiguration()
bei Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (05/30/2014 05:43:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe, Version: 1.1.13.24161, Zeitstempel: 0x537360b2
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0xa28
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.ServiceHost.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.ServiceHost.exe1
Pfad des fehlerhaften Moduls: Avira.OE.ServiceHost.exe2
Berichtskennung: Avira.OE.ServiceHost.exe3
Error: (05/30/2014 05:43:03 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines Ausnahmefehlers beendet.
Ausnahmeinformationen: System.ArgumentException
Stapel:
bei Avira.OE.ServiceHost.ServiceModelListStorage.GetServiceModel(System.String, System.String)
bei Avira.OE.ServiceHost.ServicesListManager.CheckBundledProductsConfiguration()
bei Avira.OE.ServiceHost.AvServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
System errors:
=============
Error: (05/30/2014 11:44:26 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Emsisoft Anti-Malware 8.0 - Service" wurde nicht richtig gestartet.
Error: (05/30/2014 11:42:43 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (05/30/2014 11:42:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Software Protection" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/30/2014 11:42:42 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Software Protection erreicht.
Error: (05/30/2014 11:39:46 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}
Error: (05/30/2014 11:39:46 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}
Error: (05/30/2014 11:36:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (05/30/2014 11:36:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (05/30/2014 11:36:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (05/30/2014 11:34:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-11-27 18:56:28.920
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:56:28.826
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:55:48.150
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:55:48.056
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:52:34.363
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:52:34.269
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:52:16.933
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:52:16.839
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-09-23 19:03:22.932
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-09-23 19:03:22.880
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 32%
Total physical RAM: 8175.43 MB
Available physical RAM: 5485.92 MB
Total Pagefile: 16349.04 MB
Available Pagefile: 13029.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:48.83 GB) (Free:0.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:249.26 GB) (Free:33.04 GB) NTFS
Drive f: () (Fixed) (Total:465.76 GB) (Free:30 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B2BEB335)
Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=249 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 66205247)
No partition Table on disk 1.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-30 12:10:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD322HJ rev.1AC01113 298,09GB
Running: kom09zc9.exe; Driver: C:\Users\PHILLI~1\AppData\Local\Temp\afrdiaoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[640] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62]
.text C:\Windows\system32\services.exe[700] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62]
.text C:\Windows\system32\winlogon.exe[796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[260] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62]
.text C:\Windows\System32\svchost.exe[672] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[248] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62]
.text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[1792] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007635a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007635a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1904] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007635a2fd 1 byte [62]
.text C:\Windows\Explorer.EXE[1396] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62]
.text C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2064] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007635a2fd 1 byte [62]
.text C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[2100] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007635a2fd 1 byte [62]
.text C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe[2152] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007635a2fd 1 byte [62]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2244] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007635a2fd 1 byte [62]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2244] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074261a22 2 bytes [26, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2244] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074261ad0 2 bytes [26, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2244] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074261b08 2 bytes [26, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2244] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074261bba 2 bytes [26, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2244] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074261bda 2 bytes [26, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075791465 2 bytes [79, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000757914bb 2 bytes [79, 75]
.text ... * 2
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2728] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62]
.text C:\Windows\vVX1000.exe[2752] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007635a2fd 1 byte [62]
.text C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[2760] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007635a2fd 1 byte [62]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3036] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007635a2fd 1 byte [62]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[2484] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007635a2fd 1 byte [62]
.text D:\Hamachi\hamachi-2-ui.exe[2504] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007635a2fd 1 byte [62]
.text D:\Hamachi\hamachi-2-ui.exe[2504] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 69 0000000075791465 2 bytes [79, 75]
.text D:\Hamachi\hamachi-2-ui.exe[2504] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 155 00000000757914bb 2 bytes [79, 75]
.text ... * 2
.text D:\Tunngle\TnglCtrl.exe[1952] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 0000000076eb000c 1 byte [90]
.text D:\Tunngle\TnglCtrl.exe[1952] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007635a2fd 1 byte [62]
.text D:\Hamachi\hamachi-2.exe[3228] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076ce3b10 5 bytes JMP 00000001003f075c
.text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076ce7ac0 5 bytes JMP 00000001003f03a4
.text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 00000001003f0b14
.text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 00000001003f0ecc
.text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d11570 5 bytes JMP 00000001003f163c
.text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 5 bytes JMP 00000001003f1284
.text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d127e0 5 bytes JMP 00000001003f19f4
.text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd326e00 5 bytes JMP 000007ff7d341dac
.text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd326f2c 5 bytes JMP 000007ff7d340ecc
.text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd327220 5 bytes JMP 000007ff7d341284
.text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd32739c 5 bytes JMP 000007ff7d34163c
.text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd327538 5 bytes JMP 000007ff7d3419f4
.text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd3275e8 5 bytes JMP 000007ff7d3403a4
.text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd32790c 5 bytes JMP 000007ff7d34075c
.text C:\Windows\system32\SearchIndexer.exe[2720] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd327ab4 5 bytes JMP 000007ff7d340b14
.text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd326e00 5 bytes JMP 000007ff7d341dac
.text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd326f2c 5 bytes JMP 000007ff7d340ecc
.text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd327220 5 bytes JMP 000007ff7d341284
.text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd32739c 5 bytes JMP 000007ff7d34163c
.text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd327538 5 bytes JMP 000007ff7d3419f4
.text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd3275e8 5 bytes JMP 000007ff7d3403a4
.text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd32790c 5 bytes JMP 000007ff7d34075c
.text C:\Windows\system32\svchost.exe[1520] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd327ab4 5 bytes JMP 000007ff7d340b14
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5328] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62]
.text C:\Windows\system32\SearchProtocolHost.exe[5932] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd326e00 5 bytes JMP 000007ff7d341dac
.text C:\Windows\system32\SearchProtocolHost.exe[5932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd326f2c 5 bytes JMP 000007ff7d340ecc
.text C:\Windows\system32\SearchProtocolHost.exe[5932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd327220 5 bytes JMP 000007ff7d341284
.text C:\Windows\system32\SearchProtocolHost.exe[5932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd32739c 5 bytes JMP 000007ff7d34163c
.text C:\Windows\system32\SearchProtocolHost.exe[5932] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd327538 5 bytes JMP 000007ff7d3419f4
.text C:\Windows\system32\SearchProtocolHost.exe[5932] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd3275e8 5 bytes JMP 000007ff7d3403a4
.text C:\Windows\system32\SearchProtocolHost.exe[5932] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd32790c 5 bytes JMP 000007ff7d34075c
.text C:\Windows\system32\SearchProtocolHost.exe[5932] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd327ab4 5 bytes JMP 000007ff7d340b14
.text C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076ce3b10 5 bytes JMP 00000001001d075c
.text C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076ce7ac0 5 bytes JMP 00000001001d03a4
.text C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 00000001001d0b14
.text C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 00000001001d0ecc
.text C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d11570 5 bytes JMP 00000001001d163c
.text C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 5 bytes JMP 00000001001d1284
.text C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d127e0 5 bytes JMP 00000001001d19f4
.text C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd326e00 5 bytes JMP 000007ff7d341dac
.text C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd326f2c 5 bytes JMP 000007ff7d340ecc
.text C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd327220 5 bytes JMP 000007ff7d341284
.text C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd32739c 5 bytes JMP 000007ff7d34163c
.text C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd327538 5 bytes JMP 000007ff7d3419f4
.text C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd3275e8 5 bytes JMP 000007ff7d3403a4
.text C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd32790c 5 bytes JMP 000007ff7d34075c
.text C:\Windows\System32\svchost.exe[5272] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd327ab4 5 bytes JMP 000007ff7d340b14
.text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076ce3b10 5 bytes JMP 000000010033075c
.text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076ce7ac0 5 bytes JMP 00000001003303a4
.text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076d11430 5 bytes JMP 0000000100330b14
.text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076d11490 5 bytes JMP 0000000100330ecc
.text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076d11570 5 bytes JMP 000000010033163c
.text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076d117b0 5 bytes JMP 0000000100331284
.text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076d127e0 5 bytes JMP 00000001003319f4
.text C:\Windows\System32\svchost.exe[1056] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076bfef8d 1 byte [62]
.text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd326e00 5 bytes JMP 000007ff7d341dac
.text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd326f2c 5 bytes JMP 000007ff7d340ecc
.text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd327220 5 bytes JMP 000007ff7d341284
.text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd32739c 5 bytes JMP 000007ff7d34163c
.text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd327538 5 bytes JMP 000007ff7d3419f4
.text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd3275e8 5 bytes JMP 000007ff7d3403a4
.text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd32790c 5 bytes JMP 000007ff7d34075c
.text C:\Windows\System32\svchost.exe[1056] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd327ab4 5 bytes JMP 000007ff7d340b14
.text C:\Windows\System32\WUDFHost.exe[3160] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd326e00 5 bytes JMP 000007ff7d341dac
.text C:\Windows\System32\WUDFHost.exe[3160] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd326f2c 5 bytes JMP 000007ff7d340ecc
.text C:\Windows\System32\WUDFHost.exe[3160] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd327220 5 bytes JMP 000007ff7d341284
.text C:\Windows\System32\WUDFHost.exe[3160] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd32739c 5 bytes JMP 000007ff7d34163c
.text C:\Windows\System32\WUDFHost.exe[3160] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd327538 5 bytes JMP 000007ff7d3419f4
.text C:\Windows\System32\WUDFHost.exe[3160] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd3275e8 5 bytes JMP 000007ff7d3403a4
.text C:\Windows\System32\WUDFHost.exe[3160] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd32790c 5 bytes JMP 000007ff7d34075c
.text C:\Windows\System32\WUDFHost.exe[3160] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd327ab4 5 bytes JMP 000007ff7d340b14
.text C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000076ebfac0 5 bytes JMP 0000000100030600
.text C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000076ebfb58 5 bytes JMP 0000000100030804
.text C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076ebfcb0 5 bytes JMP 0000000100030c0c
.text C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000076ec0038 5 bytes JMP 0000000100030a08
.text C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000076ec1920 5 bytes JMP 0000000100030e10
.text C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000076edc4dd 5 bytes JMP 00000001000301f8
.text C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000076ee1287 5 bytes JMP 00000001000303fc
.text C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007635a2fd 1 byte [62]
.text C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000758f5181 5 bytes JMP 00000001003c1014
.text C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000758f5254 5 bytes JMP 00000001003c0804
.text C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000758f53d5 5 bytes JMP 00000001003c0a08
.text C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000758f54c2 5 bytes JMP 00000001003c0c0c
.text C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000758f55e2 5 bytes JMP 00000001003c0e10
.text C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000758f567c 5 bytes JMP 00000001003c01f8
.text C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000758f589f 5 bytes JMP 00000001003c03fc
.text C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000758f5a22 5 bytes JMP 00000001003c0600
.text C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007657ee09 5 bytes JMP 00000001003d01f8
.text C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076583982 5 bytes JMP 00000001003d03fc
.text C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076587603 5 bytes JMP 00000001003d0804
.text C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007658835c 5 bytes JMP 00000001003d0600
.text C:\Users\Phillipê\Desktop\kom09zc9.exe[4044] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007659f52b 5 bytes JMP 00000001003d0a08
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 391
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 7468522
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition1\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\Alwil Software\Avast5
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\Alwil Software\Avast5
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\Alwil Software\Avast5
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\Alwil Software\Avast5
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 391
