Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   tr/atraps.gen und tr/atraps.gen2 werden im 5min takt angezeigt (https://www.trojaner-board.de/117738-tr-atraps-gen-tr-atraps-gen2-5min-takt-angezeigt.html)

GeFox 22.06.2012 00:41
tr/atraps.gen und tr/atraps.gen2 werden im 5min takt angezeigt
 
Hi Leute, also ich hab mich hier heut angemeldet weil mir diese Viren echt sorgen bereiten. Alle 5 min sagt mir Antivir das er 2 Funde hat und es Handelt sich immer um die 2.....zudem hat er noch 2 andere Gefunden zu einem W32/Patched.UA und TR/Small.FI die aber nur jeweils einmal auftreten. In der Quarantäne sind mitlerweile an die 14 mal die beiden anderem Viren.

Ich hab hier schon sehr viele Themen gefunden bei denen auch die vorkommen und bitte euch deshalb um Hilfe weils mich echt Nervös macht.

Ich kenne mich mit den ganzen sachen nicht wirklich aus, daher bitte ich euch sollte ich was nicht verstehen mich nicht gleich zu Verurteilen xD

Was ich vielleicht noch erwähnen sollte oder möcht ist, das es irgendwie gleichzeitig damit anfing als der Adobe Flash Player nen Update instalieren soll. Wobei ich nicht weiß obs nun ein zufall ist.

Würde mich auf eine Antwort freuen. Werde jetzt erstmal schlafen

Larusso 22.06.2012 07:20
:hallo:

Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  • Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
  • Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.



Downloade dir bitte dds ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.

dds.com
dds.scr
  • Schließe alle laufenden Programme.
  • Starte DDS mit Doppelklick.
  • Es wird 2 Logfiles erstellen.
    • dds.txt
    • attach.txt
  • Speichere beide Logfiles auf deinem Desktop
  • Poste beide Logfiles hier.

GeFox 22.06.2012 08:22
Erst einmal vielen vielen Dank für deine hilfe und zu aller erst möcht ich noch was erwähnen.

Nach den Problemen hab ich bis jetzt 2 mal den Rechner aus gehabt und bei jedem start sind alle Dateien auf den Desktop die auf meinem 2ten Monitor sind auf meinem ersten. Und auch größer als zuvor.

Hab die dds.exe auf meinen Desktop gespeichert, aber komischerweisde war sie da nicht aufzufinden. Als ich dan den Ziel-Ordner geöffnet habe, hat sich nen Ordner Namens Desktop geöffnet wo auch sämtliche andere Dateien waren die halt auch wirklich auf den Desktop sind. Als ich die DDS dann auf meinem Desktop schieben wollte meinte sie, das es wohl identisch sei oder so. Irgendwann war se dann doch da (nach 30 sec oder so als ich das Google symbol zum Test aufn Desktop gespeichert habe.

Das selbe Problem hab ich jetzt übrigens auch mit den beiden Dateien nach dem ich die DDS.exe ausgeführt habe.

Hir die Logfiles


Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.DDS Logfile:DDS Logfile:DDS Logfile:
Code:
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 09.09.2011 17:29:36
System Uptime: 22.06.2012 08:48:31 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P5QD TURBO
Processor: Intel(R) Core(TM)2 Quad CPU    Q8300  @ 2.50GHz | LGA 775 | 2499/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 64 GiB total, 3,575 GiB free.
D: is FIXED (NTFS) - 402 GiB total, 10,804 GiB free.
E: is FIXED (NTFS) - 1863 GiB total, 69,13 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP212: 22.06.2012 01:15:13 - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20
AC3Filter 1.63b
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) - Deutsch
Adobe Shockwave Player 11.6
Akamai NetSession Interface
Akamai NetSession Interface Service
Application Profiles
ASIO4ALL
Ask Toolbar
Avira Free Antivirus
Beat Hazard v1.5
BitTorrent
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CoreAVC Professional Edition (remove only)
DAEMON Tools Lite
FileZilla Client 3.5.3
FL Studio 10
GIMP 2.6.11
Haali Media Splitter
ICQ Sparberater
ICQ7.6
IL Download Manager
ILLUSION @???????
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 31
Katawa Shoujo Act 1
LogMeIn Hamachi
Microsoft Choice Guard
Microsoft Office Live Add-in 1.5
Microsoft Office XP Professional mit FrontPage
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
MKVToolNix 5.4.0
Mozilla Firefox 13.0.1 (x86 de)
Mozilla Maintenance Service
MSVCRT
Nettalk 6.7
NVIDIA PhysX v8.10.29
OpenAL
Rapture3D 2.4.4 Game
RPG Maker VX
RPG Maker VX RTP
RTP for RM2K (Png, Wav, Midi, Fonts)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Skype™ 5.8
SMPlayer 0.6.9
swMSM
The KMPlayer (remove only)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.1
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Movie Maker
XMedia Recode 3.0.9.0
.
==== End Of File ===========================



DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 1.6.0_31
Run by Rena at 9:10:39 on 2012-06-22
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.7423.5943 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q=

{searchTerms}&sa=Search&siteurl=search.linkury.com
uStart Page = hxxp://search.linkury.com
uSearch Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q=

{searchTerms}&sa=Search&siteurl=search.linkury.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q=

{searchTerms}&sa=Search&siteurl=search.linkury.com
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files

\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com

\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: ICQ Sparberater: {fe163f11-1919-4257-a280-ff5af8daeecb} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com

\GenericAskToolbar.dll
{ae07101b-46d4-4a98-af68-0333ea26e113}
TB: {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No File
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD

AVT\bin\kdbsync.exe" aml
StartupFolder: C:\Users\Rena\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Nettalk.lnk - C:\Program Files

(x86)\Nettalk6\Nettalk.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office

\Office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Nach Microsoft &Excel exportieren - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 83.169.186.225 83.169.186.161
TCP: Interfaces\{6AA9396E-72DE-436E-9E3A-064C7F1BEC93} : DhcpNameServer = 83.169.186.225 83.169.186.161
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{FE163F11-1919-4257-A280-FF5AF8DAEECB}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{ae07101b-46d4-4a98-af68-0333ea26e113}
TB-X64: {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No File
mRun-x64: [(Standard)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files

(x86)\AMD AVT\bin\kdbsync.exe" aml
IE-X64: {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\extensions\{64ead72b-ffd4-4e01-aa3a-

4c71665d73e4}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
---- FIREFOX POLICIES ----
.
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS

\dtsoftbus01.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows

\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-14 86224]
R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-14 110032]
R2 AntiVirWebService;Avira Browser Schutz;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2011-10-14 465360]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2012-5-12 6583160]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2012-5-12 528760]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows

\system32\drivers\AtihdW76.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[2012-4-3 257224]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

[2012-4-25 113120]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS --> C:\Windows\system32\DRIVERS\PFC027.SYS [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows

\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2012-06-21 23:08:36        2622464        ----a-w-        C:\Windows\System32\wucltux.dll
2012-06-21 23:08:32        99840        ----a-w-        C:\Windows\System32\wudriver.dll
2012-06-21 23:08:23        36864        ----a-w-        C:\Windows\System32\wuapp.exe
2012-06-21 23:08:23        186752        ----a-w-        C:\Windows\System32\wuwebv.dll
2012-06-21 23:07:04        --------        d-----w-        C:\Users\Rena\AppData\Roaming\Malwarebytes
2012-06-21 23:06:54        --------        d-----w-        C:\ProgramData\Malwarebytes
2012-06-19 15:20:40        421200        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-19 15:20:39        770384        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-19 06:27:30        9013136        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5061DE1B-E3BA-

4C48-A3FB-A530B784FFD2}\mpengine.dll
2012-06-17 21:39:45        --------        d-----w-        C:\ProgramData\Intenium
2012-06-14 21:03:35        --------        d-----w-        C:\Users\Rena\AppData\Roaming\Nettalk
2012-06-14 21:03:16        --------        d-----w-        C:\Program Files (x86)\Nettalk6
2012-06-12 09:06:52        --------        d-----w-        C:\Users\Rena\AppData\Local\Macromedia
2012-06-07 09:40:51        40960        ----a-r-        C:\Users\Rena\AppData\Roaming\Microsoft\Installer\{2510CF9A-3D92-4D1E-9124-

080F53F4E293}\NewShortcut1_2510CF9A3D924D1E9124080F53F4E293.exe
2012-06-07 09:40:51        40960        ----a-r-        C:\Users\Rena\AppData\Roaming\Microsoft\Installer\{2510CF9A-3D92-4D1E-9124-