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 7468522
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition1\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\Alwil Software\Avast5
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\Alwil Software\Avast5
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\Alwil Software\Avast5
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\Alwil Software\Avast5
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
---- EOF - GMER 2.1 ----
|
|
30.05.2014, 15:17
| #5 |
| | windows 7 dieses programm wurde durch eine gruppenrichtlinie blockiert malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 30.05.2014 Scan Time: 09:16:48 Logfile: log.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.05.30.05 Rootkit Database: v2014.05.21.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Phillipê Scan Type: Threat Scan Result: Completed Objects Scanned: 339664 Time Elapsed: 6 min, 56 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 25 PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [711cd285c2b9cf6752f231352ed4f50b], PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [711cd285c2b9cf6752f231352ed4f50b], PUP.Optional.ConduitTB.A, HKU\S-1-5-21-1406149438-3228825593-328108524-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{30F9B915-B755-4826-820B-08FBA6BD249D}, Quarantined, [aae3e2752c4f9a9c99ec75ba36ccb24e], PUP.Optional.ConduitTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{30F9B915-B755-4826-820B-08FBA6BD249D}, Quarantined, [aae3e2752c4f9a9c99ec75ba36ccb24e], PUP.Optional.ConduitTB.A, HKU\S-1-5-21-1406149438-3228825593-328108524-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{30F9B915-B755-4826-820B-08FBA6BD249D}, Quarantined, [aae3e2752c4f9a9c99ec75ba36ccb24e], PUP.Optional.FaceMoods.A, HKU\S-1-5-21-1406149438-3228825593-328108524-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{64182481-4F71-486B-A045-B233BD0DA8FC}, Quarantined, [830a83d4a3d892a4629d1b1430d2b749], PUP.Optional.FaceMoods.A, HKU\S-1-5-21-1406149438-3228825593-328108524-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{64182481-4F71-486B-A045-B233BD0DA8FC}, Quarantined, [830a83d4a3d892a4629d1b1430d2b749], PUP.Optional.FaceMoods.A, HKU\S-1-5-21-1406149438-3228825593-328108524-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}, Quarantined, [1578f36422599e98e61a6fc1bf43916f], PUP.Optional.FaceMoods.A, HKU\S-1-5-21-1406149438-3228825593-328108524-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}, Quarantined, [1578f36422599e98e61a6fc1bf43916f], PUP.Optional.DigitalSites.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DSite, Quarantined, [8a039abd0e6db383d4eb4de5fd042dd3], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, Quarantined, [8a03be994f2c72c492312864778ba060], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\facemoods.com, Quarantined, [850872e585f644f2e9358d1060a2c23e], PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ihflimipbcaljfnojhhknppphnnciiif, Quarantined, [6a233324443792a445d8712c42c0ca36], PUP.Optional.Gophoto.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfmopbbadnfoelckkcmjjeaaegjpjjbk, Quarantined, [761770e7e398b77f67499e27b44fe917], PUP.Optional.BundleInstaller.A, HKLM\SOFTWARE\WOW6432NODE\VITTALIA\AxtanInstaller, Quarantined, [f29b75e21f5cce6885ec426638caa45c], PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [3a53391eadcef83e79d5c7fb0af9a759], PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, Quarantined, [8b024e09bcbf2511bfe81ca88c773fc1], PUP.Optional.DataMngr.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Quarantined, [e0ad63f489f200360fc20bb5fc07f20e], PUP.Optional.FaceMoods.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\facemoods.com, Quarantined, [3c510255ee8d2c0afa259508e61c02fe], PUP.Optional.PriceGong.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [6b22a5b232491422a2ade5c040c2ca36], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [dcb1d87f2b5091a573827b4520e3b14f], PUP.Optional.SnapDo.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, Quarantined, [4845d1864c2f181e983a0c9e669c45bb], PUP.Optional.Softonic.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [d8b54e09b7c41f17a8dbf7a259a9916f], PUP.Optional.FaceMoods.A, HKU\S-1-5-21-1406149438-3228825593-328108524-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\facemoods.com, Quarantined, [404d084fe19a86b02cf356474cb67e82], PUP.Optional.PriceGong.A, HKU\S-1-5-21-1406149438-3228825593-328108524-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [b3daaea99be0c6705af52e77f2107d83], Registry Values: 4 PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}, facemoods Toolbar, Quarantined, [1578f36422599e98e61a6fc1bf43916f] PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}, Quarantined, [ddb088cfc6b5a59159a71c1414eef709], PUP.Optional.InstallCore.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0M1S1H1K2U, Quarantined, [dcb1d87f2b5091a573827b4520e3b14f] PUP.Optional.SnapDo.A, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, SnapdoOCYB, Quarantined, [4845d1864c2f181e983a0c9e669c45bb] Registry Data: 6 PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4, Good: (www.google.com), Bad: (hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4),Replaced,[bad3dc7b3a41a98d21091a443aca6e92] PUP.Optional.Snapdo, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013),Replaced,[c5c831264635c96db228baa262a24eb2] PUP.Optional.StartPage, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www1.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=8EC600FFE8A7A881, Good: (hxxp://www.google.com), Bad: (hxxp://www1.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=8EC600FFE8A7A881),Replaced,[a0ed58ff87f4280e5c90f06c8e76bf41] PUP.Optional.Snapdo, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013),Replaced,[810c2235512ae45235a4fa62de26ac54] PUP.Optional.Snapdo, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013),Replaced,[434acf88a1da6bcbca1299c3b54fe719] PUP.Optional.Snapdo, HKU\S-1-5-21-1406149438-3228825593-328108524-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013),Replaced,[5a3395c22358191de2fb065634d0639d] Folders: 10 PUP.Optional.Updater, C:\Users\Phillipê\AppData\Roaming\DIGITALSITES\UPDATEPROC, Quarantined, [4746e86f88f36cca2d046a416d957e82], PUP.Optional.HDVidCodec.A, C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDVIDCODEC.COM, Quarantined, [117cd186c1ba6dc902da348db35012ee], PUP.Optional.Gophoto.A, C:\Program Files (x86)\Gophoto.it, Quarantined, [8409391ef18a9f97e7c8873e83805ea2], PUP.Optional.DealPly.A, C:\Users\Phillipê\AppData\Roaming\DealPly, Quarantined, [791487d0493256e0917a4e2bd230837d], PUP.Optional.DealPly.A, C:\Users\Phillipê\AppData\Roaming\DealPly\UpdateProc, Quarantined, [791487d0493256e0917a4e2bd230837d], PUP.Optional.OpenCandy, C:\Users\Phillipê\AppData\Roaming\OPENCANDY, Quarantined, [cfbe2a2daccf6acc50f20c6d20e21ce4], PUP.Optional.OpenCandy, C:\Users\Phillipê\AppData\Roaming\OPENCANDY\9ABC59DFC98F4921A9DF7200B7610E42, Quarantined, [cfbe2a2daccf6acc50f20c6d20e21ce4], PUP.Optional.Babylon.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\extensions\FFXTLBR@BABYLON.COM, Quarantined, [781534236615fd3957623c429a686898], PUP.Optional.Babylon.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\extensions\FFXTLBR@BABYLON.COM\defaults, Quarantined, [781534236615fd3957623c429a686898], PUP.Optional.Babylon.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\extensions\FFXTLBR@BABYLON.COM\defaults\preferences, Quarantined, [781534236615fd3957623c429a686898], Files: 36 PUP.Optional.DigitalSites.A, C:\Users\Phillipê\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe, Quarantined, [8a039abd0e6db383d4eb4de5fd042dd3], PUP.Optional.TornTV.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\extensions\TORNTV@TORNTV.COM.XPI, Quarantined, [b2db4215d7a42f076922543d9a68e31d], PUP.Optional.GoPhoto.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\extensions\GOPHOTO@GOPHOTO.IT.XPI, Quarantined, [028bfc5b93e8989ee8112171ba485da3], PUP.Optional.Conduit.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\conduit.xml, Quarantined, [d7b670e7e596290d9374d7c9639f03fd], PUP.Optional.Delta.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\delta.xml, Quarantined, [7e0f42151c5f0e285fb5ccd4dd258080], PUP.Optional.Updater, C:\Users\Phillipê\AppData\Roaming\DigitalSites\UpdateProc\UPDATETASK.EXE, Quarantined, [4746e86f88f36cca2d046a416d957e82], PUP.Optional.Updater, C:\Users\Phillipê\AppData\Roaming\DigitalSites\UpdateProc\config.dat, Quarantined, [4746e86f88f36cca2d046a416d957e82], PUP.Optional.Updater, C:\Users\Phillipê\AppData\Roaming\DigitalSites\UpdateProc\info.dat, Quarantined, [4746e86f88f36cca2d046a416d957e82], PUP.Optional.Updater, C:\Users\Phillipê\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT, Quarantined, [4746e86f88f36cca2d046a416d957e82], PUP.Optional.Updater, C:\Users\Phillipê\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, Quarantined, [4746e86f88f36cca2d046a416d957e82], PUP.Optional.HDVidCodec.A, C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\HDVIDCODEC.LNK, Quarantined, [117cd186c1ba6dc902da348db35012ee], PUP.Optional.HDVidCodec.A, C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\Uninstall.lnk, Quarantined, [117cd186c1ba6dc902da348db35012ee], PUP.Optional.BrowserDefender.A, C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Local Storage\CHROME-EXTENSION_EOONCJEJNPPFJJKLAPAAMHCDMJBILMDE_0.LOCALSTORAGE, Quarantined, [1f6ef4633a41340250de21a3e41f5da3], PUP.Optional.Gophoto.A, C:\Program Files (x86)\Gophoto.it\GOPHOTOIT14.CRX, Quarantined, [8409391ef18a9f97e7c8873e83805ea2], PUP.Optional.DealPly.A, C:\Users\Phillipê\AppData\Roaming\DealPly\UpdateProc\config.dat, Quarantined, [791487d0493256e0917a4e2bd230837d], PUP.Optional.DealPly.A, C:\Users\Phillipê\AppData\Roaming\DealPly\UpdateProc\info.dat, Quarantined, [791487d0493256e0917a4e2bd230837d], PUP.Optional.DealPly.A, C:\Users\Phillipê\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe, Quarantined, [791487d0493256e0917a4e2bd230837d], PUP.Optional.OpenCandy, C:\Users\Phillipê\AppData\Roaming\OpenCandy\9ABC59DFC98F4921A9DF7200B7610E42\3708.ico, Quarantined, [cfbe2a2daccf6acc50f20c6d20e21ce4], PUP.Optional.OpenCandy, C:\Users\Phillipê\AppData\Roaming\OpenCandy\9ABC59DFC98F4921A9DF7200B7610E42\EBB77268-338F-4C6A-8590-AD88FED26F4A, Quarantined, [cfbe2a2daccf6acc50f20c6d20e21ce4], PUP.Optional.OpenCandy, C:\Users\Phillipê\AppData\Roaming\OpenCandy\9ABC59DFC98F4921A9DF7200B7610E42\Installer.exe, Quarantined, [cfbe2a2daccf6acc50f20c6d20e21ce4], PUP.Optional.OpenCandy, C:\Users\Phillipê\AppData\Roaming\OpenCandy\9ABC59DFC98F4921A9DF7200B7610E42\OCBrowserHelper_1.0.6.124.exe, Quarantined, [cfbe2a2daccf6acc50f20c6d20e21ce4], PUP.Optional.Babylon.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\extensions\ffxtlbr@babylon.com\defaults\preferences\babylon.js, Quarantined, [781534236615fd3957623c429a686898], PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods._xpiupdate", true);), Replaced,[d3ba2a2d2853a4921f408109778d5da3] PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.aflt", "_#ddr");), Replaced,[a2eb95c284f7e551b4ab2e5ca75db050] PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");), Replaced,[573665f28bf064d29ac50684af5530d0] PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.firstRun", false);), Replaced,[b4d9fb5cc1ba89ad104fbdcdee165ba5] PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.first_time", false);), Replaced,[78152532354654e2a0bf8a00f311946c] PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.id", "_#b0ffe46e51be4461b098796deac5badd");), Replaced,[9cf112453e3db086055a09813cc8b64a] PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.instlDay", "_#15205");), Replaced,[8a03f06795e662d43926f79320e4c739] PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.lastActv", "18");), Replaced,[dfae6aed9ddeea4ca5ba7e0c63a120e0] PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");), Replaced,[305d1443a4d750e6ff607119659f4eb2] PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.sid", "_#b0ffe46e51be4461b098796deac5badd");), Replaced,[840951068eed1026fb64fb8f58ac728e] PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.update", "_#v1.4.0");), Replaced,[88056ee9d1aaa98d005f6e1cf80caa56] PUP.Optional.FaceMoods.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.vrsn", "_#1.4.17.5");), Replaced,[ace182d5ef8cc670a8b7e6a419eb38c8] PUP.Optional.Conduit.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}");), Replaced,[2568055217641d194f6f296107fd6799] PUP.Optional.Conduit.A, C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js, Good: (), Bad: (user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=");), Replaced,[38554215a3d8dc5a0ab5830760a4ae52] Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter Emsisoft Anti-Malware - Version 8.1
Letztes Update: 30.05.2014 09:38:29
Benutzerkonto: Dröhnkiste-C35D\Phillipê
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, F:\
PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan Beginn: 30.05.2014 09:39:01
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it! gefunden: Application.AdStart (A)
C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torntv.com gefunden: Application.AdStart (A)
C:\Users\Phillipê\AppData\Roaming\babylon gefunden: Application.AppInstall (A)
C:\Users\Phillipê\AppData\Roaming\drivercure gefunden: Application.AppInstall (A)
C:\Users\Phillipê\AppData\Roaming\dsite gefunden: Application.AppInstall (A)
C:\Users\Phillipê\AppData\Roaming\dvdvideosoftiehelpers gefunden: Application.AppInstall (A)
C:\ProgramData\babylon gefunden: Application.AppInstall (A)
C:\Users\Phillipê\AppData\Local\vghd gefunden: Application.AppInstall (A)
C:\Program Files (x86)\daemon tools toolbar gefunden: Application.AppInstall (A)
C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\engine@conduit.com gefunden: Application.FireExt (A)
C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c} gefunden: Application.FireExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} gefunden: Application.AdReg (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\CLASSES\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CONDUIT.ENGINE gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DTTOOLBAR.TOOLBANDOBJ gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DTTOOLBAR.TOOLBANDOBJ.1 gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{09C554C3-109B-483C-A06B-F14172F1A947} gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} gefunden: Application.BHO (A)
Value: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-501\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS -> LFIND@NIJADSOFT.NET gefunden: Application.FireExt (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\SOFTONIC gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\BABYLON gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DAEMON TOOLS TOOLBAR gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SYSTWEAK gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\PARTYGAMING gefunden: Application.Win32.CasOnline (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-501\SOFTWARE\PARTYGAMING gefunden: Application.Win32.CasOnline (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-501\SOFTWARE\CONDUIT gefunden: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\DSITEPRODUCTS gefunden: Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5} gefunden: Application.Win32.WSearch (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\YAHOOPARTNERTOOLBAR gefunden: Application.Win32.YTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROD.CAP gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32 gefunden: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS gefunden: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MYBABYLONTB_RASAPI32 gefunden: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MYBABYLONTB_RASMANCS gefunden: Application.Win32.InstallExt (A)
D:\Mafia2\Mafia II\pc\Mafia 2 Crackfix.exe gefunden: Trojan.Generic.4653231 (B)
F:\DL\Bulletstorm\Bulletstorm Install\SKIDROW\Binaries\Win32\SKIDROW.dll gefunden: Trojan.Generic.5482034 (B)
F:\DL\Bulletstorm\Bulletstorm.Proper-SKIDROW\SKIDROW\Binaries\Win32\SKIDROW.dll gefunden: Trojan.Generic.5482034 (B)
F:\DL\Bulletstorm\Bulletstorm.Proper-SKIDROW\sr-bustp.rar -> SKIDROW\Binaries\Win32\SKIDROW.dll gefunden: Trojan.Generic.5482034 (B)
F:\DL\Kane.and.Lynch.2.Dog.Days-RELOADED\steambackup.exe gefunden: Trojan.Generic.5338659 (B)
F:\Spiele\Bulletstorm\Binaries\Win32\SKIDROW.dll gefunden: Trojan.Generic.5482034 (B)
F:\Spiele\Call of Duty 8 - Modern Warfare 3\COD8.MW3.SP.Crack.Only-3DM.rar -> iw5sp.exe gefunden: Trojan.Generic.7446411 (B)
F:\Spiele\Grand Theft Auto IV\LaunchGTAIV.exe gefunden: Riskware.Win32.HackTool (A)
Gescannt 446375
Gefunden 43
Scan Ende: 30.05.2014 11:38:49
Scan Zeit: 1:59:48
F:\Spiele\Grand Theft Auto IV\LaunchGTAIV.exe Quarantäne Riskware.Win32.HackTool (A)
F:\Spiele\Call of Duty 8 - Modern Warfare 3\COD8.MW3.SP.Crack.Only-3DM.rar Quarantäne Trojan.Generic.7446411 (B)
F:\DL\Kane.and.Lynch.2.Dog.Days-RELOADED\steambackup.exe Quarantäne Trojan.Generic.5338659 (B)
F:\DL\Bulletstorm\Bulletstorm Install\SKIDROW\Binaries\Win32\SKIDROW.dll Quarantäne Trojan.Generic.5482034 (B)
F:\DL\Bulletstorm\Bulletstorm.Proper-SKIDROW\SKIDROW\Binaries\Win32\SKIDROW.dll Quarantäne Trojan.Generic.5482034 (B)
F:\DL\Bulletstorm\Bulletstorm.Proper-SKIDROW\sr-bustp.rar Quarantäne Trojan.Generic.5482034 (B)
F:\Spiele\Bulletstorm\Binaries\Win32\SKIDROW.dll Quarantäne Trojan.Generic.5482034 (B)
D:\Mafia2\Mafia II\pc\Mafia 2 Crackfix.exe Quarantäne Trojan.Generic.4653231 (B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASAPI32 Quarantäne Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\AU__RASMANCS Quarantäne Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MYBABYLONTB_RASAPI32 Quarantäne Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\MYBABYLONTB_RASMANCS Quarantäne Application.Win32.InstallExt (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\YAHOOPARTNERTOOLBAR Quarantäne Application.Win32.YTool (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Quarantäne Application.Win32.WSearch (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\DSITEPRODUCTS Quarantäne Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\PARTYGAMING Quarantäne Application.Win32.CasOnline (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-501\SOFTWARE\PARTYGAMING Quarantäne Application.Win32.CasOnline (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-1000\SOFTWARE\SOFTONIC Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\BABYLON Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DAEMON TOOLS TOOLBAR Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SYSTWEAK Quarantäne Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-501\SOFTWARE\CONDUIT Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} Quarantäne Application.BHO (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CONDUIT.ENGINE Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DTTOOLBAR.TOOLBANDOBJ Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DTTOOLBAR.TOOLBANDOBJ.1 Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{09C554C3-109B-483C-A06B-F14172F1A947} Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROD.CAP Quarantäne Application.AdReg (A)
C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\engine@conduit.com Quarantäne Application.FireExt (A)
C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c} Quarantäne Application.FireExt (A)
Value: HKEY_USERS\S-1-5-21-1406149438-3228825593-328108524-501\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS -> LFIND@NIJADSOFT.NET Quarantäne Application.FireExt (A)
C:\Users\Phillipê\AppData\Roaming\babylon Quarantäne Application.AppInstall (A)
C:\Users\Phillipê\AppData\Roaming\drivercure Quarantäne Application.AppInstall (A)
C:\Users\Phillipê\AppData\Roaming\dsite Quarantäne Application.AppInstall (A)
C:\Users\Phillipê\AppData\Roaming\dvdvideosoftiehelpers Quarantäne Application.AppInstall (A)
C:\ProgramData\babylon Quarantäne Application.AppInstall (A)
C:\Users\Phillipê\AppData\Local\vghd Quarantäne Application.AppInstall (A)
C:\Program Files (x86)\daemon tools toolbar Quarantäne Application.AppInstall (A)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it! Quarantäne Application.AdStart (A)
C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torntv.com Quarantäne Application.AdStart (A)
Quarantäne 42
|
|
30.05.2014, 22:46
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | windows 7 dieses programm wurde durch eine gruppenrichtlinie blockiertZitat:
  Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ --> windows 7 dieses programm wurde durch eine gruppenrichtlinie blockiert |
|
31.05.2014, 11:56
| #7 |
| | windows 7 dieses programm wurde durch eine gruppenrichtlinie blockiert Ups  Zu meiner verteidigung ich hatte damals schlicht kein Geld für spiele und Heute kaufe ich mir alles  Naja müsste jetz alles runter sein, hier sind die neuen Logs(Malwarebytes und Emisoft haben nichts mehr gefunden und FRST hat mir keine Addition.txt ausgespuckt): Gmer Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-05-31 12:45:47 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD322HJ rev.1AC01113 298,09GB Running: kom09zc9.exe; Driver: C:\Users\PHILLI~1\AppData\Local\Temp\afrdiaoc.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800033fa000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800033fa02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\services.exe[740] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62] .text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[996] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771aa2fd 1 byte [62] .text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075941465 2 bytes [94, 75] .text C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe[996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759414bb 2 bytes [94, 75] .text ... * 2 .text C:\Windows\System32\svchost.exe[1104] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1140] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62] .text C:\Windows\system32\svchost.exe[1176] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62] .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1972] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000771aa2fd 1 byte [62] .text C:\Windows\Explorer.EXE[2240] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62] .text C:\Windows\vVX1000.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007792fac0 5 bytes JMP 0000000100030600 .text C:\Windows\vVX1000.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007792fb58 5 bytes JMP 0000000100030804 .text C:\Windows\vVX1000.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007792fcb0 5 bytes JMP 0000000100030c0c .text C:\Windows\vVX1000.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077930038 5 bytes JMP 0000000100030a08 .text C:\Windows\vVX1000.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077931920 5 bytes JMP 0000000100030e10 .text C:\Windows\vVX1000.exe[2956] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007794c4dd 5 bytes JMP 00000001000301f8 .text C:\Windows\vVX1000.exe[2956] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077951287 5 bytes JMP 00000001000303fc .text C:\Windows\vVX1000.exe[2956] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771aa2fd 1 byte [62] .text C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[2852] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007792fac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[2852] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007792fb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[2852] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007792fcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[2852] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077930038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[2852] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077931920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[2852] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007794c4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[2852] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077951287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[2852] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771aa2fd 1 byte [62] .text D:\Steam\Steam.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007792fac0 5 bytes JMP 0000000100030600 .text D:\Steam\Steam.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007792fb58 5 bytes JMP 0000000100030804 .text D:\Steam\Steam.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007792fcb0 5 bytes JMP 0000000100030c0c .text D:\Steam\Steam.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077930038 5 bytes JMP 0000000100030a08 .text D:\Steam\Steam.exe[3004] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077931920 5 bytes JMP 0000000100030e10 .text D:\Steam\Steam.exe[3004] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007794c4dd 5 bytes JMP 00000001000301f8 .text D:\Steam\Steam.exe[3004] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077951287 5 bytes JMP 00000001000303fc .text D:\Steam\Steam.exe[3004] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771aa2fd 1 byte [62] .text D:\Steam\Steam.exe[3004] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 00000000764c54a9 5 bytes JMP 0000000100430800 .text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077753b10 5 bytes JMP 000000010023075c .text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077757ac0 5 bytes JMP 00000001002303a4 .text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077781430 5 bytes JMP 0000000100230b14 .text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077781490 5 bytes JMP 0000000100230ecc .text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 000000010023163c .text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777817b0 5 bytes JMP 0000000100231284 .text C:\Windows\system32\SearchIndexer.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000001002319f4 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077753b10 5 bytes JMP 000000010046075c .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077757ac0 5 bytes JMP 00000001004603a4 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077781430 5 bytes JMP 0000000100460b14 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077781490 5 bytes JMP 0000000100460ecc .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 000000010046163c .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777817b0 5 bytes JMP 0000000100461284 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000001004619f4 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff3d6e00 5 bytes JMP 000007ff7f3f1dac .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff3d6f2c 5 bytes JMP 000007ff7f3f0ecc .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff3d7220 5 bytes JMP 000007ff7f3f1284 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff3d739c 5 bytes JMP 000007ff7f3f163c .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff3d7538 5 bytes JMP 000007ff7f3f19f4 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff3d75e8 5 bytes JMP 000007ff7f3f03a4 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff3d790c 5 bytes JMP 000007ff7f3f075c .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4220] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff3d7ab4 5 bytes JMP 000007ff7f3f0b14 .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007792fac0 5 bytes JMP 0000000100030600 .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007792fb58 5 bytes JMP 0000000100030804 .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007792fcb0 5 bytes JMP 0000000100030c0c .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077930038 5 bytes JMP 0000000100030a08 .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077931920 5 bytes JMP 0000000100030e10 .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007794c4dd 5 bytes JMP 00000001000301f8 .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077951287 5 bytes JMP 00000001000303fc .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771aa2fd 1 byte [62] .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007633ee09 5 bytes JMP 00000001002501f8 .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076343982 5 bytes JMP 00000001002503fc .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076347603 5 bytes JMP 0000000100250804 .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007634835c 5 bytes JMP 0000000100250600 .text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4796] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007635f52b 5 bytes JMP 0000000100250a08 .text C:\Windows\system32\SearchProtocolHost.exe[6548] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff3d6e00 5 bytes JMP 000007ff7f3f1dac .text C:\Windows\system32\SearchProtocolHost.exe[6548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff3d6f2c 5 bytes JMP 000007ff7f3f0ecc .text C:\Windows\system32\SearchProtocolHost.exe[6548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff3d7220 5 bytes JMP 000007ff7f3f1284 .text C:\Windows\system32\SearchProtocolHost.exe[6548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff3d739c 5 bytes JMP 000007ff7f3f163c .text C:\Windows\system32\SearchProtocolHost.exe[6548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff3d7538 5 bytes JMP 000007ff7f3f19f4 .text C:\Windows\system32\SearchProtocolHost.exe[6548] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff3d75e8 5 bytes JMP 000007ff7f3f03a4 .text C:\Windows\system32\SearchProtocolHost.exe[6548] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff3d790c 5 bytes JMP 000007ff7f3f075c .text C:\Windows\system32\SearchProtocolHost.exe[6548] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff3d7ab4 5 bytes JMP 000007ff7f3f0b14 .text C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077753b10 5 bytes JMP 00000001001e075c .text C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077757ac0 5 bytes JMP 00000001001e03a4 .text C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077781430 5 bytes JMP 00000001001e0b14 .text C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077781490 5 bytes JMP 00000001001e0ecc .text C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000001001e163c .text C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777817b0 5 bytes JMP 00000001001e1284 .text C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000001001e19f4 .text C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff3d6e00 5 bytes JMP 000007ff7f3f1dac .text C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff3d6f2c 5 bytes JMP 000007ff7f3f0ecc .text C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff3d7220 5 bytes JMP 000007ff7f3f1284 .text C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff3d739c 5 bytes JMP 000007ff7f3f163c .text C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff3d7538 5 bytes JMP 000007ff7f3f19f4 .text C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff3d75e8 5 bytes JMP 000007ff7f3f03a4 .text C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff3d790c 5 bytes JMP 000007ff7f3f075c .text C:\Windows\system32\taskhost.exe[6696] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff3d7ab4 5 bytes JMP 000007ff7f3f0b14 .text C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077753b10 5 bytes JMP 000000010026075c .text C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077757ac0 5 bytes JMP 00000001002603a4 .text C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077781430 5 bytes JMP 0000000100260b14 .text C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077781490 5 bytes JMP 0000000100260ecc .text C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 000000010026163c .text C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777817b0 5 bytes JMP 0000000100261284 .text C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000001002619f4 .text C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff3d6e00 5 bytes JMP 000007ff7f3f1dac .text C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff3d6f2c 5 bytes JMP 000007ff7f3f0ecc .text C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff3d7220 5 bytes JMP 000007ff7f3f1284 .text C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff3d739c 5 bytes JMP 000007ff7f3f163c .text C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff3d7538 5 bytes JMP 000007ff7f3f19f4 .text C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff3d75e8 5 bytes JMP 000007ff7f3f03a4 .text C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff3d790c 5 bytes JMP 000007ff7f3f075c .text C:\Program Files\iPod\bin\iPodService.exe[4172] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff3d7ab4 5 bytes JMP 000007ff7f3f0b14 .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007792fac0 5 bytes JMP 0000000100030600 .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007792fb58 5 bytes JMP 0000000100030804 .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007792fcb0 5 bytes JMP 0000000100030c0c .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077930038 5 bytes JMP 0000000100030a08 .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077931920 5 bytes JMP 0000000100030e10 .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007794c4dd 5 bytes JMP 00000001000301f8 .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077951287 5 bytes JMP 00000001000303fc .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771aa2fd 1 byte [62] .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007633ee09 5 bytes JMP 00000001001001f8 .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076343982 5 bytes JMP 00000001001003fc .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076347603 5 bytes JMP 0000000100100804 .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007634835c 5 bytes JMP 0000000100100600 .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007635f52b 5 bytes JMP 0000000100100a08 .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076505181 5 bytes JMP 0000000100111014 .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076505254 5 bytes JMP 0000000100110804 .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000765053d5 5 bytes JMP 0000000100110a08 .