080F53F4E293}\ARPPRODUCTICON.exe
2012-06-07 09:40:10        --------        d-----w-        C:\illusion
2012-05-29 21:53:56        902656        ----a-w-        C:\Windows\System32\d2d1.dll
2012-05-29 21:53:56        739840        ----a-w-        C:\Windows\SysWow64\d2d1.dll
2012-05-29 21:53:56        1139200        ----a-w-        C:\Windows\System32\FntCache.dll
2012-05-23 16:41:25        --------        d-----w-        C:\ProgramData\boost_interprocess
2012-05-23 16:39:07        --------        d-----w-        C:\teamspeak3-server_win64
.
==================== Find3M  ====================
.
2012-06-21 21:29:06        70344        ----a-w-        C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-21 21:29:06        426184        ----a-w-        C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-15 04:01:31        1188864        ----a-w-        C:\Windows\System32\wininet.dll
2012-05-15 03:03:54        981504        ----a-w-        C:\Windows\SysWow64\wininet.dll
2012-05-15 01:32:33        3146752        ----a-w-        C:\Windows\System32\win32k.sys
2012-05-08 19:36:09        98848        ----a-w-        C:\Windows\System32\drivers\avgntflt.sys
2012-05-05 19:48:03        8744608        ----a-w-        C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22        5559664        ----a-w-        C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53        3968368        ----a-w-        C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50        3913072        ----a-w-        C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20        209920        ----a-w-        C:\Windows\System32\profsvc.dll
2012-04-28 05:32:05        1112064        ----a-w-        C:\Windows\System32\rdpcorets.dll
2012-04-28 03:55:21        210944        ----a-w-        C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56        77312        ----a-w-        C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55        149504        ----a-w-        C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27        9216        ----a-w-        C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37        184320        ----a-w-        C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37        140288        ----a-w-        C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36        1462272        ----a-w-        C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42        140288        ----a-w-        C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42        1158656        ----a-w-        C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42        103936        ----a-w-        C:\Windows\SysWow64\cryptnet.dll
2012-04-20 03:45:41        1638912        ----a-w-        C:\Windows\System32\mshtml.tlb
2012-04-20 03:16:44        1638912        ----a-w-        C:\Windows\SysWow64\mshtml.tlb
2012-04-07 12:31:40        3216384        ----a-w-        C:\Windows\System32\msi.dll
2012-04-07 11:26:29        2342400        ----a-w-        C:\Windows\SysWow64\msi.dll
2012-04-06 05:22:40        11174400        ----a-w-        C:\Windows\System32\drivers\atikmdag.sys
2012-04-06 02:22:00        159744        ----a-w-        C:\Windows\System32\atiapfxx.exe
2012-04-06 02:21:52        909312        ----a-w-        C:\Windows\SysWow64\aticfx32.dll
2012-04-06 02:20:04        1067520        ----a-w-        C:\Windows\System32\aticfx64.dll
2012-04-06 02:16:52        442368        ----a-w-        C:\Windows\System32\ATIDEMGX.dll
2012-04-06 02:16:46        503808        ----a-w-        C:\Windows\System32\atieclxx.exe
2012-04-06 02:16:02        236544        ----a-w-        C:\Windows\System32\atiesrxx.exe
2012-04-06 02:14:44        120320        ----a-w-        C:\Windows\System32\atitmm64.dll
2012-04-06 02:14:30        21504        ----a-w-        C:\Windows\System32\atimuixx.dll
2012-04-06 02:14:26        59392        ----a-w-        C:\Windows\System32\atiedu64.dll
2012-04-06 02:14:20        43520        ----a-w-        C:\Windows\SysWow64\ati2edxx.dll
2012-04-06 02:13:42        6800896        ----a-w-        C:\Windows\SysWow64\atidxx32.dll
2012-04-06 02:10:50        26181632        ----a-w-        C:\Windows\System32\atio6axx.dll
2012-04-06 02:00:10        64000        ----a-w-        C:\Windows\System32\coinst.dll
2012-04-06 01:54:46        7479296        ----a-w-        C:\Windows\System32\atidxx64.dll
2012-04-06 01:50:56        19753984        ----a-w-        C:\Windows\SysWow64\atioglxx.dll
2012-04-06 01:35:24        1120768        ----a-w-        C:\Windows\System32\atiumd6v.dll
2012-04-06 01:34:50        1831424        ----a-w-        C:\Windows\SysWow64\atiumdmv.dll
2012-04-06 01:34:34        4731904        ----a-w-        C:\Windows\System32\atiumd6a.dll
2012-04-06 01:34:04        6203392        ----a-w-        C:\Windows\SysWow64\atiumdag.dll
2012-04-06 01:30:16        51200        ----a-w-        C:\Windows\System32\aticalrt64.dll
2012-04-06 01:30:14        46080        ----a-w-        C:\Windows\SysWow64\aticalrt.dll
2012-04-06 01:30:08        44544        ----a-w-        C:\Windows\System32\aticalcl64.dll
2012-04-06 01:30:06        44032        ----a-w-        C:\Windows\SysWow64\aticalcl.dll
2012-04-06 01:29:54        16090624        ----a-w-        C:\Windows\System32\aticaldd64.dll
2012-04-06 01:25:30        13764096        ----a-w-        C:\Windows\SysWow64\aticaldd.dll
2012-04-06 01:23:24        7431680        ----a-w-        C:\Windows\System32\atiumd64.dll
2012-04-06 01:22:54        4795904        ----a-w-        C:\Windows\SysWow64\atiumdva.dll
2012-04-06 01:11:28        514560        ----a-w-        C:\Windows\System32\atiadlxx.dll
2012-04-06 01:11:20        360448        ----a-w-        C:\Windows\SysWow64\atiadlxy.dll
2012-04-06 01:11:06        17408        ----a-w-        C:\Windows\System32\atig6pxx.dll
2012-04-06 01:11:04        14848        ----a-w-        C:\Windows\SysWow64\atiglpxx.dll
2012-04-06 01:11:04        14848        ----a-w-        C:\Windows\System32\atiglpxx.dll
2012-04-06 01:11:00        41984        ----a-w-        C:\Windows\System32\atig6txx.dll
2012-04-06 01:10:52        33280        ----a-w-        C:\Windows\SysWow64\atigktxx.dll
2012-04-06 01:10:44        343040        ----a-w-        C:\Windows\System32\drivers\atikmpag.sys
2012-04-06 01:09:56        54784        ----a-w-        C:\Windows\System32\atiuxp64.dll
2012-04-06 01:09:48        41984        ----a-w-        C:\Windows\SysWow64\atiuxpag.dll
2012-04-06 01:09:42        44544        ----a-w-        C:\Windows\System32\atiu9p64.dll
2012-04-06 01:09:34        32256        ----a-w-        C:\Windows\SysWow64\atiu9pag.dll
2012-04-06 01:09:02        53248        ----a-w-        C:\Windows\System32\drivers\ati2erec.dll
2012-04-06 01:06:08        54784        ----a-w-        C:\Windows\System32\atimpc64.dll
2012-04-06 01:06:08        54784        ----a-w-        C:\Windows\System32\amdpcom64.dll
2012-04-06 01:06:04        53760        ----a-w-        C:\Windows\SysWow64\atimpc32.dll
2012-04-06 01:06:04        53760        ----a-w-        C:\Windows\SysWow64\amdpcom32.dll
2012-04-05 20:34:26        187392        ----a-w-        C:\Windows\System32\clinfo.exe
2012-04-05 20:34:10        74752        ----a-w-        C:\Windows\System32\OpenVideo64.dll
2012-04-05 20:34:04        64512        ----a-w-        C:\Windows\SysWow64\OpenVideo.dll
2012-04-05 20:33:56        63488        ----a-w-        C:\Windows\System32\OVDecode64.dll
2012-04-05 20:33:52        56320        ----a-w-        C:\Windows\SysWow64\OVDecode.dll
2012-04-05 20:33:44        16457216        ----a-w-        C:\Windows\System32\amdocl64.dll
2012-04-05 20:32:56        13007872        ----a-w-        C:\Windows\SysWow64\amdocl.dll
2012-04-05 20:32:08        54784        ----a-w-        C:\Windows\System32\OpenCL.dll
2012-04-05 20:32:04        50176        ----a-w-        C:\Windows\SysWow64\OpenCL.dll
2012-04-01 10:21:02        525544        ----a-w-        C:\Windows\System32\deployJava1.dll
2012-03-30 11:35:47        1918320        ----a-w-        C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH:  9:11:09,04 ===============
[/CODE][/CODE]
--- --- ---
--- --- ---
--- --- ---

Larusso 22.06.2012 10:09
Die Dateien werden nur vom Desktop versteckt.

Rechtsklick auf den Desktop --> Ansicht --> Desktopsymbole anzeigen.

Sollte das nicht klappen, sag mir bitte bescheid und speichere die Tools direkt auf deinem Systemlaufwerk C:


Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
    Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.

GeFox 22.06.2012 10:17
Zudem mit rechtsklick auf Desktop......das ist ja schon aktiviert und es sind ja auch alle Dateien sichtbar nur halt die, die ich jetzt drauf Speicher sind nicht da


11:13:22.0105 3364 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
11:13:22.0542 3364 ============================================================
11:13:22.0542 3364 Current date / time: 2012/06/22 11:13:22.0542
11:13:22.0542 3364 SystemInfo:
11:13:22.0542 3364
11:13:22.0542 3364 OS Version: 6.1.7601 ServicePack: 1.0
11:13:22.0542 3364 Product type: Workstation
11:13:22.0542 3364 ComputerName: RENA-PC
11:13:22.0542 3364 UserName: Rena
11:13:22.0542 3364 Windows directory: C:\Windows
11:13:22.0542 3364 System windows directory: C:\Windows
11:13:22.0542 3364 Running under WOW64
11:13:22.0542 3364 Processor architecture: Intel x64
11:13:22.0542 3364 Number of processors: 4
11:13:22.0542 3364 Page size: 0x1000
11:13:22.0542 3364 Boot type: Normal boot
11:13:22.0542 3364 ============================================================
11:13:23.0385 3364 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:13:32.0729 3364 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:13:32.0729 3364 ============================================================
11:13:32.0729 3364 \Device\Harddisk0\DR0:
11:13:32.0745 3364 MBR partitions:
11:13:32.0745 3364 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:13:32.0745 3364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x8051800
11:13:32.0745 3364 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x8084000, BlocksNum 0x32301800
11:13:32.0745 3364 \Device\Harddisk1\DR1:
11:13:32.0745 3364 MBR partitions:
11:13:32.0745 3364 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
11:13:32.0745 3364 ============================================================
11:13:32.0760 3364 C: <-> \Device\Harddisk0\DR0\Partition1
11:13:32.0791 3364 E: <-> \Device\Harddisk1\DR1\Partition0
11:13:32.0823 3364 D: <-> \Device\Harddisk0\DR0\Partition2
11:13:32.0823 3364 ============================================================
11:13:32.0823 3364 Initialize success
11:13:32.0823 3364 ============================================================
11:13:34.0632 0116 ============================================================
11:13:34.0632 0116 Scan started
11:13:34.0632 0116 Mode: Manual;
11:13:34.0632 0116 ============================================================
11:13:35.0490 0116 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:13:35.0490 0116 1394ohci - ok
11:13:35.0537 0116 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:13:35.0537 0116 ACPI - ok
11:13:35.0553 0116 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:13:35.0553 0116 AcpiPmi - ok
11:13:35.0615 0116 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:13:35.0615 0116 AdobeARMservice - ok
11:13:35.0709 0116 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:13:35.0709 0116 AdobeFlashPlayerUpdateSvc - ok
11:13:35.0755 0116 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:13:35.0771 0116 adp94xx - ok
11:13:35.0802 0116 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:13:35.0802 0116 adpahci - ok
11:13:35.0818 0116 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:13:35.0818 0116 adpu320 - ok
11:13:35.0833 0116 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:13:35.0833 0116 AeLookupSvc - ok
11:13:35.0880 0116 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:13:35.0880 0116 AFD - ok
11:13:35.0911 0116 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:13:35.0911 0116 agp440 - ok
11:13:36.0130 0116 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll
11:13:36.0130 0116 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
11:13:36.0130 0116 Akamai ( HiddenFile.Multi.Generic ) - warning
11:13:36.0130 0116 Akamai - detected HiddenFile.Multi.Generic (1)
11:13:36.0208 0116 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:13:36.0208 0116 ALG - ok
11:13:36.0239 0116 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:13:36.0239 0116 aliide - ok
11:13:36.0270 0116 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
11:13:36.0270 0116 AMD External Events Utility - ok
11:13:36.0286 0116 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:13:36.0286 0116 amdide - ok
11:13:36.0411 0116 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:13:36.0411 0116 AmdK8 - ok
11:13:37.0047 0116 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
11:13:37.0164 0116 amdkmdag - ok
11:13:37.0273 0116 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
11:13:37.0273 0116 amdkmdap - ok
11:13:37.0304 0116 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:13:37.0304 0116 AmdPPM - ok
11:13:37.0335 0116 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:13:37.0335 0116 amdsata - ok
11:13:37.0351 0116 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:13:37.0366 0116 amdsbs - ok
11:13:37.0382 0116 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:13:37.0382 0116 amdxata - ok
11:13:37.0429 0116 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:13:37.0429 0116 AntiVirSchedulerService - ok
11:13:37.0460 0116 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:13:37.0460 0116 AntiVirService - ok
11:13:37.0491 0116 AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
11:13:37.0507 0116 AntiVirWebService - ok
11:13:37.0538 0116 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:13:37.0538 0116 AppID - ok
11:13:37.0554 0116 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:13:37.0569 0116 AppIDSvc - ok
11:13:37.0585 0116 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:13:37.0585 0116 Appinfo - ok
11:13:37.0616 0116 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
11:13:37.0616 0116 AppMgmt - ok
11:13:37.0647 0116 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:13:37.0647 0116 arc - ok
11:13:37.0663 0116 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:13:37.0663 0116 arcsas - ok
11:13:37.0678 0116 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:13:37.0678 0116 AsyncMac - ok
11:13:37.0710 0116 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:13:37.0710 0116 atapi - ok
11:13:37.0741 0116 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
11:13:37.0741 0116 AtiHDAudioService - ok
11:13:38.0224 0116 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
11:13:38.0271 0116 atikmdag - ok
11:13:38.0380 0116 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:13:38.0380 0116 AudioEndpointBuilder - ok
11:13:38.0396 0116 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:13:38.0396 0116 AudioSrv - ok
11:13:38.0458 0116 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
11:13:38.0458 0116 avgntflt - ok
11:13:38.0490 0116 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
11:13:38.0490 0116 avipbb - ok
11:13:38.0505 0116 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
11:13:38.0505 0116 avkmgr - ok
11:13:38.0521 0116 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:13:38.0521 0116 AxInstSV - ok
11:13:38.0568 0116 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:13:38.0583 0116 b06bdrv - ok
11:13:38.0614 0116 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:13:38.0614 0116 b57nd60a - ok
11:13:38.0646 0116 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:13:38.0646 0116 BDESVC - ok
11:13:38.0646 0116 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:13:38.0646 0116 Beep - ok
11:13:38.0708 0116 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:13:38.0724 0116 BITS - ok
11:13:38.0739 0116 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:13:38.0739 0116 blbdrive - ok
11:13:38.0770 0116 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:13:38.0770 0116 bowser - ok
11:13:38.0786 0116 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:13:38.0786 0116 BrFiltLo - ok
11:13:38.0786 0116 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:13:38.0786 0116 BrFiltUp - ok
11:13:38.0817 0116 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:13:38.0817 0116 Browser - ok
11:13:38.0833 0116 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:13:38.0848 0116 Brserid - ok
11:13:38.0848 0116 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:13:38.0864 0116 BrSerWdm - ok
11:13:38.0864 0116 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:13:38.0864 0116 BrUsbMdm - ok
11:13:38.0864 0116 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:13:38.0864 0116 BrUsbSer - ok
11:13:38.0880 0116 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:13:38.0880 0116 BTHMODEM - ok
11:13:38.0911 0116 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:13:38.0911 0116 bthserv - ok
11:13:38.0926 0116 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:13:38.0926 0116 cdfs - ok
11:13:38.0958 0116 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:13:38.0958 0116 cdrom - ok
11:13:38.0973 0116 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:13:38.0989 0116 CertPropSvc - ok
11:13:39.0004 0116 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:13:39.0004 0116 circlass - ok
11:13:39.0020 0116 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:13:39.0020 0116 CLFS - ok
11:13:39.0082 0116 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:13:39.0082 0116 clr_optimization_v2.0.50727_32 - ok
11:13:39.0114 0116 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:13:39.0129 0116 clr_optimization_v2.0.50727_64 - ok
11:13:39.0176 0116 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:13:39.0176 0116 clr_optimization_v4.0.30319_32 - ok
11:13:39.0207 0116 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:13:39.0207 0116 clr_optimization_v4.0.30319_64 - ok
11:13:39.0223 0116 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:13:39.0223 0116 CmBatt - ok
11:13:39.0238 0116 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:13:39.0238 0116 cmdide - ok
11:13:39.0285 0116 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:13:39.0285 0116 CNG - ok
11:13:39.0316 0116 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:13:39.0316 0116 Compbatt - ok
11:13:39.0332 0116 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:13:39.0332 0116 CompositeBus - ok
11:13:39.0348 0116 COMSysApp - ok
11:13:39.0363 0116 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:13:39.0363 0116 crcdisk - ok
11:13:39.0394 0116 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
11:13:39.0394 0116 CryptSvc - ok
11:13:39.0441 0116 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:13:39.0441 0116 CSC - ok
11:13:39.0488 0116 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
11:13:39.0488 0116 CscService - ok
11:13:39.0535 0116 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:13:39.0535 0116 DcomLaunch - ok
11:13:39.0566 0116 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:13:39.0566 0116 defragsvc - ok
11:13:39.0613 0116 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:13:39.0613 0116 DfsC - ok
11:13:39.0644 0116 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:13:39.0644 0116 Dhcp - ok
11:13:39.0660 0116 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:13:39.0660 0116 discache - ok
11:13:39.0675 0116 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:13:39.0675 0116 Disk - ok
11:13:39.0706 0116 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:13:39.0706 0116 Dnscache - ok
11:13:39.0738 0116 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:13:39.0738 0116 dot3svc - ok
11:13:39.0769 0116 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:13:39.0784 0116 DPS - ok
11:13:39.0800 0116 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:13:39.0800 0116 drmkaud - ok
11:13:39.0847 0116 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:13:39.0847 0116 dtsoftbus01 - ok
11:13:39.0909 0116 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:13:39.0909 0116 DXGKrnl - ok
11:13:39.0940 0116 EagleX64 - ok
11:13:39.0972 0116 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:13:39.0972 0116 EapHost - ok
11:13:40.0096 0116 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:13:40.0143 0116 ebdrv - ok
11:13:40.0206 0116 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:13:40.0206 0116 EFS - ok
11:13:40.0252 0116 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:13:40.0252 0116 ehRecvr - ok
11:13:40.0284 0116 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:13:40.0284 0116 ehSched - ok
11:13:40.0330 0116 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:13:40.0330 0116 elxstor - ok
11:13:40.0362 0116 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:13:40.0362 0116 ErrDev - ok
11:13:40.0393 0116 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:13:40.0393 0116 EventSystem - ok
11:13:40.0424 0116 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:13:40.0424 0116 exfat - ok
11:13:40.0440 0116 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:13:40.0440 0116 fastfat - ok
11:13:40.0502 0116 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:13:40.0502 0116 Fax - ok
11:13:40.0518 0116 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:13:40.0518 0116 fdc - ok
11:13:40.0533 0116 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:13:40.0533 0116 fdPHost - ok
11:13:40.0533 0116 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:13:40.0533 0116 FDResPub - ok
11:13:40.0549 0116 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:13:40.0549 0116 FileInfo - ok
11:13:40.0564 0116 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:13:40.0564 0116 Filetrace - ok
11:13:40.0642 0116 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:13:40.0674 0116 FLEXnet Licensing Service - ok
11:13:40.0689 0116 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:13:40.0689 0116 flpydisk - ok
11:13:40.0720 0116 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:13:40.0720 0116 FltMgr - ok
11:13:40.0783 0116 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:13:40.0798 0116 FontCache - ok
11:13:40.0845 0116 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:13:40.0845 0116 FontCache3.0.0.0 - ok
11:13:40.0861 0116 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:13:40.0861 0116 FsDepends - ok
11:13:40.0876 0116 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:13:40.0876 0116 Fs_Rec - ok
11:13:40.0923 0116 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:13:40.0923 0116 fvevol - ok
11:13:40.0939 0116 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:13:40.0939 0116 gagp30kx - ok
11:13:41.0001 0116 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:13:41.0001 0116 gpsvc - ok
11:13:41.0032 0116 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
11:13:41.0032 0116 hamachi - ok
11:13:41.0173 0116 Hamachi2Svc (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
11:13:41.0204 0116 Hamachi2Svc - ok
11:13:41.0266 0116 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:13:41.0266 0116 hcw85cir - ok
11:13:41.0313 0116 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:13:41.0329 0116 HdAudAddService - ok
11:13:41.0344 0116 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:13:41.0344 0116 HDAudBus - ok
11:13:41.0360 0116 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:13:41.0360 0116 HidBatt - ok
11:13:41.0376 0116 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:13:41.0376 0116 HidBth - ok
11:13:41.0391 0116 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:13:41.0391 0116 HidIr - ok
11:13:41.0407 0116 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:13:41.0407 0116 hidserv - ok
11:13:41.0438 0116 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:13:41.0438 0116 HidUsb - ok
11:13:41.0469 0116 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:13:41.0469 0116 hkmsvc - ok
11:13:41.0500 0116 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:13:41.0500 0116 HomeGroupListener - ok
11:13:41.0516 0116 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:13:41.0516 0116 HomeGroupProvider - ok
11:13:41.0703 0116 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:13:41.0703 0116 HpSAMD - ok
11:13:41.0812 0116 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:13:41.0828 0116 HTTP - ok
11:13:41.0844 0116 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:13:41.0844 0116 hwpolicy - ok
11:13:41.0859 0116 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:13:41.0859 0116 i8042prt - ok
11:13:41.0890 0116 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:13:41.0890 0116 iaStorV - ok
11:13:41.0968 0116 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
11:13:41.0968 0116 IDriverT - ok
11:13:42.0046 0116 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:13:42.0078 0116 idsvc - ok
11:13:42.0140 0116 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:13:42.0140 0116 iirsp - ok
11:13:42.0218 0116 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:13:42.0218 0116 IKEEXT - ok
11:13:42.0234 0116 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:13:42.0249 0116 intelide - ok
11:13:42.0265 0116 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:13:42.0265 0116 intelppm - ok
11:13:42.0280 0116 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:13:42.0280 0116 IPBusEnum - ok
11:13:42.0312 0116 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:13:42.0312 0116 IpFilterDriver - ok
11:13:42.0327 0116 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:13:42.0327 0116 IPMIDRV - ok
11:13:42.0343 0116 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:13:42.0343 0116 IPNAT - ok
11:13:42.0358 0116 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:13:42.0358 0116 IRENUM - ok
11:13:42.0374 0116 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:13:42.0374 0116 isapnp - ok
11:13:42.0405 0116 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:13:42.0405 0116 iScsiPrt - ok
11:13:42.0436 0116 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:13:42.0436 0116 kbdclass - ok
11:13:42.0436 0116 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:13:42.0436 0116 kbdhid - ok
11:13:42.0468 0116 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:13:42.0468 0116 KeyIso - ok
11:13:42.0483 0116 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:13:42.0483 0116 KSecDD - ok
11:13:42.0483 0116 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:13:42.0499 0116 KSecPkg - ok
11:13:42.0499 0116 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:13:42.0499 0116 ksthunk - ok
11:13:42.0530 0116 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:13:42.0530 0116 KtmRm - ok
11:13:42.0577 0116 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
11:13:42.0577 0116 L1E - ok
11:13:42.0608 0116 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
11:13:42.0608 0116 LanmanServer - ok
11:13:42.0624 0116 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:13:42.0639 0116 LanmanWorkstation - ok
11:13:42.0655 0116 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:13:42.0655 0116 lltdio - ok
11:13:42.0670 0116 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:13:42.0686 0116 lltdsvc - ok
11:13:42.0702 0116 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:13:42.0702 0116 lmhosts - ok
11:13:42.0733 0116 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:13:42.0733 0116 LSI_FC - ok
11:13:42.0748 0116 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:13:42.0748 0116 LSI_SAS - ok
11:13:42.0764 0116 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:13:42.0764 0116 LSI_SAS2 - ok
11:13:42.0780 0116 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:13:42.0780 0116 LSI_SCSI - ok
11:13:42.0795 0116 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:13:42.0795 0116 luafv - ok
11:13:42.0811 0116 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:13:42.0826 0116 Mcx2Svc - ok
11:13:42.0842 0116 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:13:42.0842 0116 megasas - ok
11:13:42.0858 0116 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:13:42.0858 0116 MegaSR - ok
11:13:42.0873 0116 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:13:42.0873 0116 MMCSS - ok
11:13:42.0889 0116 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:13:42.0889 0116 Modem - ok
11:13:42.0904 0116 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:13:42.0904 0116 monitor - ok
11:13:42.0936 0116 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:13:42.0936 0116 mouclass - ok
11:13:42.0936 0116 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:13:42.0936 0116 mouhid - ok
11:13:42.0951 0116 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:13:42.0967 0116 mountmgr - ok
11:13:43.0014 0116 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:13:43.0014 0116 MozillaMaintenance - ok
11:13:43.0045 0116 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:13:43.0045 0116 mpio - ok
11:13:43.0060 0116 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:13:43.0060 0116 mpsdrv - ok
11:13:43.0076 0116 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:13:43.0076 0116 MRxDAV - ok
11:13:43.0107 0116 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:13:43.0107 0116 mrxsmb - ok
11:13:43.0123 0116 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:13:43.0138 0116 mrxsmb10 - ok
11:13:43.0154 0116 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:13:43.0154 0116 mrxsmb20 - ok
11:13:43.0170 0116 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:13:43.0170 0116 msahci - ok
11:13:43.0185 0116 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:13:43.0185 0116 msdsm - ok
11:13:43.0216 0116 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:13:43.0232 0116 MSDTC - ok
11:13:43.0248 0116 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:13:43.0248 0116 Msfs - ok
11:13:43.0263 0116 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:13:43.0263 0116 mshidkmdf - ok
11:13:43.0263 0116 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:13:43.0263 0116 msisadrv - ok
11:13:43.0310 0116 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:13:43.0326 0116 MSiSCSI - ok
11:13:43.0341 0116 msiserver - ok
11:13:43.0372 0116 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:13:43.0372 0116 MSKSSRV - ok
11:13:43.0388 0116 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:13:43.0388 0116 MSPCLOCK - ok
11:13:43.0388 0116 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:13:43.0388 0116 MSPQM - ok
11:13:43.0435 0116 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:13:43.0435 0116 MsRPC - ok
11:13:43.0450 0116 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:13:43.0450 0116 mssmbios - ok
11:13:43.0450 0116 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:13:43.0450 0116 MSTEE - ok
11:13:43.0466 0116 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:13:43.0466 0116 MTConfig - ok
11:13:43.0497 0116 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