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000765054c2 5 bytes JMP 0000000100110c0c .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000765055e2 5 bytes JMP 0000000100110e10 .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007650567c 5 bytes JMP 00000001001101f8 .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007650589f 5 bytes JMP 00000001001103fc .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076505a22 3 bytes JMP 0000000100110600 .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\SysWOW64\sechost.dll!DeleteService + 4 0000000076505a26 1 byte [89] .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075941465 2 bytes [94, 75] .text D:\ Malwarebytes Anti-Malware \mbam.exe[6996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759414bb 2 bytes [94, 75] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [6996] entry point in ".rdata" section 00000000741d71e6 .text C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007792fac0 5 bytes JMP 0000000100030600 .text C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007792fb58 5 bytes JMP 0000000100030804 .text C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007792fcb0 5 bytes JMP 0000000100030c0c .text C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077930038 5 bytes JMP 0000000100030a08 .text C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077931920 5 bytes JMP 0000000100030e10 .text C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007794c4dd 5 bytes JMP 00000001000301f8 .text C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077951287 5 bytes JMP 00000001000303fc .text C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000771aa2fd 1 byte [62] .text C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000076505181 5 bytes JMP 0000000100241014 .text C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000076505254 5 bytes JMP 0000000100240804 .text C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000765053d5 5 bytes JMP 0000000100240a08 .text C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000765054c2 5 bytes JMP 0000000100240c0c .text C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000765055e2 5 bytes JMP 0000000100240e10 .text C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007650567c 5 bytes JMP 00000001002401f8 .text C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007650589f 5 bytes JMP 00000001002403fc .text C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000076505a22 5 bytes JMP 0000000100240600 .text C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007633ee09 5 bytes JMP 00000001002501f8 .text C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000076343982 5 bytes JMP 00000001002503fc .text C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076347603 5 bytes JMP 0000000100250804 .text C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007634835c 5 bytes JMP 0000000100250600 .text C:\Users\Phillipê\Desktop\kom09zc9.exe[5408] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007635f52b 5 bytes JMP 0000000100250a08 ---- Threads - GMER 2.1 ---- Thread C:\Windows\System32\svchost.exe [1104:1388] 000007fefabe331c Thread C:\Windows\System32\svchost.exe [1104:3520] 000007fef9a744e0 Thread C:\Windows\System32\svchost.exe [1104:4024] 000007fef3a220c0 Thread C:\Windows\System32\svchost.exe [1104:4100] 000007fef2f714a0 Thread C:\Windows\System32\svchost.exe [1104:4116] 000007fef3a226a8 Thread C:\Windows\System32\svchost.exe [1104:2844] 000007fef9d888f8 Thread C:\Windows\System32\svchost.exe [1104:5004] 000007fef27da2b0 Thread C:\Windows\System32\svchost.exe [1104:5584] 000007fef3a229dc Thread C:\Windows\System32\svchost.exe [1104:4804] 000007fef3a229dc Thread C:\Windows\System32\spoolsv.exe [1784:3040] 000007fef7fe10c8 Thread C:\Windows\System32\spoolsv.exe [1784:3044] 000007fef7fa6144 Thread C:\Windows\System32\spoolsv.exe [1784:3048] 000007fef9925fd0 Thread C:\Windows\System32\spoolsv.exe [1784:3052] 000007fef9713438 Thread C:\Windows\System32\spoolsv.exe [1784:3056] 000007fef99263ec Thread C:\Windows\System32\spoolsv.exe [1784:3064] 000007fef8985e5c Thread C:\Windows\System32\spoolsv.exe [1784:3068] 000007fef89b5074 Thread C:\Windows\system32\svchost.exe [1848:4256] 000007fef3af2888 Thread C:\Windows\system32\svchost.exe [2208:2268] 000007fef9925fd0 Thread C:\Windows\system32\svchost.exe [2208:2272] 000007fef9713438 Thread C:\Windows\system32\svchost.exe [2208:2276] 000007fef99263ec Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4220:4528] 000007feff840168 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4220:5108] 000007fefbd22a7c Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4220:1216] 000007feec7f4830 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4220:1452] 000007fef9c05124 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4220:480] 000007feec779d90 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4220:6952] 000007feec7f4830 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4220:5908] 000007feff840168 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4220:6528] 000007feff840168 Thread C:\Windows\System32\svchost.exe [2236:5872] 000007feedf99688 Thread C:\Windows\System32\WUDFHost.exe [2824:2800] 000007fef23024a0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 392 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 7468522 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition1\Windows Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\Alwil Software\Avast5 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\Alwil Software\Avast5 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\Alwil Software\Avast5 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\Alwil Software\Avast5 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9 Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer. Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 392 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 7468522 Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition1\Windows Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\Alwil Software\Avast5 Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\Alwil Software\Avast5 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\Alwil Software\Avast5 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\Alwil Software\Avast5 Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer. Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1 ---- EOF - GMER 2.1 ---- |
|
31.05.2014, 11:57
| #8 |
| | windows 7 dieses programm wurde durch eine gruppenrichtlinie blockiert FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014 Ran by Phillipê (administrator) on DRÖHNKISTE-C35D on 31-05-2014 12:32:44 Running from C:\Users\Phillipê\Desktop Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (AMD) C:\Windows\System32\atiesrxx.exe (AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Tunngle.net GmbH) D:\Tunngle\TnglCtrl.exe (LogMeIn Inc.) D:\Hamachi\hamachi-2.exe (LogMeIn, Inc.) D:\Hamachi\LMIGuardianSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) C:\Windows\vVX1000.exe () C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe (Valve Corporation) D:\Steam\Steam.exe (Microsoft Corporation) C:\Windows\System32\regsvr32.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe (LogMeIn Inc.) D:\Hamachi\hamachi-2-ui.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (LogMeIn, Inc.) D:\Hamachi\LMIGuardianSvc.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\prevhost.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmprph.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Malwarebytes Corporation) D:\ Malwarebytes Anti-Malware \mbam.exe (Apple Inc.) D:\iTunes.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-03] (Realtek Semiconductor) HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2306448 2010-07-21] (Microsoft Corporation) HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762224 2009-06-30] (Microsoft Corporation) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation) HKLM-x32\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-25] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.) HKLM-x32\...\RunOnce: [20140529] - C:\Program Files\Alwil Software\Avast5\setup\emupdate\744386a5-97c8-4008-8290-439eb78bad9a.exe /check [183208 2014-05-31] (AVAST Software) HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\Run: [OscarEditor] => C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe [2624512 2010-07-22] () HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\Run: [Steam] => D:\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation) HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\Run: [EkuwiQaqab] => regsvr32.exe "C:\ProgramData\EkuwiQaqab.dat" HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\MountPoints2: H - H:\Autorun.exe HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\MountPoints2: {062f12c3-2890-11e0-bffa-1c6f659604aa} - G:\Autorun.exe HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\MountPoints2: {d6cd9e04-5340-11e2-87a0-1c6f659604aa} - E:\FalloutLauncher.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x693498F99DBCCB01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} URLSearchHook: HKLM-x32 - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File URLSearchHook: HKLM-x32 - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013 SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=3954ebe6-4511-499e-b334-12b942b293da&searchtype=ds&q={searchTerms}&installDate=14/04/2013 SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=8EC600FFE8A7A881 BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: 127.0.0.1 activate.adobe.com Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default FF NetworkProxy: "type", 0 FF Homepage: user_pref("browser.startup.homepage", ); FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF user.js: detected! => C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\daemon-search.xml FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-1.xml FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-10.xml FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-11.xml FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-12.xml FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-13.xml FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-14.xml FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-15.xml FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-16.xml FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-17.xml FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-18.xml FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-19.xml FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-2.xml FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-3.xml FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-4.xml FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-5.xml FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-6.xml FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-7.xml FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-8.xml FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-9.xml FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin.gif FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin.src FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin.xml FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\searchplugins-backup FF Extension: DAEMON Tools Toolbar - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\DTToolbar@toolbarnet.com [2011-04-25] FF Extension: ProxTube - Unblock YouTube - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\ich@maltegoetz.de [2012-09-16] FF Extension: ICQ Toolbar - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012-08-05] FF Extension: Facemoods - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\ffxtlbr@Facemoods.com.xpi [2011-08-18] FF Extension: Movie2kDownloader - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012-12-13] FF Extension: Adblock Plus - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-25] FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-09] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-10-02] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] FF StartMenuInternet: FIREFOX.EXE - D:\Mozilla Firefox\firefox.exe Chrome: ======= CHR HomePage: hxxp://scholar.google.de/schhp?hl=de CHR StartupUrls: "hxxp://google.de/" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File CHR Plugin: (Skype Toolbars) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File CHR Plugin: (iTunes Application Detector) - D:\Mozilla Plugins\npitunes.dll () CHR Extension: (ProxFlow) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2012-11-06] CHR Extension: (Movie2kDownloader 2) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf [2013-04-08] CHR Extension: (YouTube) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17] CHR Extension: (Google-Suche) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17] CHR Extension: (AdBlock) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-17] CHR Extension: (avast! Online Security) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-17] CHR Extension: (Skype Click to Call) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-11-05] CHR Extension: (Simply Block Ads!) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjefnfnmmnkcckbjjcganphignempo [2012-10-08] CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2012-09-14] CHR Extension: (Google Wallet) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-02-26] CHR Extension: (Google Mail) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-08] CHR HKLM-x32\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader10.crx [2012-12-13] CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn11.crx [2012-12-13] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12] ==================== Services (Whitelisted) ================= R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-03-24] () R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation) R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] () R2 Hamachi2Svc; D:\Hamachi\hamachi-2.exe [2228048 2014-05-13] (LogMeIn Inc.) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-26] () R2 TunngleService; D:\Tunngle\TnglCtrl.exe [741224 2011-08-09] (Tunngle.net GmbH) ==================== Drivers (Whitelisted) ==================== S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] () R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-10] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-10] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-10] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-11-17] () R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-01-25] (DT Soft Ltd) S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-08-09] () S3 hidusbf; C:\Windows\System32\DRIVERS\hidusbf.sys [7040 2006-11-09] (SweetLow) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-11-17] () R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-31] (Malwarebytes Corporation) S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] () R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 cpuz136; \??\C:\Users\PHILLI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X] S3 MSICDSetup; \??\E:\CDriver64.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-31 12:32 - 2014-05-31 12:32 - 00028532 _____ () C:\Users\Phillipê\Desktop\FRST.txt 2014-05-31 12:31 - 2014-05-31 12:31 - 00000964 _____ () C:\Users\Phillipê\Desktop\emsisoft.txt 2014-05-31 11:20 - 2014-05-31 11:20 - 00001068 _____ () C:\Users\Phillipê\Desktop\malwarebytes.txt 2014-05-31 10:37 - 2014-05-31 10:37 - 00000000 ____D () C:\Users\Phillipê\Desktop\skid 2014-05-30 12:20 - 2014-05-30 12:26 - 00000308 _____ () C:\Users\Phillipê\Desktop\Neues Textdokument.txt 2014-05-30 11:51 - 2014-05-31 12:32 - 00000000 ____D () C:\FRST 2014-05-30 11:50 - 2014-05-30 11:50 - 00050477 _____ () C:\Users\Phillipê\Desktop\Defogger.exe 2014-05-30 11:50 - 2014-05-30 11:50 - 00000168 _____ () C:\Users\Phillipê\defogger_reenable 2014-05-30 11:49 - 2014-05-30 11:49 - 02066944 _____ (Farbar) C:\Users\Phillipê\Desktop\FRST64.exe 2014-05-30 11:47 - 2014-05-30 11:47 - 00380416 _____ () C:\Users\Phillipê\Desktop\kom09zc9.exe 2014-05-30 09:34 - 2014-05-31 12:31 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2014-05-30 09:34 - 2014-05-30 09:34 - 00001103 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\Users\Phillipê\Documents\Anti-Malware 2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-05-30 09:26 - 2014-05-30 12:24 - 00010212 _____ () C:\Windows\PFRO.log 2014-05-30 09:16 - 2014-05-31 11:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-30 09:15 - 2014-05-30 09:15 - 00000629 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-30 09:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-30 09:15 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-30 09:15 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-30 08:55 - 2014-05-30 08:55 - 00000000 ____D () C:\Windows\pss 2014-05-30 05:38 - 2014-05-30 12:24 - 00000448 _____ () C:\Windows\setupact.log 2014-05-30 05:38 - 2014-05-30 05:38 - 00000000 _____ () C:\Windows\setuperr.log 2014-05-30 04:42 - 2014-05-31 10:32 - 00093497 _____ () C:\Windows\WindowsUpdate.log 2014-05-29 18:08 - 2014-05-29 18:08 - 00000993 _____ () C:\Users\Phillipê\Desktop\Fallout3ng.exe - Verknüpfung.lnk 2014-05-15 20:26 - 2014-05-15 22:33 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Darksiders 2014-05-15 17:17 - 2014-05-15 17:17 - 00000000 ____D () C:\Users\Phillipê\Documents\Darksiders Soundtrack Comic 2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ 2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\Program Files (x86)\THQ 2014-05-14 22:39 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-14 22:39 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-14 22:39 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-14 22:39 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-14 22:39 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-14 22:39 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-14 19:08 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-14 19:08 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-14 19:08 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-05-14 19:08 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-05-14 19:08 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-05-14 19:08 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-05-14 19:08 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-05-14 19:08 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-05-14 19:08 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-05-14 19:08 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-05-14 19:08 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-05-14 19:08 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-05-14 19:08 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-05-14 19:08 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-05-14 19:08 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-05-14 19:08 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-05-14 19:08 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-05-14 19:08 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-05-14 19:08 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-05-14 19:08 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-05-14 19:08 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-05-14 19:08 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-05-14 19:08 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-05-14 19:08 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-05-14 19:08 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-05-14 19:08 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-05-14 19:08 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-05-14 19:08 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-05-14 19:08 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-05-14 19:08 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-05-14 19:08 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-05-14 19:08 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-05-14 19:08 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-05-14 19:08 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-05-14 19:08 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-05-14 19:08 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-05-14 19:08 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-05-14 19:08 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-05-14 19:08 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-05-14 19:08 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-05-14 19:08 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-05-14 19:08 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-05-14 19:08 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-05-14 19:08 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-05-14 19:08 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-05-14 18:57 - 2014-05-14 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-05-06 22:07 - 2014-05-15 16:55 - 00000000 ___SD () C:\Windows\system32\CompatTel ==================== One Month Modified Files and Folders ======= 2014-05-31 12:32 - 2014-05-31 12:32 - 00028532 _____ () C:\Users\Phillipê\Desktop\FRST.txt 2014-05-31 12:32 - 2014-05-30 11:51 - 00000000 ____D () C:\FRST 2014-05-31 12:32 - 2011-01-25 16:26 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Temp 2014-05-31 12:31 - 2014-05-31 12:31 - 00000964 _____ () C:\Users\Phillipê\Desktop\emsisoft.txt 2014-05-31 12:31 - 2014-05-30 09:34 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2014-05-31 12:24 - 2011-02-26 13:33 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-31 12:10 - 2014-02-15 15:10 - 00000320 _____ () C:\Windows\Tasks\Digital Sites.job 2014-05-31 12:10 - 2013-06-19 21:10 - 00000306 _____ () C:\Windows\Tasks\DSite.job 2014-05-31 12:04 - 2012-04-02 00:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-31 11:20 - 2014-05-31 11:20 - 00001068 _____ () C:\Users\Phillipê\Desktop\malwarebytes.txt 2014-05-31 11:01 - 2014-05-30 09:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-31 10:37 - 2014-05-31 10:37 - 00000000 ____D () C:\Users\Phillipê\Desktop\skid 2014-05-31 10:32 - 2014-05-30 04:42 - 00093497 _____ () C:\Windows\WindowsUpdate.log 2014-05-31 10:28 - 2011-02-26 13:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-31 10:27 - 2011-08-20 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games 2014-05-30 12:29 - 2009-07-14 06:45 - 00026432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-30 12:29 - 2009-07-14 06:45 - 00026432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-30 12:27 - 2012-08-29 17:58 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-05-30 12:26 - 2014-05-30 12:20 - 00000308 _____ () C:\Users\Phillipê\Desktop\Neues Textdokument.txt 2014-05-30 12:25 - 2012-05-19 13:41 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\LogMeIn Hamachi 2014-05-30 12:24 - 2014-05-30 09:26 - 00010212 _____ () C:\Windows\PFRO.log 2014-05-30 12:24 - 2014-05-30 05:38 - 00000448 _____ () C:\Windows\setupact.log 2014-05-30 12:24 - 2011-01-25 17:27 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys 2014-05-30 12:24 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-05-30 12:21 - 2011-02-13 12:56 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat 2014-05-30 11:50 - 2014-05-30 11:50 - 00050477 _____ () C:\Users\Phillipê\Desktop\Defogger.exe 2014-05-30 11:50 - 2014-05-30 11:50 - 00000168 _____ () C:\Users\Phillipê\defogger_reenable 2014-05-30 11:50 - 2011-01-25 16:26 - 00000000 ____D () C:\Users\Phillipê 2014-05-30 11:49 - 2014-05-30 11:49 - 02066944 _____ (Farbar) C:\Users\Phillipê\Desktop\FRST64.exe 2014-05-30 11:47 - 2014-05-30 11:47 - 00380416 _____ () C:\Users\Phillipê\Desktop\kom09zc9.exe 2014-05-30 09:34 - 2014-05-30 09:34 - 00001103 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\Users\Phillipê\Documents\Anti-Malware 2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-05-30 09:24 - 2014-02-10 21:10 - 00000000 ____D () C:\Users\Phillipê\AppData\Roaming\DigitalSites 2014-05-30 09:15 - 2014-05-30 09:15 - 00000629 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-30 08:55 - 2014-05-30 08:55 - 00000000 ____D () C:\Windows\pss 2014-05-30 05:38 - 2014-05-30 05:38 - 00000000 _____ () C:\Windows\setuperr.log 2014-05-30 04:32 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2014-05-30 00:10 - 2013-07-27 00:10 - 00000063 _____ () C:\Users\Phillipê\AppData\Roaming\WB.CFG 2014-05-29 18:08 - 2014-05-29 18:08 - 00000993 _____ () C:\Users\Phillipê\Desktop\Fallout3ng.exe - Verknüpfung.lnk 2014-05-29 15:57 - 2011-01-26 21:33 - 00000000 ____D () C:\Users\Phillipê\Documents\My games 2014-05-29 15:31 - 2011-01-25 16:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-05-28 19:12 - 2011-04-15 16:53 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Fallout3 2014-05-26 06:36 - 2013-01-30 23:17 - 01632188 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-05-26 06:36 - 2009-07-14 19:58 - 00713594 _____ () C:\Windows\system32\perfh007.dat 2014-05-26 06:36 - 2009-07-14 19:58 - 00155530 _____ () C:\Windows\system32\perfc007.dat 2014-05-26 06:36 - 2009-07-14 07:13 - 01632188 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-05-15 22:33 - 2014-05-15 20:26 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Darksiders 2014-05-15 18:56 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-05-15 17:17 - 2014-05-15 17:17 - 00000000 ____D () C:\Users\Phillipê\Documents\Darksiders Soundtrack Comic 2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ 2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\Program Files (x86)\THQ 2014-05-15 17:15 - 2011-01-25 17:53 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-05-15 16:58 - 2012-11-02 22:37 - 00000000 ___RD () C:\Users\Phillipê\Desktop\GameZ 2014-05-15 16:58 - 2011-01-25 16:26 - 00000000 ___RD () C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-15 16:58 - 2011-01-25 16:26 - 00000000 ___RD () C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-05-15 16:55 - 2014-05-06 22:07 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-05-15 16:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-05-14 22:38 - 2013-08-14 22:40 - 00000000 ____D () C:\Windows\system32\MRT 2014-05-14 22:38 - 2011-02-27 15:11 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-05-14 22:37 - 2011-08-07 16:45 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-05-14 19:05 - 2012-04-02 00:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-05-14 19:05 - 2012-04-02 00:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-05-14 19:05 - 2011-08-07 16:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-05-14 18:57 - 2014-05-14 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-05-13 20:20 - 2013-06-11 20:12 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-12 07:26 - 2014-05-30 09:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-12 07:26 - 2014-05-30 09:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-12 07:25 - 2014-05-30 09:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-09 08:14 - 2014-05-14 19:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-09 08:11 - 2014-05-14 19:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-08 21:19 - 2011-02-26 13:33 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-08 21:19 - 2011-02-26 13:33 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-06 06:40 - 2014-05-14 22:39 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-06 06:17 - 2014-05-14 22:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-06 05:25 - 2014-05-14 22:39 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-06 05:07 - 2014-05-14 22:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-06 05:00 - 2014-05-14 22:39 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-06 04:10 - 2014-05-14 22:39 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-05-02 15:39 - 2011-03-20 14:47 - 00000000 ____D () C:\Users\Phillipê\AppData\Roaming\vlc Some content of TEMP: ==================== C:\Users\Phillipê\AppData\Local\Temp\drm_dyndata_7380014.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-29 19:17 ==================== End Of Log ============================ |
|
01.06.2014, 11:58
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | windows 7 dieses programm wurde durch eine gruppenrichtlinie blockiert Bitte auch ne neue Additions.txt machen. Haken setzen bei Addition.txt dann auf Scan klicken 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.06.2014, 12:49
| #10 |
| | windows 7 dieses programm wurde durch eine gruppenrichtlinie blockiert addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014
Ran by Phillipê at 2014-06-01 13:47:50
Running from C:\Users\Phillipê\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.09 - GIGABYTE)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.831.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{0BD776F3-057D-4C11-020C-4FA9B13D04F9}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
ANNO 1404 - Venice (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.0.5008.0 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARMA 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)
ARMA 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)
ATI AVIVO64 Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd)
AutoGreen B10.1021.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B10.1021.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1489.0 - AVAST Software)
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.5.0000 - 2K Games)
BioShock Infinite version 1.0.0.0 (HKLM-x32\...\BioShock Infinite_is1) (Version: 1.0.0.0 - )
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.8.0.29343 - BitTorrent Inc.)
Black & White® 2 (HKLM-x32\...\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}) (Version: 1.00.0000 - Lionhead Studios)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.0.9 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
BulletStorm (x32 Version: 1.0.0001.130 - EA) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.1125.2148.39102 - ATI) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.1125.2148.39102 - ATI) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2010.1125.2148.39102 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help English (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help French (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help German (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
ccc-core-static (x32 Version: 2010.1125.2148.39102 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.1125.2148.39102 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Darksiders (HKLM-x32\...\Steam App 50620) (Version: - Vigil Games)
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - THQ)
DayZ Commander (HKLM-x32\...\{67BE448F-7813-4466-A767-85EF5BBAC1D1}) (Version: 1.09.70 - Dotjosh Studios)
Dead Rising 2 (HKLM-x32\...\GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}) (Version: 1.0.0000.130 - Capcom)
Dead Rising 2 (x32 Version: 1.0.0000.130 - Capcom) Hidden
Deponia (HKLM-x32\...\Deponia) (Version: 1.0 - Daedalic Entertainment)
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Deus Ex - Invisible War (HKLM-x32\...\{47BE1E5F-8978-484B-BE86-B616C00EA75A}) (Version: 1.00.0000 - )
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Easy Tune 6 B10.1024.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.1024.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version: - )
FLAC To MP3 V4.0.5 (HKLM-x32\...\FLAC To MP3_is1) (Version: - FLAC To MP3, Inc.)
Foldit (HKLM-x32\...\Foldit) (Version: - )
Free Studio version 5.0.3 (HKLM-x32\...\Free Studio_is1) (Version: - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{C768E610-4DFB-4A60-A59B-71549EB7BF75}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Kane and Lynch: Dead Men (HKLM-x32\...\{A66C4716-7E10-4A53-8101-00C3C11D6A9C}) (Version: 1.00.0000 - Eidos)
K-Lite Codec Pack 9.9.5 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.193 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.01.0.0 - Electronic Arts)
Mathematica Extras 9.0 (4092550) (HKLM\...\A-WIN-Extras 9.0.1 4092550_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version: - Rockstar Studios)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.0 (HKLM\...\{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mouse Editor (HKLM-x32\...\InstallShield_{8973F26D-3E74-481C-AF11-FDC7D0089E96}) (Version: 10.07.0002 - Ihr Firmenname)
MOUSE Editor (x32 Version: 10.07.0002 - Ihr Firmenname) Hidden
Mozilla Firefox 16.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 16.0.1 (x86 en-US)) (Version: 16.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 16.0.1 - Mozilla)
MSI Afterburner 2.0.0 (HKLM-x32\...\Afterburner) (Version: 2.0.0 - MSI Co., LTD)
My Game Long Name (HKLM\...\UDK-964f1b46-0a2c-4960-ac16-5d146edf634d) (Version: - Epic Games, Inc.)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1509 - Electronic Arts)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.4 - )
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RAGE (HKLM-x32\...\Steam App 9200) (Version: - id Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.26.902.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.20.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.20.0 - Renesas Electronics Corporation) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Singularity (HKLM-x32\...\Steam App 42670) (Version: - )
Six Updater (HKLM-x32\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7016 - Six Projects)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: - TeamSpeak Systems GmbH)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Wolfram CDF Player (M-WIN-D 9.0.1 4092685) (HKLM-x32\...\M-WIN-D 9.0.1 4092685_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2011-07-30 13:57 - 00000857 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {0740D52B-D79C-49D5-AC41-0E24D20CB325} - System32\Tasks\Digital Sites => C:\Users\PHILLI~1\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: {18FF80B1-9A8C-4ECE-BDF1-60958BD91B36} - System32\Tasks\QtraxPlayer => C:\Program Files (x86)\Microsoft Silverlight\sllauncher.exe
Task: {1D47DC25-E59E-4DF6-9532-794AA82A0868} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26] (Google Inc.)