11:13:43.0497 0116 MTsensor - ok
11:13:43.0513 0116 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:13:43.0528 0116 Mup - ok
11:13:43.0544 0116 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:13:43.0560 0116 napagent - ok
11:13:43.0575 0116 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:13:43.0591 0116 NativeWifiP - ok
11:13:43.0653 0116 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:13:43.0653 0116 NDIS - ok
11:13:43.0669 0116 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:13:43.0669 0116 NdisCap - ok
11:13:43.0684 0116 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:13:43.0684 0116 NdisTapi - ok
11:13:43.0716 0116 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:13:43.0716 0116 Ndisuio - ok
11:13:43.0731 0116 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:13:43.0731 0116 NdisWan - ok
11:13:43.0747 0116 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:13:43.0747 0116 NDProxy - ok
11:13:43.0762 0116 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:13:43.0762 0116 NetBIOS - ok
11:13:43.0778 0116 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:13:43.0794 0116 NetBT - ok
11:13:43.0809 0116 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:13:43.0809 0116 Netlogon - ok
11:13:43.0840 0116 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:13:43.0856 0116 Netman - ok
11:13:43.0887 0116 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:13:43.0887 0116 netprofm - ok
11:13:43.0934 0116 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:13:43.0950 0116 NetTcpPortSharing - ok
11:13:43.0965 0116 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:13:43.0965 0116 nfrd960 - ok
11:13:43.0996 0116 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:13:43.0996 0116 NlaSvc - ok
11:13:44.0012 0116 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:13:44.0012 0116 Npfs - ok
11:13:44.0028 0116 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:13:44.0028 0116 nsi - ok
11:13:44.0028 0116 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:13:44.0028 0116 nsiproxy - ok
11:13:44.0137 0116 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:13:44.0152 0116 Ntfs - ok
11:13:44.0199 0116 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:13:44.0199 0116 Null - ok
11:13:44.0230 0116 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:13:44.0246 0116 nvraid - ok
11:13:44.0262 0116 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:13:44.0262 0116 nvstor - ok
11:13:44.0293 0116 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:13:44.0293 0116 nv_agp - ok
11:13:44.0308 0116 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:13:44.0308 0116 ohci1394 - ok
11:13:44.0340 0116 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:13:44.0340 0116 p2pimsvc - ok
11:13:44.0355 0116 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:13:44.0371 0116 p2psvc - ok
11:13:44.0418 0116 PAC207 (3a6dceb1848470320e4a3c12d7a35b1c) C:\Windows\system32\DRIVERS\PFC027.SYS
11:13:44.0418 0116 PAC207 - ok
11:13:44.0433 0116 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:13:44.0433 0116 Parport - ok
11:13:44.0449 0116 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:13:44.0449 0116 partmgr - ok
11:13:44.0480 0116 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:13:44.0480 0116 PcaSvc - ok
11:13:44.0496 0116 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:13:44.0496 0116 pci - ok
11:13:44.0511 0116 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:13:44.0511 0116 pciide - ok
11:13:44.0527 0116 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:13:44.0527 0116 pcmcia - ok
11:13:44.0542 0116 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:13:44.0542 0116 pcw - ok
11:13:44.0574 0116 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:13:44.0589 0116 PEAUTH - ok
11:13:44.0652 0116 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
11:13:44.0667 0116 PeerDistSvc - ok
11:13:44.0730 0116 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:13:44.0730 0116 PerfHost - ok
11:13:44.0854 0116 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:13:44.0870 0116 pla - ok
11:13:44.0917 0116 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:13:44.0917 0116 PlugPlay - ok
11:13:44.0932 0116 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:13:44.0932 0116 PNRPAutoReg - ok
11:13:44.0964 0116 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:13:44.0964 0116 PNRPsvc - ok
11:13:44.0995 0116 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:13:45.0010 0116 PolicyAgent - ok
11:13:45.0042 0116 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:13:45.0042 0116 Power - ok
11:13:45.0088 0116 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:13:45.0088 0116 PptpMiniport - ok
11:13:45.0104 0116 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:13:45.0104 0116 Processor - ok
11:13:45.0135 0116 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
11:13:45.0135 0116 ProfSvc - ok
11:13:45.0151 0116 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:13:45.0151 0116 ProtectedStorage - ok
11:13:45.0182 0116 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:13:45.0182 0116 Psched - ok
11:13:45.0260 0116 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:13:45.0291 0116 ql2300 - ok
11:13:45.0354 0116 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:13:45.0354 0116 ql40xx - ok
11:13:45.0369 0116 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:13:45.0369 0116 QWAVE - ok
11:13:45.0385 0116 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:13:45.0385 0116 QWAVEdrv - ok
11:13:45.0400 0116 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:13:45.0400 0116 RasAcd - ok
11:13:45.0432 0116 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:13:45.0432 0116 RasAgileVpn - ok
11:13:45.0432 0116 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:13:45.0447 0116 RasAuto - ok
11:13:45.0478 0116 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:13:45.0478 0116 Rasl2tp - ok
11:13:45.0510 0116 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:13:45.0510 0116 RasMan - ok
11:13:45.0525 0116 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:13:45.0525 0116 RasPppoe - ok
11:13:45.0541 0116 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:13:45.0541 0116 RasSstp - ok
11:13:45.0572 0116 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:13:45.0572 0116 rdbss - ok
11:13:45.0588 0116 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:13:45.0588 0116 rdpbus - ok
11:13:45.0588 0116 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:13:45.0603 0116 RDPCDD - ok
11:13:45.0619 0116 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:13:45.0619 0116 RDPDR - ok
11:13:45.0650 0116 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:13:45.0650 0116 RDPENCDD - ok
11:13:45.0666 0116 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:13:45.0666 0116 RDPREFMP - ok
11:13:45.0712 0116 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
11:13:45.0712 0116 RdpVideoMiniport - ok
11:13:45.0744 0116 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
11:13:45.0744 0116 RDPWD - ok
11:13:45.0759 0116 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:13:45.0759 0116 rdyboost - ok
11:13:45.0790 0116 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:13:45.0790 0116 RemoteAccess - ok
11:13:45.0822 0116 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:13:45.0822 0116 RemoteRegistry - ok
11:13:45.0822 0116 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:13:45.0822 0116 RpcEptMapper - ok
11:13:45.0853 0116 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:13:45.0853 0116 RpcLocator - ok
11:13:45.0884 0116 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:13:45.0884 0116 RpcSs - ok
11:13:45.0900 0116 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:13:45.0900 0116 rspndr - ok
11:13:45.0915 0116 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:13:45.0915 0116 s3cap - ok
11:13:45.0946 0116 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:13:45.0946 0116 SamSs - ok
11:13:45.0962 0116 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:13:45.0962 0116 sbp2port - ok
11:13:45.0978 0116 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:13:45.0993 0116 SCardSvr - ok
11:13:46.0009 0116 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:13:46.0009 0116 scfilter - ok
11:13:46.0071 0116 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:13:46.0071 0116 Schedule - ok
11:13:46.0102 0116 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:13:46.0102 0116 SCPolicySvc - ok
11:13:46.0118 0116 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:13:46.0118 0116 SDRSVC - ok
11:13:46.0149 0116 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:13:46.0149 0116 secdrv - ok
11:13:46.0165 0116 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:13:46.0180 0116 seclogon - ok
11:13:46.0180 0116 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:13:46.0180 0116 SENS - ok
11:13:46.0196 0116 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:13:46.0196 0116 SensrSvc - ok
11:13:46.0227 0116 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:13:46.0227 0116 Serenum - ok
11:13:46.0227 0116 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:13:46.0227 0116 Serial - ok
11:13:46.0258 0116 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:13:46.0258 0116 sermouse - ok
11:13:46.0290 0116 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:13:46.0290 0116 SessionEnv - ok
11:13:46.0305 0116 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:13:46.0305 0116 sffdisk - ok
11:13:46.0321 0116 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:13:46.0321 0116 sffp_mmc - ok
11:13:46.0321 0116 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:13:46.0321 0116 sffp_sd - ok
11:13:46.0321 0116 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:13:46.0321 0116 sfloppy - ok
11:13:46.0368 0116 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:13:46.0368 0116 ShellHWDetection - ok
11:13:46.0383 0116 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:13:46.0383 0116 SiSRaid2 - ok
11:13:46.0399 0116 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:13:46.0399 0116 SiSRaid4 - ok
11:13:46.0477 0116 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
11:13:46.0477 0116 SkypeUpdate - ok
11:13:46.0492 0116 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:13:46.0492 0116 Smb - ok
11:13:46.0524 0116 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:13:46.0524 0116 SNMPTRAP - ok
11:13:46.0539 0116 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:13:46.0539 0116 spldr - ok
11:13:46.0570 0116 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:13:46.0570 0116 Spooler - ok
11:13:46.0742 0116 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:13:46.0773 0116 sppsvc - ok
11:13:46.0820 0116 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:13:46.0836 0116 sppuinotify - ok
11:13:46.0867 0116 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:13:46.0867 0116 srv - ok
11:13:46.0898 0116 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:13:46.0898 0116 srv2 - ok
11:13:46.0914 0116 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:13:46.0914 0116 srvnet - ok
11:13:46.0945 0116 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:13:46.0945 0116 SSDPSRV - ok
11:13:46.0960 0116 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:13:46.0960 0116 SstpSvc - ok
11:13:46.0992 0116 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:13:46.0992 0116 stexstor - ok
11:13:47.0038 0116 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:13:47.0038 0116 stisvc - ok
11:13:47.0070 0116 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
11:13:47.0070 0116 storflt - ok
11:13:47.0070 0116 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:13:47.0070 0116 storvsc - ok
11:13:47.0085 0116 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:13:47.0085 0116 swenum - ok
11:13:47.0116 0116 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:13:47.0132 0116 swprv - ok
11:13:47.0132 0116 Synth3dVsc - ok
11:13:47.0226 0116 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:13:47.0241 0116 SysMain - ok
11:13:47.0319 0116 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:13:47.0319 0116 TabletInputService - ok
11:13:47.0647 0116 TabletServicePen (c4c20cfa4f42e9b7454e895c5c47bcd3) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
11:13:47.0709 0116 TabletServicePen - ok
11:13:47.0787 0116 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:13:47.0787 0116 TapiSrv - ok
11:13:47.0803 0116 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:13:47.0803 0116 TBS - ok
11:13:47.0912 0116 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:13:47.0928 0116 Tcpip - ok
11:13:48.0037 0116 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:13:48.0052 0116 TCPIP6 - ok
11:13:48.0099 0116 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:13:48.0099 0116 tcpipreg - ok
11:13:48.0115 0116 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:13:48.0115 0116 TDPIPE - ok
11:13:48.0146 0116 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:13:48.0146 0116 TDTCP - ok
11:13:48.0162 0116 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:13:48.0162 0116 tdx - ok
11:13:48.0177 0116 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:13:48.0177 0116 TermDD - ok
11:13:48.0224 0116 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:13:48.0224 0116 TermService - ok
11:13:48.0255 0116 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:13:48.0255 0116 Themes - ok
11:13:48.0271 0116 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:13:48.0271 0116 THREADORDER - ok
11:13:48.0349 0116 TouchServicePen (7625dcf246e488e523dc1f64c38abda2) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
11:13:48.0349 0116 TouchServicePen - ok
11:13:48.0364 0116 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:13:48.0364 0116 TrkWks - ok
11:13:48.0396 0116 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:13:48.0396 0116 TrustedInstaller - ok
11:13:48.0427 0116 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:13:48.0427 0116 tssecsrv - ok
11:13:48.0442 0116 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:13:48.0442 0116 TsUsbFlt - ok
11:13:48.0458 0116 tsusbhub - ok
11:13:48.0489 0116 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:13:48.0505 0116 tunnel - ok
11:13:48.0520 0116 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:13:48.0520 0116 uagp35 - ok
11:13:48.0536 0116 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:13:48.0552 0116 udfs - ok
11:13:48.0567 0116 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:13:48.0567 0116 UI0Detect - ok
11:13:48.0583 0116 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:13:48.0583 0116 uliagpkx - ok
11:13:48.0614 0116 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:13:48.0614 0116 umbus - ok
11:13:48.0614 0116 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:13:48.0630 0116 UmPass - ok
11:13:48.0661 0116 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
11:13:48.0661 0116 UmRdpService - ok
11:13:48.0676 0116 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:13:48.0692 0116 upnphost - ok
11:13:48.0692 0116 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:13:48.0692 0116 usbccgp - ok
11:13:48.0708 0116 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:13:48.0723 0116 usbcir - ok
11:13:48.0723 0116 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:13:48.0739 0116 usbehci - ok
11:13:48.0754 0116 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:13:48.0754 0116 usbhub - ok
11:13:48.0770 0116 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:13:48.0770 0116 usbohci - ok
11:13:48.0786 0116 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:13:48.0786 0116 usbprint - ok
11:13:48.0801 0116 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:13:48.0801 0116 USBSTOR - ok
11:13:48.0817 0116 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
11:13:48.0817 0116 usbuhci - ok
11:13:48.0832 0116 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:13:48.0832 0116 UxSms - ok
11:13:48.0848 0116 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:13:48.0848 0116 VaultSvc - ok
11:13:48.0864 0116 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:13:48.0864 0116 vdrvroot - ok
11:13:48.0895 0116 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:13:48.0910 0116 vds - ok
11:13:48.0926 0116 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:13:48.0926 0116 vga - ok
11:13:48.0942 0116 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:13:48.0942 0116 VgaSave - ok
11:13:48.0942 0116 VGPU - ok
11:13:48.0957 0116 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:13:48.0957 0116 vhdmp - ok
11:13:48.0973 0116 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:13:48.0973 0116 viaide - ok
11:13:49.0004 0116 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
11:13:49.0004 0116 vmbus - ok
11:13:49.0020 0116 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:13:49.0020 0116 VMBusHID - ok
11:13:49.0020 0116 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:13:49.0035 0116 volmgr - ok
11:13:49.0066 0116 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:13:49.0066 0116 volmgrx - ok
11:13:49.0082 0116 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:13:49.0082 0116 volsnap - ok
11:13:49.0113 0116 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:13:49.0113 0116 vsmraid - ok
11:13:49.0191 0116 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:13:49.0207 0116 VSS - ok
11:13:49.0269 0116 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:13:49.0269 0116 vwifibus - ok
11:13:49.0300 0116 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:13:49.0300 0116 W32Time - ok
11:13:49.0332 0116 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
11:13:49.0347 0116 wacommousefilter - ok
11:13:49.0347 0116 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:13:49.0363 0116 WacomPen - ok
11:13:49.0378 0116 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
11:13:49.0378 0116 wacomvhid - ok
11:13:49.0410 0116 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:13:49.0410 0116 WANARP - ok
11:13:49.0425 0116 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:13:49.0425 0116 Wanarpv6 - ok
11:13:49.0503 0116 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:13:49.0519 0116 wbengine - ok
11:13:49.0581 0116 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:13:49.0581 0116 WbioSrvc - ok
11:13:49.0612 0116 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:13:49.0612 0116 wcncsvc - ok
11:13:49.0628 0116 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:13:49.0628 0116 WcsPlugInService - ok
11:13:49.0644 0116 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:13:49.0644 0116 Wd - ok
11:13:49.0675 0116 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:13:49.0690 0116 Wdf01000 - ok
11:13:49.0706 0116 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:13:49.0706 0116 WdiServiceHost - ok
11:13:49.0706 0116 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:13:49.0706 0116 WdiSystemHost - ok
11:13:49.0737 0116 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:13:49.0753 0116 WebClient - ok
11:13:49.0768 0116 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:13:49.0768 0116 Wecsvc - ok
11:13:49.0784 0116 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:13:49.0784 0116 wercplsupport - ok
11:13:49.0800 0116 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:13:49.0800 0116 WerSvc - ok
11:13:49.0831 0116 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:13:49.0831 0116 WfpLwf - ok
11:13:49.0846 0116 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:13:49.0846 0116 WIMMount - ok
11:13:49.0846 0116 WinHttpAutoProxySvc - ok
11:13:49.0893 0116 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:13:49.0909 0116 Winmgmt - ok
11:13:50.0002 0116 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:13:50.0034 0116 WinRM - ok
11:13:50.0143 0116 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:13:50.0143 0116 Wlansvc - ok
11:13:50.0158 0116 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:13:50.0158 0116 WmiAcpi - ok
11:13:50.0190 0116 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:13:50.0190 0116 wmiApSrv - ok
11:13:50.0205 0116 WMPNetworkSvc - ok
11:13:50.0221 0116 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:13:50.0236 0116 WPCSvc - ok
11:13:50.0252 0116 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:13:50.0252 0116 WPDBusEnum - ok
11:13:50.0268 0116 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:13:50.0268 0116 ws2ifsl - ok
11:13:50.0283 0116 WSearch - ok
11:13:50.0377 0116 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:13:50.0424 0116 wuauserv - ok
11:13:50.0502 0116 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:13:50.0502 0116 WudfPf - ok
11:13:50.0533 0116 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:13:50.0533 0116 WUDFRd - ok
11:13:50.0564 0116 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:13:50.0564 0116 wudfsvc - ok
11:13:50.0580 0116 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:13:50.0595 0116 WwanSvc - ok
11:13:50.0689 0116 X6va005 - ok
11:13:50.0736 0116 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:13:51.0032 0116 \Device\Harddisk0\DR0 - ok
11:13:51.0141 0116 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
11:13:51.0266 0116 \Device\Harddisk1\DR1 - ok
11:13:51.0266 0116 Boot (0x1200) (9387484a3a554811b6c10ca8d417b9ce) \Device\Harddisk0\DR0\Partition0
11:13:51.0266 0116 \Device\Harddisk0\DR0\Partition0 - ok
11:13:51.0282 0116 Boot (0x1200) (d9ac081942e1e085c03c472a90321a01) \Device\Harddisk0\DR0\Partition1
11:13:51.0282 0116 \Device\Harddisk0\DR0\Partition1 - ok
11:13:51.0282 0116 Boot (0x1200) (f00f2bcf175834645b9897e5977f0e49) \Device\Harddisk0\DR0\Partition2
11:13:51.0282 0116 \Device\Harddisk0\DR0\Partition2 - ok
11:13:51.0297 0116 Boot (0x1200) (eeebff0b4c8af9edcdab7c6d623afc4e) \Device\Harddisk1\DR1\Partition0
11:13:51.0297 0116 \Device\Harddisk1\DR1\Partition0 - ok
11:13:51.0297 0116 ============================================================
11:13:51.0297 0116 Scan finished
11:13:51.0297 0116 ============================================================
11:13:51.0313 1056 Detected object count: 1
11:13:51.0313 1056 Actual detected object count: 1
11:14:05.0712 1056 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
11:14:05.0712 1056 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

Larusso 22.06.2012 10:22
Sieht auch OK aus.

Kannst du mir mal den Bericht mit den Funden deiner Anti Viren Software posten. :)

GeFox 22.06.2012 10:31
ÄÄÄHM .... muss ich dafür nen System Check durchführen? oder wie genau komm ich dran.^^

Ach und nochmal zu den Desktop.......hab nen Ordner drauf erstellt und da Dateien auf den Desktop geschoben und Plötzlich waren die Dateien da...irgendwas stimmt da nicht <<
und was ist mit dieser Akamai ( HiddenFile.Multi.Generic ) die er da anzeigt...kann ich ignorieren?

Auch hier nochmal Danke für deine Mühe und Hilfe

Larusso 22.06.2012 10:42
Die Sache ist die, die Malware arbeitet noch, nur versteckt sie sich und bevor ich da jetzt den Hammer raus hole, muss ich wissen wie wer was wo wann :)
Ja, die Hidden File kann man ignorieren.


Starte mal Avira, da sollte sich eine Registerkarte mit Logs befinden.

GeFox 22.06.2012 10:49
Tut mir wirklich leid aber ich verstehs nicht so ganz, wofür ich mich auch schon wieder hauen könnte ^^
Hab jetzt mal unter Verwaltung nachgeschaut aber irgendwelche logs kann ich da nicht finden. hätte den von gestern abend wohl speichern sollen <<

so nebenbei, als letztes update zeigt er mir den gestriegen tag an......<<

Larusso 22.06.2012 10:55
Kein Problem. Lets kick it

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


Note: Sollte Combofix nicht starten, starte den Rechner neu auf und starte Combofix erneut.



( Ich hatte Nachtschicht und muss jetzt mal schlafen. Meld mich am Abend wieder )

GeFox 22.06.2012 11:05
Ok schlaf gut ^^

ach und wenn ich f5 aktualisiere sind die fehlenden dateien da ... macht der nich mehr von selbst <<

werd das dann mal machen jetzt





So ich habs gemacht und da lief wohl irgendwas schief...........nach dem Neustart meinte der Rechner mich zu Warnen wegen combifix....bin aber auf ausführen gegangen und danach meinte combofix das ich wohl doch nicht alle Virenprogramme oder so geschlossen habe.....irgendwas mit antispy oder so ...... die sollte ich schließen bevor ich auf ok kilcke.......ich hab bevor ich combofix gestartet habe echtzeit scanner und browserschutz ausgeschaltet.
genügt das nicht?

auf jedenfall nach dem combofix die warnung rausgegeben hat, wusste ich aber nicht weiter....wie ich die schließe und so

konnte auch keine sache öffnen weil dann das mit diesen registerkarten kam. nach dem neustart ging soweit wieder alles, aber war keine datei von combofix da.

un dich kann bei antivir jetzt auch kein browser schutz mehr anschalten

bitte weiterhin um hilfe ^^

Mir ist jetzt auch aufgefallen das irgndwas mit der Firwall nicht stimmt........irgendwaa von wegen Firewalleinstellungen aktualisieren. Wenn ich auf Empfohlene Einstellungen klicke kommt folgende Meldung.

Einige der Einstellungen können von der Windows-Firewall nicht geändert werden. Fehlercode 0x80070424

Liegt das alles an Combofix? Muss ich mir sorgen machen? T.T

Larusso 23.06.2012 04:23
Alles der Reihe nach.

Lass bitte Combofix erneut laufen.

GeFox 23.06.2012 13:48
aber ich muss ja vorher alles an virenprogrammen schließen oder? unter taskmanagerauch? oder reicht es wie gesagt wenn ich den browserschutz und den internet scan deaktiviere? ... aber beim nestart ist es wieder aktiv soviel ich weiß

Larusso 23.06.2012 18:23
Deaktiviere einfach deine Schutzsoftware. Ignorier die Warnung von Combofix

GeFox 23.06.2012 20:54
Naja schön udn gut aber ich konnte zwar auf ok klicken aber der hat die dann wieder angezeigt...mir blieb halt nichts anderes übrig als dann nochmal neu zu starten.

was oder wei genau meinste mit deaktivieren der schutzsoftware.........hab mal versuch auf msconfig unter dienste und systemstart alles an antivira die haken rauszunehmen, aber wenn ich dann auf übernehmen klicke sind se wieder da <<

Larusso 24.06.2012 23:18
In der Taskleiste einen Rechtsklick auf Avira machen und bei "aktiviert" den Haken raus nehmen.