Task: {2529AC27-E1A5-459E-93AD-1B7AE188DAFB} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {267E2320-6708-4151-A59C-159688C336D4} - System32\Tasks\DSite => C:\Users\PHILLI~1\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: {42945CE0-7500-4909-8CEF-667BC0A3D4F9} - System32\Tasks\{24ECB2F1-8B87-4CE4-BDF6-8055A5D64855} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {7B3C30B0-63D4-4085-B134-4B7298F8AC27} - System32\Tasks\DealPly => C:\Users\PHILLI~1\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: {925BCC9E-3CD0-40EB-8689-E392FAE14F29} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {A2AC332B-6B8C-4817-8310-681AD8A09CEB} - System32\Tasks\ParetoLogic Update Version3 => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {B05C7659-234E-43D3-9B6F-CFB04FB12371} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: {B40C0A91-7445-4597-B684-DA4330385069} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BE1F2ADC-A293-4886-8B4D-25D5AF0B92D3} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2010-07-21] (Microsoft Corporation)
Task: {E813C1C9-B934-4D36-BE6E-15E401A255A5} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {EA42980F-B5F2-463C-B881-285129EF7341} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\PHILLI~1\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\PHILLI~1\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-01-25 16:42 - 2009-06-17 17:13 - 00068136 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
2011-01-25 18:04 - 2013-05-26 15:38 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-07-22 08:15 - 2010-07-22 08:15 - 02624512 _____ () C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
2011-07-29 01:08 - 2011-07-29 01:08 - 01259376 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2010-11-25 22:46 - 2010-11-25 22:46 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-05-31 10:29 - 2014-05-30 20:43 - 02295808 _____ () C:\Program Files\Alwil Software\Avast5\defs\14053001\algo.dll
2014-06-01 13:47 - 2014-06-01 09:30 - 02295808 _____ () C:\Program Files\Alwil Software\Avast5\defs\14060100\algo.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-25 16:42 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
2011-02-11 17:28 - 2011-05-31 18:07 - 01852759 _____ () D:\Tunngle\libeay32.dll
2010-06-01 05:41 - 2010-06-01 05:41 - 00098816 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_MouseDeviceManager.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00094208 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ZoomControl.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00062976 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ScrollbarControl.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00069632 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInRight.dll
2010-04-03 05:36 - 2010-04-03 05:36 - 00069632 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInOne.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00127488 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_Wheel4D.dll
2010-05-07 17:05 - 2010-05-07 17:05 - 00042496 _____ () C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2011-07-29 01:09 - 2011-07-29 01:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GoogleChromeAutoLaunch_ABA4318D4E55179246F0B38EF7E0EE65 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Officejet 6600 (NET) => "C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" -deviceID "CN22F190YK05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "D:\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "D:\Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: STCAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
MSCONFIG\startupreg: WhatPulse => F:\WhatPulse\WhatPulse.exe
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Phillipê\AppData\Roaming\Yontoo\YontooDesktop.exe"
MSCONFIG\startupreg: ZyngaGamesAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/31/2014 10:28:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.2.183.21, Zeitstempel: 0x4b95e661
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0x1780
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3
Error: (05/30/2014 00:55:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9002
Error: (05/30/2014 00:55:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9002
Error: (05/30/2014 00:55:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/30/2014 00:55:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8003
Error: (05/30/2014 00:55:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8003
Error: (05/30/2014 00:55:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/30/2014 00:55:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7005
Error: (05/30/2014 00:55:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7005
Error: (05/30/2014 00:55:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (06/01/2014 01:43:05 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (06/01/2014 01:43:00 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8006721b50, 0xfffff8000489a3d0)C:\Windows\MEMORY.DMP060114-24429-01
Error: (05/31/2014 00:35:30 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (05/30/2014 00:33:37 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (05/30/2014 00:24:41 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (05/30/2014 11:55:08 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (05/30/2014 11:55:07 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (05/30/2014 11:55:07 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (05/30/2014 11:55:06 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error: (05/30/2014 11:55:06 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-11-27 18:56:28.920
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:56:28.826
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:55:48.150
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:55:48.056
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:52:34.363
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:52:34.269
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:52:16.933
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:52:16.839
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-09-23 19:03:22.932
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-09-23 19:03:22.880
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 8175.43 MB
Available physical RAM: 6021.8 MB
Total Pagefile: 16349.04 MB
Available Pagefile: 13628.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:48.83 GB) (Free:9.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:249.26 GB) (Free:30.82 GB) NTFS
Drive f: () (Fixed) (Total:465.76 GB) (Free:321.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B2BEB335)
Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=249 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 66205247)
No partition Table on disk 1.
==================== End Of Log ============================
|
|
01.06.2014, 13:06
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | windows 7 dieses programm wurde durch eine gruppenrichtlinie blockiert Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\Run: [EkuwiQaqab] => regsvr32.exe "C:\ProgramData\EkuwiQaqab.dat"
Hosts: 127.0.0.1 activate.adobe.com
C:\ProgramData\EkuwiQaqab.dat
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.06.2014, 13:30
| #12 |
| | windows 7 dieses programm wurde durch eine gruppenrichtlinie blockiert Avast lässt sich wieder starten. Fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-06-2014
Ran by Phillipê at 2014-06-01 14:29:41 Run:1
Running from C:\Users\Phillipê\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Alwil Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Alwil Software <====== ATTENTION
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\Run: [EkuwiQaqab] => regsvr32.exe "C:\ProgramData\EkuwiQaqab.dat"
Hosts: 127.0.0.1 activate.adobe.com
C:\ProgramData\EkuwiQaqab.dat
*****************
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} => Value deleted successfully.
HKCR\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} => Key not found.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EkuwiQaqab => Value deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
"C:\ProgramData\EkuwiQaqab.dat" => File/Directory not found.
==== End of Fixlog ====
Geändert von Phil1337 (01.06.2014 um 13:45 Uhr) |
|
01.06.2014, 23:18
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | windows 7 dieses programm wurde durch eine gruppenrichtlinie blockiert Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.06.2014, 16:33
| #14 |
| | windows 7 dieses programm wurde durch eine gruppenrichtlinie blockiert Während adwcleaner lief hat Avast eine Warnung ausgespuckt, dass versucht wurde "sqlite3.dll" herunterzuladen. Da mir Name und Quelle sehr suspekt waren habe ich die Verbindung trennen lassen. ADW Code:
ATTFilter # AdwCleaner v3.211 - Bericht erstellt am 02/06/2014 um 17:13:45
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Phillipê - DRÖHNKISTE-C35D
# Gestartet von : C:\Users\Phillipê\Desktop\adwcleaner_3.211.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\DeviceVM
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\Movie2KDownloader.com
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Gast\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Phillipê\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Phillipê\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Phillipê\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Phillipê\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Phillipê\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Phillipê\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Phillipê\AppData\Roaming\DeviceVM
Ordner Gelöscht : C:\Users\Phillipê\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Phillipê\AppData\Roaming\ExpressFiles
Ordner Gelöscht : C:\Users\Phillipê\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Conduit
Ordner Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\ConduitEngine
Ordner Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\ICQToolbarData
Ordner Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Ordner Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\DTToolbar@toolbarnet.com
Ordner Gelöscht : C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Ordner Gelöscht : C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\ffxtlbr@Facemoods.com.xpi
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\movie2kdownloader@movie2kdownloader.com.xpi
Datei Gelöscht : C:\Windows\SysWOW64\conduitEngine.tmp
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\daemon-search.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin.gif
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin.src
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-10.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-11.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-12.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-13.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-14.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-15.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-16.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-17.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-18.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-19.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-3.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-4.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-5.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-6.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-7.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-8.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\icqplugin-9.xml
Datei Gelöscht : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\user.js
Datei Gelöscht : C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_f.dealply.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal
Datei Gelöscht : C:\Windows\System32\Tasks\Dealply
Datei Gelöscht : C:\Windows\Tasks\Digital Sites.job
Datei Gelöscht : C:\Windows\System32\Tasks\Digital Sites
Datei Gelöscht : C:\Windows\Tasks\DSite.job
Datei Gelöscht : C:\Windows\System32\Tasks\DSite
Datei Gelöscht : C:\Windows\System32\Tasks\Express FilesUpdate
Datei Gelöscht : C:\Windows\System32\Tasks\paretologic update version3
Datei Gelöscht : C:\Windows\System32\Tasks\QtraxPlayer
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBAutoUpdaterHelper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBAutoUpdaterHelper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Schlüssel Gelöscht : HKCU\Software\53538ddfb46ded45
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hamachi_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hamachi_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_visualboyadvance_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_visualboyadvance_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C17A0751-580B-466B-8271-5C73EFDC1295}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKLM\Software\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\Software\ExpressFiles
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\ParetoLogic
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\Vittalia
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v16.0.1 (en-US)
[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\t5v5t66e.default\prefs.js ]
[ Datei : C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\prefs.js ]
Zeile gelöscht : user_pref("CT2269050..clientLogIsEnabled", false);
Zeile gelöscht : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Zeile gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_1000515", true);
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Zeile gelöscht : user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);
Zeile gelöscht : user_pref("CT2269050.CT2269050", "CT2269050");
Zeile gelöscht : user_pref("CT2269050.CurrentServerDate", "18-1-2013");
Zeile gelöscht : user_pref("CT2269050.DSInstall", true);
Zeile gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2269050.DialogsGetterLastCheckTime", "Fri Jan 18 2013 21:24:49 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2269050.FirstServerDate", "24-4-2012");
Zeile gelöscht : user_pref("CT2269050.FirstTime", true);
Zeile gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2269050.HPInstall", true);
Zeile gelöscht : user_pref("CT2269050.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("CT2269050.Initialize", true);
Zeile gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Zeile gelöscht : user_pref("CT2269050.InstallationType", "Unknown");
Zeile gelöscht : user_pref("CT2269050.InstalledDate", "Tue Apr 24 2012 17:28:17 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.IsGrouping", false);
Zeile gelöscht : user_pref("CT2269050.IsInitSetupIni", true);
Zeile gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2269050.IsOpenThankYouPage", true);
Zeile gelöscht : user_pref("CT2269050.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Fri Jan 18 2013 21:24:49 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.12.0.7", "Wed Apr 25 2012 23:59:31 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.12.2.3", "Wed May 30 2012 21:34:10 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.13.0.6", "Wed Jun 27 2012 13:32:14 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.14.1.0", "Tue Aug 21 2012 22:16:06 GMT+0200");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.15.1.0", "Tue Nov 06 2012 21:19:38 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.LastLogin_3.16.0.3", "Fri Jan 18 2013 21:24:49 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.LatestVersion", "3.16.0.3");
Zeile gelöscht : user_pref("CT2269050.Locale", "en");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Zeile gelöscht : user_pref("CT2269050.OriginalFirstVersion", "3.12.0.7");
Zeile gelöscht : user_pref("CT2269050.SavedHomepage", "google.de");
Zeile gelöscht : user_pref("CT2269050.SearchCaption", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Fri Jan 18 2013 21:24:45 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2269050.SendProtectorDataViaLogin", true);
Zeile gelöscht : user_pref("CT2269050.ServiceMapLastCheckTime", "Fri Jan 18 2013 21:24:45 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Fri Jan 18 2013 21:24:45 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1358518258");
Zeile gelöscht : user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
Zeile gelöscht : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Zeile gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Zeile gelöscht : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Zeile gelöscht : user_pref("CT2269050.UserID", "UN53740589541996318");
Zeile gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Zeile gelöscht : user_pref("CT2269050.components.1000515", true);
Zeile gelöscht : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Zeile gelöscht : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2269050.initDone", true);
Zeile gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2269050.navigateToUrlOnSearch", false);
Zeile gelöscht : user_pref("CT2269050.revertSettingsEnabled", true);
Zeile gelöscht : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Zeile gelöscht : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Zeile gelöscht : user_pref("CT2269050.testingCtid", "");
Zeile gelöscht : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Fri Jan 18 2013 21:24:49 GMT+0100");
Zeile gelöscht : user_pref("CT2269050.usagesFlag", 2);
Zeile gelöscht : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
Zeile gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"bbcad46825955537321176fe87a84f773\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1353315459\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"80927e5f86f7cb1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"0697a2066791d3f9dfa6c976583f2c5c\"");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"e9e14adcb2fc3b9e7b3edbe50330f5cd\"");
Zeile gelöscht : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Zeile gelöscht : user_pref("CommunityToolbar.IsEngineShown", false);
Zeile gelöscht : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 16 2011 14:55:31 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jul 24 2011 12:02:28 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jul 26 2011 18:13:40 GMT+0200");
Zeile gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Zeile gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Zeile gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Zeile gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Zeile gelöscht : user_pref("CommunityToolbar.alert.userId", "c2a159f6-0359-4295-8e32-9af02d75faa2");
Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "f3b495c1-9236-429f-8c10-7b42849c8c6d");
Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Zeile gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Zeile gelöscht : user_pref("CommunityToolbar.originalHomepage", "google.de");
Zeile gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Zeile gelöscht : user_pref("ConduitEngine.CTID", "ConduitEngine");
Zeile gelöscht : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Apr 16 2011 14:55:32 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.FirstServerDate", "04/16/2011 15");
Zeile gelöscht : user_pref("ConduitEngine.FirstTime", true);
Zeile gelöscht : user_pref("ConduitEngine.FirstTimeFF3", true);
Zeile gelöscht : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Zeile gelöscht : user_pref("ConduitEngine.Initialize", true);
Zeile gelöscht : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("ConduitEngine.InstalledDate", "Sat Apr 16 2011 14:55:46 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.IsMulticommunity", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Apr 16 2011 14:55:31 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Apr 16 2011 14:55:32 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Apr 16 2011 14:55:31 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.UserID", "UN04976286415552067");
Zeile gelöscht : user_pref("ConduitEngine.componentAlertEnabled", false);
Zeile gelöscht : user_pref("ConduitEngine.engineLocale", "en-US");
Zeile gelöscht : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Apr 16 2011 14:55:31 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Apr 16 2011 14:55:32 GMT+0200");
Zeile gelöscht : user_pref("ConduitEngine.initDone", true);
Zeile gelöscht : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Zeile gelöscht : user_pref("ConduitEngine.usagesFlag", 2);
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("extensions.enabledAddons", "ffxtlbr@Facemoods.com:1.4.0,{800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3,{23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145,wrc@avast.com:7.0.1466,ich@maltegoetz.d[...]
Zeile gelöscht : user_pref("extensions.enabledItems", "{AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,ffxtlbr@Facemoods.com:1.2.1,{23fcfd51-4958-4f00-80a3-ae97e717ed8b}[...]
Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Zeile gelöscht : user_pref("icqtoolbar.defSearchChange", true);
Zeile gelöscht : user_pref("icqtoolbar.engineVerified", true);
Zeile gelöscht : user_pref("icqtoolbar.firstTbRun", false);
Zeile gelöscht : user_pref("icqtoolbar.geolastmodified", 1358540683);
Zeile gelöscht : user_pref("icqtoolbar.history", "holy%20organ%20porn||moxxi||borderlands%202%20you%20cant%20ignore%20me||workaholics%20season%204||borderlands%202%20thousand%20cuts%20eridian%20shrine||Ibotens%C3%A4ur[...]
Zeile gelöscht : user_pref("icqtoolbar.hpChange", true);
Zeile gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Zeile gelöscht : user_pref("icqtoolbar.installTime", "1344147227");
Zeile gelöscht : user_pref("icqtoolbar.installsource", "1");
Zeile gelöscht : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Zeile gelöscht : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Zeile gelöscht : user_pref("icqtoolbar.newtab_state", "1");
Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "16.0.1");
Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "129727059212972709351297358609724");
Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1358540689);
Zeile gelöscht : user_pref("icqtoolbar.userEngineApproved", true);
Zeile gelöscht : user_pref("icqtoolbar.userHpApproved", true);
Zeile gelöscht : user_pref("icqtoolbar.version", "1.5.3");
Zeile gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Zeile gelöscht : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", false);
-\\ Google Chrome v35.0.1916.114
[ Datei : C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
Gelöscht [Extension] : jbpkiefagocgkmemidfngdkamloieekf
*************************
AdwCleaner[R0].txt - [34493 octets] - [02/06/2014 17:12:24]
AdwCleaner[S0].txt - [33334 octets] - [02/06/2014 17:13:45]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [33395 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Phillipˆ on 02.06.2014 at 17:22:33,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1406149438-3228825593-328108524-1000\Software\sweetim
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.06.2014 at 17:26:59,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by Phillipê (administrator) on DRÖHNKISTE-C35D on 02-06-2014 17:28:00
Running from C:\Users\Phillipê\Desktop
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Tunngle.net GmbH) D:\Tunngle\TnglCtrl.exe
(LogMeIn Inc.) D:\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Hamachi\LMIGuardianSvc.exe
(LogMeIn Inc.) D:\Hamachi\hamachi-2-ui.exe
(LogMeIn, Inc.) D:\Hamachi\LMIGuardianSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
() C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
(Valve Corporation) D:\Steam\Steam.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [2306448 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762224 2009-06-30] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [avast5] => C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-11-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Hamachi\hamachi-2-ui.exe [3814736 2014-05-13] (LogMeIn Inc.)
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\Run: [OscarEditor] => C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe [2624512 2010-07-22] ()
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\Run: [Steam] => D:\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\MountPoints2: H - H:\Autorun.exe
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\MountPoints2: {062f12c3-2890-11e0-bffa-1c6f659604aa} - G:\Autorun.exe
HKU\S-1-5-21-1406149438-3228825593-328108524-1000\...\MountPoints2: {d6cd9e04-5340-11e2-87a0-1c6f659604aa} - E:\FalloutLauncher.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x693498F99DBCCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default
FF NetworkProxy: "type", 0
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica - C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\searchplugins\searchplugins-backup
FF Extension: ProxTube - Unblock YouTube - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\ich@maltegoetz.de [2012-09-16]
FF Extension: Adblock Plus - C:\Users\Phillipê\AppData\Roaming\Mozilla\Firefox\Profiles\wqm2l6e1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-25]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-09]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-10-02]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
FF StartMenuInternet: FIREFOX.EXE - D:\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HomePage: hxxp://scholar.google.de/schhp?hl=de
CHR StartupUrls: "hxxp://google.de/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (iTunes Application Detector) - D:\Mozilla Plugins\npitunes.dll ()
CHR Extension: (ProxFlow) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2012-11-06]
CHR Extension: (No Name) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf [2013-04-08]
CHR Extension: (YouTube) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-17]
CHR Extension: (Google-Suche) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-17]
CHR Extension: (AdBlock) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-17]
CHR Extension: (avast! Online Security) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-11-17]
CHR Extension: (Skype Click to Call) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-11-05]
CHR Extension: (Simply Block Ads!) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjefnfnmmnkcckbjjcganphignempo [2012-10-08]
CHR Extension: (No Name) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2012-09-14]
CHR Extension: (Google Wallet) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-02-26]
CHR Extension: (Google Mail) - C:\Users\Phillipê\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
==================== Services (Whitelisted) =================
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4163584 2014-02-15] (Emsisoft GmbH)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-03-24] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 DES2 Service; C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R2 Hamachi2Svc; D:\Hamachi\hamachi-2.exe [2228048 2014-05-13] (LogMeIn Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-26] ()
R2 TunngleService; D:\Tunngle\TnglCtrl.exe [741224 2011-08-09] (Tunngle.net GmbH)
==================== Drivers (Whitelisted) ====================
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-10] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-10] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-08-10] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-11-17] ()
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-01-25] (DT Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2013-08-09] ()
S3 hidusbf; C:\Windows\System32\DRIVERS\hidusbf.sys [7040 2006-11-09] (SweetLow)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-11-17] ()
S2 tandpl; C:\Windows\SysWOW64\drivers\tandpl.sys [4736 2003-04-19] ()
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 cpuz136; \??\C:\Users\PHILLI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-02 17:27 - 2014-06-02 17:28 - 00020267 _____ () C:\Users\Phillipê\Desktop\FRST.txt
2014-06-02 17:26 - 2014-06-02 17:27 - 00000813 _____ () C:\Users\Phillipê\Desktop\JRT.txt
2014-06-02 17:20 - 2014-06-02 17:20 - 00000000 ____D () C:\Windows\ERUNT
2014-06-02 17:19 - 2014-06-02 17:19 - 00033608 _____ () C:\Users\Phillipê\Desktop\AdwCleaner[S0].txt
2014-06-02 17:12 - 2014-06-02 17:16 - 00000000 ____D () C:\AdwCleaner
2014-06-02 17:12 - 2010-08-30 08:34 - 00479232 _____ () C:\Windows\SysWOW64\sqlite3.dll
2014-06-02 17:11 - 2014-06-02 17:11 - 01016261 _____ (Thisisu) C:\Users\Phillipê\Desktop\JRT_6.1.4.exe
2014-06-02 17:09 - 2014-06-02 17:09 - 02067456 _____ (Farbar) C:\Users\Phillipê\Desktop\FRST64.exe
2014-06-02 17:09 - 2014-06-02 17:09 - 01327971 _____ () C:\Users\Phillipê\Desktop\adwcleaner_3.211.exe
2014-06-01 13:47 - 2014-06-01 13:47 - 00000000 ____D () C:\Users\Phillipê\Desktop\FRST-OlderVersion
2014-06-01 13:42 - 2014-06-01 13:42 - 00480944 _____ () C:\Windows\Minidump\060114-24429-01.dmp
2014-05-31 10:37 - 2014-05-31 10:37 - 00000000 ____D () C:\Users\Phillipê\Desktop\skid
2014-05-30 11:51 - 2014-06-02 17:28 - 00000000 ____D () C:\FRST
2014-05-30 11:50 - 2014-05-30 11:50 - 00050477 _____ () C:\Users\Phillipê\Desktop\Defogger.exe
2014-05-30 11:50 - 2014-05-30 11:50 - 00000168 _____ () C:\Users\Phillipê\defogger_reenable
2014-05-30 11:47 - 2014-05-30 11:47 - 00380416 _____ () C:\Users\Phillipê\Desktop\kom09zc9.exe
2014-05-30 09:34 - 2014-05-31 12:59 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-30 09:34 - 2014-05-30 09:34 - 00001103 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\Users\Phillipê\Documents\Anti-Malware
2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-05-30 09:26 - 2014-06-02 17:17 - 00010522 _____ () C:\Windows\PFRO.log
2014-05-30 09:16 - 2014-05-31 11:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 09:15 - 2014-05-30 09:15 - 00000629 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 09:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-30 09:15 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-30 09:15 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-30 08:55 - 2014-05-30 08:55 - 00000000 ____D () C:\Windows\pss
2014-05-30 05:38 - 2014-06-02 17:17 - 00000616 _____ () C:\Windows\setupact.log
2014-05-30 05:38 - 2014-05-30 05:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-30 04:42 - 2014-06-02 17:21 - 00144170 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 18:08 - 2014-05-29 18:08 - 00000993 _____ () C:\Users\Phillipê\Desktop\Fallout3ng.exe - Verknüpfung.lnk
2014-05-15 20:26 - 2014-05-15 22:33 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Darksiders
2014-05-15 17:17 - 2014-05-15 17:17 - 00000000 ____D () C:\Users\Phillipê\Documents\Darksiders Soundtrack Comic
2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\Program Files (x86)\THQ
2014-05-14 22:39 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:39 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:39 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 22:39 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 22:39 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 22:39 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 19:08 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 19:08 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 19:08 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 19:08 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 19:08 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 19:08 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 19:08 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 19:08 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 19:08 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 19:08 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 19:08 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 19:08 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 19:08 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 19:08 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 19:08 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 19:08 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 19:08 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 19:08 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 19:08 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 19:08 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 19:08 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 19:08 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 19:08 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 18:57 - 2014-05-14 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-06 22:07 - 2014-05-15 16:55 - 00000000 ___SD () C:\Windows\system32\CompatTel
==================== One Month Modified Files and Folders =======
2014-06-02 17:28 - 2014-06-02 17:27 - 00020267 _____ () C:\Users\Phillipê\Desktop\FRST.txt
2014-06-02 17:28 - 2014-05-30 11:51 - 00000000 ____D () C:\FRST
2014-06-02 17:28 - 2011-01-25 16:26 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Temp
2014-06-02 17:27 - 2014-06-02 17:26 - 00000813 _____ () C:\Users\Phillipê\Desktop\JRT.txt
2014-06-02 17:25 - 2011-02-26 13:33 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-02 17:22 - 2009-07-14 06:45 - 00026432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-02 17:22 - 2009-07-14 06:45 - 00026432 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-02 17:21 - 2014-05-30 04:42 - 00144170 _____ () C:\Windows\WindowsUpdate.log
2014-06-02 17:20 - 2014-06-02 17:20 - 00000000 ____D () C:\Windows\ERUNT
2014-06-02 17:19 - 2014-06-02 17:19 - 00033608 _____ () C:\Users\Phillipê\Desktop\AdwCleaner[S0].txt
2014-06-02 17:18 - 2012-05-19 13:41 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\LogMeIn Hamachi
2014-06-02 17:17 - 2014-05-30 09:26 - 00010522 _____ () C:\Windows\PFRO.log
2014-06-02 17:17 - 2014-05-30 05:38 - 00000616 _____ () C:\Windows\setupact.log
2014-06-02 17:17 - 2011-02-26 13:33 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-02 17:17 - 2011-01-25 17:27 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-06-02 17:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 17:16 - 2014-06-02 17:12 - 00000000 ____D () C:\AdwCleaner
2014-06-02 17:16 - 2011-02-13 12:56 - 00000000 _____ () C:\Windows\SysWOW64\Access.dat
2014-06-02 17:11 - 2014-06-02 17:11 - 01016261 _____ (Thisisu) C:\Users\Phillipê\Desktop\JRT_6.1.4.exe
2014-06-02 17:09 - 2014-06-02 17:09 - 02067456 _____ (Farbar) C:\Users\Phillipê\Desktop\FRST64.exe
2014-06-02 17:09 - 2014-06-02 17:09 - 01327971 _____ () C:\Users\Phillipê\Desktop\adwcleaner_3.211.exe
2014-06-02 17:04 - 2012-04-02 00:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-01 13:47 - 2014-06-01 13:47 - 00000000 ____D () C:\Users\Phillipê\Desktop\FRST-OlderVersion
2014-06-01 13:42 - 2014-06-01 13:42 - 00480944 _____ () C:\Windows\Minidump\060114-24429-01.dmp
2014-06-01 13:42 - 2011-01-29 14:51 - 00000000 ____D () C:\Windows\Minidump
2014-05-31 12:59 - 2014-05-30 09:34 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-05-31 11:01 - 2014-05-30 09:16 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-31 10:37 - 2014-05-31 10:37 - 00000000 ____D () C:\Users\Phillipê\Desktop\skid
2014-05-31 10:27 - 2011-08-20 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games
2014-05-30 12:27 - 2012-08-29 17:58 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-30 11:50 - 2014-05-30 11:50 - 00050477 _____ () C:\Users\Phillipê\Desktop\Defogger.exe
2014-05-30 11:50 - 2014-05-30 11:50 - 00000168 _____ () C:\Users\Phillipê\defogger_reenable
2014-05-30 11:50 - 2011-01-25 16:26 - 00000000 ____D () C:\Users\Phillipê
2014-05-30 11:47 - 2014-05-30 11:47 - 00380416 _____ () C:\Users\Phillipê\Desktop\kom09zc9.exe
2014-05-30 09:34 - 2014-05-30 09:34 - 00001103 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\Users\Phillipê\Documents\Anti-Malware
2014-05-30 09:34 - 2014-05-30 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-05-30 09:15 - 2014-05-30 09:15 - 00000629 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-30 09:15 - 2014-05-30 09:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 08:55 - 2014-05-30 08:55 - 00000000 ____D () C:\Windows\pss
2014-05-30 05:38 - 2014-05-30 05:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-30 04:32 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-05-30 00:10 - 2013-07-27 00:10 - 00000063 _____ () C:\Users\Phillipê\AppData\Roaming\WB.CFG
2014-05-29 18:08 - 2014-05-29 18:08 - 00000993 _____ () C:\Users\Phillipê\Desktop\Fallout3ng.exe - Verknüpfung.lnk
2014-05-29 15:57 - 2011-01-26 21:33 - 00000000 ____D () C:\Users\Phillipê\Documents\My games
2014-05-29 15:31 - 2011-01-25 16:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-28 19:12 - 2011-04-15 16:53 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Fallout3
2014-05-26 06:36 - 2013-01-30 23:17 - 01632188 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-26 06:36 - 2009-07-14 19:58 - 00713594 _____ () C:\Windows\system32\perfh007.dat
2014-05-26 06:36 - 2009-07-14 19:58 - 00155530 _____ () C:\Windows\system32\perfc007.dat
2014-05-26 06:36 - 2009-07-14 07:13 - 01632188 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-15 22:33 - 2014-05-15 20:26 - 00000000 ____D () C:\Users\Phillipê\AppData\Local\Darksiders
2014-05-15 18:56 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-15 17:17 - 2014-05-15 17:17 - 00000000 ____D () C:\Users\Phillipê\Documents\Darksiders Soundtrack Comic
2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2014-05-15 17:15 - 2014-05-15 17:15 - 00000000 ____D () C:\Program Files (x86)\THQ
2014-05-15 17:15 - 2011-01-25 17:53 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-05-15 16:58 - 2012-11-02 22:37 - 00000000 ___RD () C:\Users\Phillipê\Desktop\GameZ
2014-05-15 16:58 - 2011-01-25 16:26 - 00000000 ___RD () C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 16:58 - 2011-01-25 16:26 - 00000000 ___RD () C:\Users\Phillipê\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 16:55 - 2014-05-06 22:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 16:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 22:38 - 2013-08-14 22:40 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 22:38 - 2011-02-27 15:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 22:37 - 2011-08-07 16:45 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 19:05 - 2012-04-02 00:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 19:05 - 2012-04-02 00:54 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 19:05 - 2011-08-07 16:37 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 18:57 - 2014-05-14 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-05-13 20:20 - 2013-06-11 20:12 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-12 07:26 - 2014-05-30 09:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-30 09:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-30 09:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 08:14 - 2014-05-14 19:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 19:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 21:19 - 2011-02-26 13:33 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 21:19 - 2011-02-26 13:33 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 06:40 - 2014-05-14 22:39 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 22:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 22:39 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 22:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 22:39 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 22:39 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
Some content of TEMP:
====================
C:\Users\Phillipê\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Phillipê\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-29 19:17
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-06-2014 01
Ran by Phillipê at 2014-06-02 17:28:24
Running from C:\Users\Phillipê\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.09 - GIGABYTE)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.831.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{0BD776F3-057D-4C11-020C-4FA9B13D04F9}) (Version: 3.0.855.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
ANNO 1404 - Venice (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.0.5008.0 - Ubisoft)
ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft)
Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARMA 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)
ARMA 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)
ATI AVIVO64 Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd)
AutoGreen B10.1021.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B10.1021.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1489.0 - AVAST Software)
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.5.0000 - 2K Games)
BioShock Infinite version 1.0.0.0 (HKLM-x32\...\BioShock Infinite_is1) (Version: 1.0.0.0 - )
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.8.0.29343 - BitTorrent Inc.)