GeFox 25.06.2012 01:57
genau so hab ich das ja schon beim ersten mal gemacht. rechtsklick und dann browser schutz und echtzeit scanner deaktiviert und dann halt beim neustart diese warnung das halt noch 2 sachen laufen und auf ok zu klicken brachte nichts.........soll ich das wirklich nochmal genau so machen?

p.s. .... bin froh auf deine antwort ^^ ... hab ungeduldig gewartet :>

Larusso 25.06.2012 10:04
Sorry, Wochenende war stressiger als geplant.

Mach einfach mal :)

GeFox 25.06.2012 22:50
hmm...hat geklappt xD ...... und windows firewall scheint auch wieder aktiv zu sein wie es aussieht.......hier die logs

Combofix Logfile:
Code:
ComboFix 12-06-25.03 - Rena 25.06.2012  23:36:01.1.4 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.7423.5722 [GMT 2:00]
ausgeführt von:: c:\users\Rena\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\5AFEC5A08D.sys
c:\programdata\794E834BE8.sys
c:\windows\Installer\{35f92f7d-582a-ee8b-976b-730f9f4e24be}\@
c:\windows\Installer\{35f92f7d-582a-ee8b-976b-730f9f4e24be}\U\00000001.@
c:\windows\Installer\{35f92f7d-582a-ee8b-976b-730f9f4e24be}\U\80000000.@
c:\windows\Installer\{35f92f7d-582a-ee8b-976b-730f9f4e24be}\U\800000cb.@
c:\windows\SysWow64\tmpC175.tmp
c:\windows\SysWow64\tmpC195.tmp
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-25 bis 2012-06-25  ))))))))))))))))))))))))))))))
.
.
2012-06-25 21:39 . 2012-06-25 21:39        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-22 19:27 . 2012-05-04 11:00        366592        ----a-w-        c:\windows\system32\qdvd.dll
2012-06-22 19:27 . 2012-05-04 09:59        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll
2012-06-22 15:16 . 2012-06-22 15:16        --------        d-----w-        c:\users\Rena\AppData\Roaming\Avira
2012-06-22 15:13 . 2012-05-02 13:24        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-06-22 15:13 . 2012-04-27 08:20        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-06-22 15:13 . 2012-04-24 22:32        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-06-22 15:13 . 2012-06-22 15:13        --------        d-----w-        c:\program files (x86)\Avira
2012-06-21 23:08 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-21 23:08 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-21 23:08 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-21 23:08 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-21 23:08 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-21 23:08 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-21 23:08 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-21 23:08 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-21 23:08 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-21 23:07 . 2012-06-21 23:07        --------        d-----w-        c:\users\Rena\AppData\Roaming\Malwarebytes
2012-06-21 23:06 . 2012-06-21 23:06        --------        d-----w-        c:\programdata\Malwarebytes
2012-06-19 15:20 . 2012-06-19 15:20        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-19 15:20 . 2012-06-19 15:20        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-19 06:27 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5061DE1B-E3BA-4C48-A3FB-A530B784FFD2}\mpengine.dll
2012-06-17 21:39 . 2012-06-17 21:39        --------        d-----w-        c:\programdata\Intenium
2012-06-14 21:03 . 2012-06-25 21:40        --------        d-----w-        c:\users\Rena\AppData\Roaming\Nettalk
2012-06-14 21:03 . 2012-06-14 21:03        --------        d-----w-        c:\program files (x86)\Nettalk6
2012-06-12 09:06 . 2012-06-12 09:06        --------        d-----w-        c:\users\Rena\AppData\Local\Macromedia
2012-06-07 09:40 . 2012-06-07 09:40        40960        ----a-r-        c:\users\Rena\AppData\Roaming\Microsoft\Installer\{2510CF9A-3D92-4D1E-9124-080F53F4E293}\NewShortcut1_2510CF9A3D924D1E9124080F53F4E293.exe
2012-06-07 09:40 . 2012-06-07 09:40        40960        ----a-r-        c:\users\Rena\AppData\Roaming\Microsoft\Installer\{2510CF9A-3D92-4D1E-9124-080F53F4E293}\ARPPRODUCTICON.exe
2012-06-07 09:40 . 2012-06-07 09:40        --------        d-----w-        C:\illusion
2012-05-29 21:53 . 2011-02-19 12:05        1139200        ----a-w-        c:\windows\system32\FntCache.dll
2012-05-29 21:53 . 2011-02-19 12:04        902656        ----a-w-        c:\windows\system32\d2d1.dll
2012-05-29 21:53 . 2011-02-19 06:30        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 23:48 . 2012-04-03 07:08        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 23:48 . 2011-09-09 16:05        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-06 05:22 . 2012-04-06 05:22        11174400        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22        159744        ----a-w-        c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21        909312        ----a-w-        c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2011-12-06 03:16        1067520        ----a-w-        c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16        442368        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16        503808        ----a-w-        c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16        236544        ----a-w-        c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14        120320        ----a-w-        c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14        21504        ----a-w-        c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14        59392        ----a-w-        c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13        6800896        ----a-w-        c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10        26181632        ----a-w-        c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-12-06 02:18        64000        ----a-w-        c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2009-08-18 00:26        7479296        ----a-w-        c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50        19753984        ----a-w-        c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35        1120768        ----a-w-        c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34        1831424        ----a-w-        c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34        4731904        ----a-w-        c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34        6203392        ----a-w-        c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30        51200        ----a-w-        c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30        44544        ----a-w-        c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29        16090624        ----a-w-        c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25        13764096        ----a-w-        c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23        7431680        ----a-w-        c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22        4795904        ----a-w-        c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11        514560        ----a-w-        c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        360448        ----a-w-        c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11        17408        ----a-w-        c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        14848        ----a-w-        c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        14848        ----a-w-        c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        41984        ----a-w-        c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10        33280        ----a-w-        c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10        343040        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-12-06 02:11        54784        ----a-w-        c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09        41984        ----a-w-        c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09        44544        ----a-w-        c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09        32256        ----a-w-        c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06        54784        ----a-w-        c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06        54784        ----a-w-        c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06        53760        ----a-w-        c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06        53760        ----a-w-        c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34        187392        ----a-w-        c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34        74752        ----a-w-        c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34        64512        ----a-w-        c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33        63488        ----a-w-        c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33        56320        ----a-w-        c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33        16457216        ----a-w-        c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32        13007872        ----a-w-        c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32        54784        ----a-w-        c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32        50176        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2012-04-01 10:21 . 2012-04-01 10:21        525544        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-30 11:35 . 2012-05-09 05:23        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-04 19:20        1514152        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FE163F11-1919-4257-A280-FF5AF8DAEECB}]
2011-08-24 13:26        50240        ----a-w-        c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-09-08 888488]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Nettalk.lnk - c:\program files (x86)\Nettalk6\Nettalk.exe [2012-6-14 2080768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 X6va005;X6va005;c:\users\Rena\AppData\Local\Temp\00572D5.tmp [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 23:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.linkury.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Rena\AppData\Local\Temp\00572D5.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-25  23:44:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-25 21:44
.
Vor Suchlauf: 10 Verzeichnis(se), 18.201.190.400 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 20.155.420.672 Bytes frei
.
- - End Of File - - E7B4914D0529D2E22D848DAED8E09A48
--- --- ---

Larusso 26.06.2012 06:39
Deinstalliere bitte
Ask Toolbar


Hast du diesen Proxy erstellt ?
Zitat:
uInternet Settings,ProxyOverride = 127.0.0.1:9421
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

GeFox 26.06.2012 09:07
öööh, nicht das ich wüsste

ach und unter programme und funktionen find ich nichts unter ask toolbar......find ich das woanders drunter?


sooo, noch ein nachtrag ^^
hab mich im internet schlau gemacht und da es ein add on is hab ich es über firefox entfernt, allerdings kommt danach noch folgendes ...

Nun sollte die Toolbar zwar verschwunden sein, jedoch ist bei der Firefox-Suche noch die Ask-Suche hinterlegt. Dies kann wie folgt geändert werden:
–> im Firefox Browser die Adresse: „about:config“ eingeben
–> Sicherheitsabfrage bestätigen
–> unter “keyword.URL” folgenden Eintrag setzen:
hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

–> evt. weitere Parameter auf ASK durchsuchen


bevor ich da scheiße bau wollt ich fragen ob ich das so machen soll oder was auch immer xD

noch ein nachtrag <<

unter C:\Program Files (x86) is nen ordner namens Ask.com......wie geh ich vor? T.T

Larusso 26.06.2012 15:11
Schaun ma mal ob wir mit dem Tools das weg bekommen


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

GeFox 26.06.2012 17:34
# AdwCleaner v1.700 - Logfile created 06/26/2012 at 18:32:27
# Updated 26/06/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Rena - RENA-PC
# Running from : C:\Users\Rena\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Rena\AppData\Local\AskToolbar
Folder Found : C:\Users\Rena\AppData\Local\Conduit
Folder Found : C:\Users\Rena\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Rena\AppData\LocalLow\Conduit
Folder Found : C:\Users\Rena\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\ConduitCommon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Found : C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\Linkury Smartbar Search.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Found : HKCU\Software\Ask.com
[x64] Key Found : HKCU\Software\AskToolbar
[x64] Key Found : HKCU\Software\APN
[x64] Key Found : HKCU\Software\Softonic
[x64] Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
[x64] Key Found : HKLM\SOFTWARE\Software
[x64] Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
[x64] Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
[x64] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.linkury.com
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\prefs.js