Black & White® 2 (HKLM-x32\...\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}) (Version: 1.00.0000 - Lionhead Studios)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.0.9 - BlueJ Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
BulletStorm (x32 Version: 1.0.0001.130 - EA) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.1125.2148.39102 - ATI) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.1125.2148.39102 - ATI) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2010.1125.2148.39102 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help English (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help French (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help German (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.1125.2147.39102 - ATI) Hidden
ccc-core-static (x32 Version: 2010.1125.2148.39102 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.1125.2148.39102 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
Darksiders (HKLM-x32\...\Steam App 50620) (Version: - Vigil Games)
DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - THQ)
DayZ Commander (HKLM-x32\...\{67BE448F-7813-4466-A767-85EF5BBAC1D1}) (Version: 1.09.70 - Dotjosh Studios)
Dead Rising 2 (HKLM-x32\...\GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}) (Version: 1.0.0000.130 - Capcom)
Dead Rising 2 (x32 Version: 1.0.0000.130 - Capcom) Hidden
Deponia (HKLM-x32\...\Deponia) (Version: 1.0 - Daedalic Entertainment)
DES 2.0 (HKLM-x32\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Deus Ex - Invisible War (HKLM-x32\...\{47BE1E5F-8978-484B-BE86-B616C00EA75A}) (Version: 1.00.0000 - )
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Easy Tune 6 B10.1024.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.1024.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 8.1 - Emsisoft GmbH)
Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Far Cry® 3 Blood Dragon (HKLM-x32\...\Steam App 233270) (Version: - )
FLAC To MP3 V4.0.5 (HKLM-x32\...\FLAC To MP3_is1) (Version: - FLAC To MP3, Inc.)
Foldit (HKLM-x32\...\Foldit) (Version: - )
Free Studio version 5.0.3 (HKLM-x32\...\Free Studio_is1) (Version: - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
GameSpy Comrade (HKLM-x32\...\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}) (Version: 1.5.0.156 - GameSpy)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{C768E610-4DFB-4A60-A59B-71549EB7BF75}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HydraVision (x32 Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Kane and Lynch: Dead Men (HKLM-x32\...\{A66C4716-7E10-4A53-8101-00C3C11D6A9C}) (Version: 1.00.0000 - Eidos)
K-Lite Codec Pack 9.9.5 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.9.5 - )
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.193 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.193 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect™ 3 (HKLM-x32\...\{6A9D1594-7791-48f5-9CAA-DE9BCB968320}) (Version: 1.01.0.0 - Electronic Arts)
Mathematica Extras 9.0 (4092550) (HKLM\...\A-WIN-Extras 9.0.1 4092550_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version: - Rockstar Studios)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.0 (HKLM\...\{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mouse Editor (HKLM-x32\...\InstallShield_{8973F26D-3E74-481C-AF11-FDC7D0089E96}) (Version: 10.07.0002 - Ihr Firmenname)
MOUSE Editor (x32 Version: 10.07.0002 - Ihr Firmenname) Hidden
Mozilla Firefox 16.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 16.0.1 (x86 en-US)) (Version: 16.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 16.0.1 - Mozilla)
MSI Afterburner 2.0.0 (HKLM-x32\...\Afterburner) (Version: 2.0.0 - MSI Co., LTD)
My Game Long Name (HKLM\...\UDK-964f1b46-0a2c-4960-ac16-5d146edf634d) (Version: - Epic Games, Inc.)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1509 - Electronic Arts)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.4 - )
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RAGE (HKLM-x32\...\Steam App 9200) (Version: - id Software)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.26.902.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.20.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.20.0 - Renesas Electronics Corporation) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Singularity (HKLM-x32\...\Steam App 42670) (Version: - )
Six Updater (HKLM-x32\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7016 - Six Projects)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: - TeamSpeak Systems GmbH)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version: - )
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Wolfram CDF Player (M-WIN-D 9.0.1 4092685) (HKLM-x32\...\M-WIN-D 9.0.1 4092685_is1) (Version: 9.0.1 - Wolfram Research, Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
==================== Restore Points =========================
01-06-2014 14:00:05 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-06-01 14:29 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0740D52B-D79C-49D5-AC41-0E24D20CB325} - \Digital Sites No Task File <==== ATTENTION
Task: {18FF80B1-9A8C-4ECE-BDF1-60958BD91B36} - \QtraxPlayer No Task File <==== ATTENTION
Task: {1D47DC25-E59E-4DF6-9532-794AA82A0868} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26] (Google Inc.)
Task: {2529AC27-E1A5-459E-93AD-1B7AE188DAFB} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {267E2320-6708-4151-A59C-159688C336D4} - \DSite No Task File <==== ATTENTION
Task: {42945CE0-7500-4909-8CEF-667BC0A3D4F9} - System32\Tasks\{24ECB2F1-8B87-4CE4-BDF6-8055A5D64855} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {7B3C30B0-63D4-4085-B134-4B7298F8AC27} - \DealPly No Task File <==== ATTENTION
Task: {925BCC9E-3CD0-40EB-8689-E392FAE14F29} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {A2AC332B-6B8C-4817-8310-681AD8A09CEB} - \ParetoLogic Update Version3 No Task File <==== ATTENTION
Task: {B05C7659-234E-43D3-9B6F-CFB04FB12371} - \Express FilesUpdate No Task File <==== ATTENTION
Task: {B40C0A91-7445-4597-B684-DA4330385069} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BE1F2ADC-A293-4886-8B4D-25D5AF0B92D3} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2010-07-21] (Microsoft Corporation)
Task: {E813C1C9-B934-4D36-BE6E-15E401A255A5} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {EA42980F-B5F2-463C-B881-285129EF7341} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-01-25 16:42 - 2009-06-17 17:13 - 00068136 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
2011-01-25 18:04 - 2013-05-26 15:38 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-07-22 08:15 - 2010-07-22 08:15 - 02624512 _____ () C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
2011-07-29 01:08 - 2011-07-29 01:08 - 01259376 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-06-02 17:02 - 2014-06-02 09:54 - 02295808 _____ () C:\Program Files\Alwil Software\Avast5\defs\14060200\algo.dll
2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-01-25 16:42 - 2009-05-04 18:56 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\EnergySaver2\ycc.dll
2011-02-11 17:28 - 2011-05-31 18:07 - 01852759 _____ () D:\Tunngle\libeay32.dll
2010-06-01 05:41 - 2010-06-01 05:41 - 00098816 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_MouseDeviceManager.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00094208 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ZoomControl.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00062976 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ScrollbarControl.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00069632 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInRight.dll
2010-04-03 05:36 - 2010-04-03 05:36 - 00069632 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInOne.dll
2010-04-03 05:37 - 2010-04-03 05:37 - 00127488 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_Wheel4D.dll
2010-05-07 17:05 - 2010-05-07 17:05 - 00042496 _____ () C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll
2014-05-22 13:27 - 2014-04-30 02:08 - 01135104 _____ () D:\Steam\libavcodec-55.dll
2014-04-23 15:25 - 2014-04-30 02:08 - 00471552 _____ () D:\Steam\libavutil-53.dll
2014-05-22 13:27 - 2014-04-30 02:08 - 00404992 _____ () D:\Steam\libavformat-55.dll
2014-01-12 15:12 - 2014-04-30 02:08 - 00340992 _____ () D:\Steam\libavresample-1.dll
2013-03-12 18:10 - 2014-05-17 03:36 - 00756224 _____ () D:\Steam\SDL2.dll
2014-05-22 13:27 - 2014-05-29 19:37 - 02139840 _____ () D:\Steam\video.dll
2014-05-22 13:27 - 2014-04-29 02:37 - 00519168 _____ () D:\Steam\libswscale-2.dll
2011-07-23 23:17 - 2014-05-29 19:36 - 01116864 _____ () D:\Steam\bin\chromehtml.DLL
2011-02-06 21:31 - 2014-05-02 01:35 - 20628160 _____ () D:\Steam\bin\libcef.dll
2012-03-17 15:41 - 2013-06-15 01:49 - 01100800 _____ () D:\Steam\bin\avcodec-53.dll
2012-03-17 15:41 - 2013-06-15 01:49 - 00124416 _____ () D:\Steam\bin\avutil-51.dll
2012-03-17 15:41 - 2013-06-15 01:49 - 00192000 _____ () D:\Steam\bin\avformat-53.dll
2011-07-29 01:09 - 2011-07-29 01:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-23 22:22 - 2014-05-14 01:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: GoogleChromeAutoLaunch_ABA4318D4E55179246F0B38EF7E0EE65 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HP Officejet 6600 (NET) => "C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" -deviceID "CN22F190YK05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "D:\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "D:\Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: STCAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
MSCONFIG\startupreg: WhatPulse => F:\WhatPulse\WhatPulse.exe
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\Phillipê\AppData\Roaming\Yontoo\YontooDesktop.exe"
MSCONFIG\startupreg: ZyngaGamesAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-11-27 18:56:28.920
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:56:28.826
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:55:48.150
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:55:48.056
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:52:34.363
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:52:34.269
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:52:16.933
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-27 18:52:16.839
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\hidusbf.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-09-23 19:03:22.932
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-09-23 19:03:22.880
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 22%
Total physical RAM: 8175.43 MB
Available physical RAM: 6361.97 MB
Total Pagefile: 16349.04 MB
Available Pagefile: 14432.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:48.83 GB) (Free:8.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:249.26 GB) (Free:30.82 GB) NTFS
Drive f: () (Fixed) (Total:465.76 GB) (Free:321.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B2BEB335)
Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=249 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 66205247)
No partition Table on disk 1.
==================== End Of Log ============================
|
|
02.06.2014, 21:15
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | windows 7 dieses programm wurde durch eine gruppenrichtlinie blockiert Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {0740D52B-D79C-49D5-AC41-0E24D20CB325} - \Digital Sites No Task File <==== ATTENTION
Task: {18FF80B1-9A8C-4ECE-BDF1-60958BD91B36} - \QtraxPlayer No Task File <==== ATTENTION
Task: {267E2320-6708-4151-A59C-159688C336D4} - \DSite No Task File <==== ATTENTION
Task: {7B3C30B0-63D4-4085-B134-4B7298F8AC27} - \DealPly No Task File <==== ATTENTION
Task: {A2AC332B-6B8C-4817-8310-681AD8A09CEB} - \ParetoLogic Update Version3 No Task File <==== ATTENTION
Task: {B05C7659-234E-43D3-9B6F-CFB04FB12371} - \Express FilesUpdate No Task File <==== ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
Linear-Darstellung