Found : user_pref("CT2849855..clientLogIsEnabled", true);
Found : user_pref("CT2849855..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2849855..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2849855.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2849855.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2849855.BrowserCompStateIsOpen_129640009348738015", true);
Found : user_pref("CT2849855.CT2849855", "CT2849855");
Found : user_pref("CT2849855.CurrentServerDate", "26-6-2012");
Found : user_pref("CT2849855.DialogsAlignMode", "LTR");
Found : user_pref("CT2849855.DialogsGetterLastCheckTime", "Sun Jun 24 2012 16:21:19 GMT+0200");
Found : user_pref("CT2849855.DownloadReferralCookieData", "");
Found : user_pref("CT2849855.EMailNotifierPollDate", "Sat Sep 10 2011 18:15:33 GMT+0200");
Found : user_pref("CT2849855.FeedLastCount129349796701375473", 138);
Found : user_pref("CT2849855.FeedPollDate129313974171006416", "Sat Sep 10 2011 18:15:34 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313975698350231", "Sat Sep 10 2011 18:15:34 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313976370850190", "Sat Sep 10 2011 18:15:34 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313976648818968", "Sat Sep 10 2011 18:15:34 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313977444757117", "Sat Sep 10 2011 18:15:34 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313980389131455", "Sat Sep 10 2011 18:15:34 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313980655381977", "Sat Sep 10 2011 18:15:34 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313980886163259", "Sat Sep 10 2011 18:15:34 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313981234756535", "Sat Sep 10 2011 18:15:34 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313983226631720", "Sat Sep 10 2011 18:15:35 GMT+0200");
Found : user_pref("CT2849855.FeedPollDate129313983607725691", "Sat Sep 10 2011 18:15:35 GMT+0200");
Found : user_pref("CT2849855.FeedTTL129313974171006416", 10);
Found : user_pref("CT2849855.FeedTTL129313977444757117", 15);
Found : user_pref("CT2849855.FeedTTL129313980655381977", 5);
Found : user_pref("CT2849855.FeedTTL129313981234756535", 5);
Found : user_pref("CT2849855.FirstServerDate", "10-9-2011");
Found : user_pref("CT2849855.FirstTime", true);
Found : user_pref("CT2849855.FirstTimeFF3", true);
Found : user_pref("CT2849855.FixPageNotFoundErrors", false);
Found : user_pref("CT2849855.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2849855.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2849855.HasUserGlobalKeys", true);
Found : user_pref("CT2849855.HomePageProtectorEnabled", false);
Found : user_pref("CT2849855.Initialize", true);
Found : user_pref("CT2849855.InitializeCommonPrefs", true);
Found : user_pref("CT2849855.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2849855.InstallationType", "Unknown");
Found : user_pref("CT2849855.InstalledDate", "Sat Sep 10 2011 18:15:49 GMT+0200");
Found : user_pref("CT2849855.IsGrouping", false);
Found : user_pref("CT2849855.IsInitSetupIni", true);
Found : user_pref("CT2849855.IsMulticommunity", false);
Found : user_pref("CT2849855.IsOpenThankYouPage", true);
Found : user_pref("CT2849855.IsOpenUninstallPage", true);
Found : user_pref("CT2849855.IsProtectorsInit", true);
Found : user_pref("CT2849855.LanguagePackLastCheckTime", "Mon Jun 25 2012 22:59:03 GMT+0200");
Found : user_pref("CT2849855.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2849855.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2849855.LastLogin_3.12.0.7", "Wed Apr 25 2012 20:11:04 GMT+0200");
Found : user_pref("CT2849855.LastLogin_3.12.2.3", "Wed May 30 2012 18:59:56 GMT+0200");
Found : user_pref("CT2849855.LastLogin_3.13.0.6", "Tue Jun 26 2012 18:29:47 GMT+0200");
Found : user_pref("CT2849855.LastLogin_3.6.0.10", "Sat Sep 10 2011 18:15:33 GMT+0200");
Found : user_pref("CT2849855.LatestVersion", "3.13.0.6");
Found : user_pref("CT2849855.Locale", "de");
Found : user_pref("CT2849855.MCDetectTooltipHeight", "83");
Found : user_pref("CT2849855.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2849855.MCDetectTooltipWidth", "295");
Found : user_pref("CT2849855.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2849855.OriginalFirstVersion", "3.6.0.10");
Found : user_pref("CT2849855.SearchEngineBeforeUnload", "ICQ Search");
Found : user_pref("CT2849855.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2849855.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]
Found : user_pref("CT2849855.SearchInNewTabEnabled", true);
Found : user_pref("CT2849855.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2849855.SearchInNewTabLastCheckTime", "Mon Jun 25 2012 22:59:02 GMT+0200");
Found : user_pref("CT2849855.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2849855.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2849855.SearchProtectorEnabled", false);
Found : user_pref("CT2849855.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2849855.ServiceMapLastCheckTime", "Mon Jun 25 2012 22:59:03 GMT+0200");
Found : user_pref("CT2849855.SettingsLastCheckTime", "Tue Jun 26 2012 18:29:47 GMT+0200");
Found : user_pref("CT2849855.SettingsLastUpdate", "1337169810");
Found : user_pref("CT2849855.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2849855.ThirdPartyComponentsLastCheck", "Sat Sep 10 2011 18:15:32 GMT+0200");
Found : user_pref("CT2849855.ThirdPartyComponentsLastUpdate", "1255344657");
Found : user_pref("CT2849855.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2849855.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849855");
Found : user_pref("CT2849855.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2849855.UserID", "UN30570685190913038");
Found : user_pref("CT2849855.WeatherNetwork", "");
Found : user_pref("CT2849855.WeatherPollDate", "Sat Sep 10 2011 18:15:36 GMT+0200");
Found : user_pref("CT2849855.WeatherUnit", "C");
Found : user_pref("CT2849855.alertChannelId", "1241896");
Found : user_pref("CT2849855.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2849855.globalFirstTimeInfoLastCheckTime", "Sat Sep 10 2011 18:15:34 GMT+0200");
Found : user_pref("CT2849855.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2849855.initDone", true);
Found : user_pref("CT2849855.isAppTrackingManagerOn", true);
Found : user_pref("CT2849855.myStuffEnabled", true);
Found : user_pref("CT2849855.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2849855.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2849855.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2849855.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2849855.revertSettingsEnabled", true);
Found : user_pref("CT2849855.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2849855.searchProtectorEnableByLogin", true);
Found : user_pref("CT2849855.testingCtid", "");
Found : user_pref("CT2849855.toolbarAppMetaDataLastCheckTime", "Mon Jun 25 2012 22:59:03 GMT+0200");
Found : user_pref("CT2849855.toolbarContextMenuLastCheckTime", "Sat Sep 10 2011 18:15:35 GMT+0200");
Found : user_pref("CT2849855.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2849855/CT2849855[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1241896/1237569/DE", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849855", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849855",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2849855&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"b57[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Rena\\AppData\\Roaming\\Mozilla\\Fi[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2849855");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2849855");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2849855");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Sep 10 2011 18:15:35 GMT+0200");
Found : user_pref("CommunityToolbar.globalUserId", "a80989e9-c35b-4332-a0f2-96c646621b73");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Sep 10 2011 18:15:3[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Sep 10 2011 18:15:44 GMT+020[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Sep 10 2011 18:15:33 GMT+0200");
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "575c7bea-6ef6-4d2e-b07b-6d40d0dc0677");
Found : user_pref("extensions.asktb.AviraIDW-TS", "1319801289480");
Found : user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xm[...]
Found : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Found : user_pref("extensions.asktb.cbid", "JM");
Found : user_pref("extensions.asktb.config-updated", true);
Found : user_pref("extensions.asktb.crumb", "2011.09.10+06.38.07-toolbar009iad-DE-QmVybGluLEdlcm1hbnk%3D");
Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Found : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Found : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Found : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0007");
Found : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Found : user_pref("extensions.asktb.fresh-install", false);
Found : user_pref("extensions.asktb.guid", "ed90ad1f-6e80-4149-89f6-c11c7dc72561");
Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Found : user_pref("extensions.asktb.if", "first");
Found : user_pref("extensions.asktb.l", "dis");
Found : user_pref("extensions.asktb.last-config-req", "1340660909027");
Found : user_pref("extensions.asktb.last-v", "3.14.0.100010");
Found : user_pref("extensions.asktb.locale", "de_DE");
Found : user_pref("extensions.asktb.location", "Berlin,Germany");
Found : user_pref("extensions.asktb.notification-shown", true);
Found : user_pref("extensions.asktb.o", "100000080");
Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Found : user_pref("extensions.asktb.qsrc", "2871");
Found : user_pref("extensions.asktb.r", "3");
Found : user_pref("extensions.asktb.sa", "NO");
Found : user_pref("extensions.asktb.search-suggestions-enabled", true);
Found : user_pref("extensions.asktb.silent-upgrade", true);
Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Found : user_pref("extensions.asktb.themeid", "");
Found : user_pref("extensions.asktb.to", "");
Found : user_pref("extensions.asktb.v", "3.14.0.100013");
Found : user_pref("icqtoolbar.history", "Adult%E2%80%B2s%20Toy||35%24%20pc||Croixleur||Shion||Allkore%20-%20[...]

*************************

AdwCleaner[R1].txt - [21361 octets] - [26/06/2012 18:32:27]

########## EOF - C:\AdwCleaner[R1].txt - [21490 octets] ##########

Larusso 26.06.2012 17:46
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

GeFox 26.06.2012 18:14
SOO, zu aller erst einmal.....nach dem neustart wegen diesem adwcleaner meine antivir irgendwas wegen nem fehlenden tool oder so und deswegen ist der browserschutz jetzt deaktiviert.



# AdwCleaner v1.700 - Logfile created 06/26/2012 at 19:00:05
# Updated 26/06/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Rena - RENA-PC
# Running from : C:\Users\Rena\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Rena\AppData\Local\AskToolbar
Folder Deleted : C:\Users\Rena\AppData\Local\Conduit
Folder Deleted : C:\Users\Rena\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Rena\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Rena\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\ConduitCommon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\Linkury Smartbar Search.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Deleted : HKLM\SOFTWARE\Software
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.linkury.com --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\prefs.js

C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\user.js ... Deleted !

Deleted : user_pref("CT2849855..clientLogIsEnabled", true);
Deleted : user_pref("CT2849855..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2849855..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2849855.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2849855.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2849855.BrowserCompStateIsOpen_129640009348738015", true);
Deleted : user_pref("CT2849855.CT2849855", "CT2849855");
Deleted : user_pref("CT2849855.CurrentServerDate", "26-6-2012");
Deleted : user_pref("CT2849855.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2849855.DialogsGetterLastCheckTime", "Sun Jun 24 2012 16:21:19 GMT+0200");
Deleted : user_pref("CT2849855.DownloadReferralCookieData", "");
Deleted : user_pref("CT2849855.EMailNotifierPollDate", "Sat Sep 10 2011 18:15:33 GMT+0200");
Deleted : user_pref("CT2849855.FeedLastCount129349796701375473", 138);
Deleted : user_pref("CT2849855.FeedPollDate129313974171006416", "Sat Sep 10 2011 18:15:34 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313975698350231", "Sat Sep 10 2011 18:15:34 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313976370850190", "Sat Sep 10 2011 18:15:34 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313976648818968", "Sat Sep 10 2011 18:15:34 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313977444757117", "Sat Sep 10 2011 18:15:34 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313980389131455", "Sat Sep 10 2011 18:15:34 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313980655381977", "Sat Sep 10 2011 18:15:34 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313980886163259", "Sat Sep 10 2011 18:15:34 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313981234756535", "Sat Sep 10 2011 18:15:34 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313983226631720", "Sat Sep 10 2011 18:15:35 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313983607725691", "Sat Sep 10 2011 18:15:35 GMT+0200");
Deleted : user_pref("CT2849855.FeedTTL129313974171006416", 10);
Deleted : user_pref("CT2849855.FeedTTL129313977444757117", 15);
Deleted : user_pref("CT2849855.FeedTTL129313980655381977", 5);
Deleted : user_pref("CT2849855.FeedTTL129313981234756535", 5);
Deleted : user_pref("CT2849855.FirstServerDate", "10-9-2011");
Deleted : user_pref("CT2849855.FirstTime", true);
Deleted : user_pref("CT2849855.FirstTimeFF3", true);
Deleted : user_pref("CT2849855.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2849855.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2849855.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2849855.HasUserGlobalKeys", true);
Deleted : user_pref("CT2849855.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2849855.Initialize", true);
Deleted : user_pref("CT2849855.InitializeCommonPrefs", true);
Deleted : user_pref("CT2849855.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2849855.InstallationType", "Unknown");
Deleted : user_pref("CT2849855.InstalledDate", "Sat Sep 10 2011 18:15:49 GMT+0200");
Deleted : user_pref("CT2849855.IsGrouping", false);
Deleted : user_pref("CT2849855.IsInitSetupIni", true);
Deleted : user_pref("CT2849855.IsMulticommunity", false);
Deleted : user_pref("CT2849855.IsOpenThankYouPage", true);
Deleted : user_pref("CT2849855.IsOpenUninstallPage", true);
Deleted : user_pref("CT2849855.IsProtectorsInit", true);
Deleted : user_pref("CT2849855.LanguagePackLastCheckTime", "Mon Jun 25 2012 22:59:03 GMT+0200");
Deleted : user_pref("CT2849855.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2849855.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2849855.LastLogin_3.12.0.7", "Wed Apr 25 2012 20:11:04 GMT+0200");
Deleted : user_pref("CT2849855.LastLogin_3.12.2.3", "Wed May 30 2012 18:59:56 GMT+0200");
Deleted : user_pref("CT2849855.LastLogin_3.13.0.6", "Tue Jun 26 2012 18:29:47 GMT+0200");
Deleted : user_pref("CT2849855.LastLogin_3.6.0.10", "Sat Sep 10 2011 18:15:33 GMT+0200");
Deleted : user_pref("CT2849855.LatestVersion", "3.13.0.6");
Deleted : user_pref("CT2849855.Locale", "de");
Deleted : user_pref("CT2849855.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2849855.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2849855.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2849855.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2849855.OriginalFirstVersion", "3.6.0.10");
Deleted : user_pref("CT2849855.SearchEngineBeforeUnload", "ICQ Search");
Deleted : user_pref("CT2849855.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2849855.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]
Deleted : user_pref("CT2849855.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2849855.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2849855.SearchInNewTabLastCheckTime", "Mon Jun 25 2012 22:59:02 GMT+0200");
Deleted : user_pref("CT2849855.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2849855.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2849855.SearchProtectorEnabled", false);
Deleted : user_pref("CT2849855.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2849855.ServiceMapLastCheckTime", "Mon Jun 25 2012 22:59:03 GMT+0200");
Deleted : user_pref("CT2849855.SettingsLastCheckTime", "Tue Jun 26 2012 18:29:47 GMT+0200");
Deleted : user_pref("CT2849855.SettingsLastUpdate", "1337169810");
Deleted : user_pref("CT2849855.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2849855.ThirdPartyComponentsLastCheck", "Sat Sep 10 2011 18:15:32 GMT+0200");
Deleted : user_pref("CT2849855.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2849855.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2849855.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849855");
Deleted : user_pref("CT2849855.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2849855.UserID", "UN30570685190913038");
Deleted : user_pref("CT2849855.WeatherNetwork", "");
Deleted : user_pref("CT2849855.WeatherPollDate", "Sat Sep 10 2011 18:15:36 GMT+0200");
Deleted : user_pref("CT2849855.WeatherUnit", "C");
Deleted : user_pref("CT2849855.alertChannelId", "1241896");
Deleted : user_pref("CT2849855.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2849855.globalFirstTimeInfoLastCheckTime", "Sat Sep 10 2011 18:15:34 GMT+0200");
Deleted : user_pref("CT2849855.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2849855.initDone", true);
Deleted : user_pref("CT2849855.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2849855.myStuffEnabled", true);
Deleted : user_pref("CT2849855.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2849855.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2849855.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2849855.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2849855.revertSettingsEnabled", true);
Deleted : user_pref("CT2849855.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2849855.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2849855.testingCtid", "");
Deleted : user_pref("CT2849855.toolbarAppMetaDataLastCheckTime", "Mon Jun 25 2012 22:59:03 GMT+0200");
Deleted : user_pref("CT2849855.toolbarContextMenuLastCheckTime", "Sat Sep 10 2011 18:15:35 GMT+0200");
Deleted : user_pref("CT2849855.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2849855/CT2849855[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1241896/1237569/DE", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849855", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849855",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2849855&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"b57[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Rena\\AppData\\Roaming\\Mozilla\\Fi[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2849855");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2849855");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2849855");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Sep 10 2011 18:15:35 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "a80989e9-c35b-4332-a0f2-96c646621b73");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Sep 10 2011 18:15:3[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Sep 10 2011 18:15:44 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Sep 10 2011 18:15:33 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "575c7bea-6ef6-4d2e-b07b-6d40d0dc0677");
Deleted : user_pref("extensions.asktb.AviraIDW-TS", "1319801289480");
Deleted : user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xm[...]
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Deleted : user_pref("extensions.asktb.cbid", "JM");
Deleted : user_pref("extensions.asktb.config-updated", true);
Deleted : user_pref("extensions.asktb.crumb", "2011.09.10+06.38.07-toolbar009iad-DE-QmVybGluLEdlcm1hbnk%3D");
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0007");
Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "ed90ad1f-6e80-4149-89f6-c11c7dc72561");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1340660909027");
Deleted : user_pref("extensions.asktb.last-v", "3.14.0.100010");
Deleted : user_pref("extensions.asktb.locale", "de_DE");
Deleted : user_pref("extensions.asktb.location", "Berlin,Germany");
Deleted : user_pref("extensions.asktb.notification-shown", true);
Deleted : user_pref("extensions.asktb.o", "100000080");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "3");
Deleted : user_pref("extensions.asktb.sa", "NO");
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.asktb.v", "3.14.0.100013");
Deleted : user_pref("icqtoolbar.history", "Adult%E2%80%B2s%20Toy||35%24%20pc||Croixleur||Shion||Allkore%20-%20[...]

*************************

AdwCleaner[R1].txt - [21438 octets] - [26/06/2012 18:32:27]
AdwCleaner[S1].txt - [20356 octets] - [26/06/2012 19:00:05]

########## EOF - C:\AdwCleaner[S1].txt - [20485 octets] ##########




OTLOTL Logfile:
Code:
OTL logfile created on: 26.06.2012 19:02:14 - Run 1
OTL by OldTimer - Version 3.2.53.0    Folder = C:\Users\Rena\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,25 Gb Total Physical Memory | 5,85 Gb Available Physical Memory | 80,63% Memory free
14,50 Gb Paging File | 12,89 Gb Available in Paging File | 88,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 64,16 Gb Total Space | 18,09 Gb Free Space | 28,19% Space Free | Partition Type: NTFS
Drive D: | 401,50 Gb Total Space | 19,10 Gb Free Space | 4,76% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 60,69 Gb Free Space | 3,26% Space Free | Partition Type: NTFS
 
Computer Name: RENA-PC | User Name: Rena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.26 18:59:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Rena\Desktop\OTL.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.03.11 15:02:16 | 002,080,768 | ---- | M] (Nicolas Kruse) -- C:\Program Files (x86)\Nettalk6\Nettalk.exe
PRC - [2012.02.28 17:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.24 01:48:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.19 17:20:40 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.30 01:19:38 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.02.28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.08 12:52:45 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.09.08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.11.29 14:02:06 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.09.08 17:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011.09.08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 35 D1 BE 06 6F CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 17:20:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 17:20:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.09.09 17:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rena\AppData\Roaming\mozilla\Extensions
[2012.06.26 10:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rena\AppData\Roaming\mozilla\Firefox\Profiles\cjpurgzz.default\extensions
[2012.05.30 19:37:51 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\Rena\AppData\Roaming\mozilla\Firefox\Profiles\cjpurgzz.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2012.06.20 09:01:56 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-1.xml
[2012.02.03 12:00:59 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-10.xml
[2012.02.12 11:27:13 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-11.xml
[2012.02.17 14:25:07 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-12.xml
[2012.03.18 14:22:40 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-13.xml
[2012.03.28 18:50:38 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-14.xml
[2011.09.28 21:24:36 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-2.xml
[2011.10.01 22:47:25 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-3.xml
[2011.11.06 20:06:32 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-4.xml
[2011.11.11 16:53:52 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-5.xml
[2011.11.29 14:03:31 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-6.xml
[2011.12.21 12:20:26 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-7.xml
[2012.01.05 15:46:47 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-8.xml
[2012.01.10 00:50:37 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-9.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin.xml
[2012.03.17 18:33:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.05 23:26:45 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\RENA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJPURGZZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.19 17:20:40 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.19 17:20:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.19 17:20:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.19 17:20:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.19 17:20:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 17:20:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 17:20:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.25 23:40:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nettalk.lnk = C:\Program Files (x86)\Nettalk6\Nettalk.exe (Nicolas Kruse)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AA9396E-72DE-436E-9E3A-064C7F1BEC93}: DhcpNameServer = 83.169.186.161 83.169.186.225
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.26 18:59:19 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Rena\Desktop\OTL.exe
[2012.06.25 23:44:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.06.25 23:41:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.06.25 23:34:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.06.25 23:34:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.06.25 23:34:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.06.22 17:16:00 | 000,000,000 | ---D | C] -- C:\Users\Rena\AppData\Roaming\Avira
[2012.06.22 17:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.22 17:13:37 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.06.22 17:13:37 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.06.22 17:13:37 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.06.22 17:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.06.22 12:11:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.06.22 12:11:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.06.22 12:09:27 | 004,568,224 | R--- | C] (Swearware) -- C:\Users\Rena\Desktop\ComboFix.exe
[2012.06.22 11:13:03 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rena\Desktop\tdsskiller.exe
[2012.06.22 09:08:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rena\Desktop\dds.com
[2012.06.22 01:07:04 | 000,000,000 | ---D | C] -- C:\Users\Rena\AppData\Roaming\Malwarebytes
[2012.06.22 01:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.17 23:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Intenium
[2012.06.17 23:39:23 | 000,000,000 | ---D | C] -- C:\Users\Rena\Desktop\Pflanzen gegen Zombies German
[2012.06.14 23:03:35 | 000,000,000 | ---D | C] -- C:\Users\Rena\AppData\Roaming\Nettalk
[2012.06.14 23:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nettalk6
[2012.06.12 11:06:52 | 000,000,000 | ---D | C] -- C:\Users\Rena\AppData\Local\Macromedia
[2012.06.07 11:47:41 | 030,829,617 | ---- | C] (Inquisitor                                                  ) -- C:\Users\Rena\Desktop\@Home Mate HF Patch.exe
[2012.06.07 11:40:10 | 000,000,000 | ---D | C] -- C:\illusion
[2012.06.01 17:44:05 | 000,000,000 | ---D | C] -- C:\Users\Rena\Desktop\Dolphin
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Rena\*.tmp files -> C:\Users\Rena\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.26 19:06:10 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.26 19:06:10 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.26 19:05:38 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.26 19:05:38 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.26 19:05:38 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.26 19:05:38 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.26 19:05:38 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.26 19:01:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.26 19:01:00 | 1542,754,303 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.26 18:59:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Rena\Desktop\OTL.exe
[2012.06.26 18:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.26 18:32:09 | 000,609,201 | ---- | M] () -- C:\Users\Rena\Desktop\adwcleaner.exe
[2012.06.25 23:40:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.06.25 23:34:29 | 004,568,224 | R--- | M] (Swearware) -- C:\Users\Rena\Desktop\ComboFix.exe
[2012.06.24 04:06:00 | 000,000,069 | ---- | M] () -- C:\Users\Rena\Desktop\listen45.pls
[2012.06.22 21:19:34 | 000,006,396 | ---- | M] () -- C:\Users\Rena\Desktop\0677.mpssvc.reg
[2012.06.22 21:19:29 | 000,229,548 | ---- | M] () -- C:\Users\Rena\Desktop\1055.BFE.reg
[2012.06.22 17:13:48 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.22 17:13:05 | 099,308,192 | ---- | M] () -- C:\Users\Rena\Desktop\avira_free_antivirus_de.exe
[2012.06.22 11:13:04 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rena\Desktop\tdsskiller.exe
[2012.06.22 09:08:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rena\Desktop\dds.com
[2012.06.17 20:21:32 | 000,001,485 | ---- | M] () -- C:\Users\Rena\.recently-used.xbel
[2012.06.14 23:03:16 | 000,000,972 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nettalk.lnk
[2012.06.14 23:03:16 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Nettalk.lnk
[2012.06.14 08:56:37 | 000,297,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.12 13:37:15 | 000,068,356 | ---- | M] () -- C:\Users\Rena\Desktop\Purityyy - The Quick Brown Fox - The Big Black [WHO'S AFRAID OF THE BIG BLACK] (2012-05-12) Osu.osr
[2012.06.07 11:52:19 | 000,000,910 | ---- | M] () -- C:\Users\Rena\Desktop\@Home Mate.lnk
[2012.06.07 11:48:15 | 030,829,617 | ---- | M] (Inquisitor                                                  ) -- C:\Users\Rena\Desktop\@Home Mate HF Patch.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Rena\*.tmp files -> C:\Users\Rena\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.26 18:32:08 | 000,609,201 | ---- | C] () -- C:\Users\Rena\Desktop\adwcleaner.exe
[2012.06.25 23:34:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.06.25 23:34:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.06.25 23:34:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.06.25 23:34:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.06.25 23:34:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.06.24 04:05:59 | 000,000,069 | ---- | C] () -- C:\Users\Rena\Desktop\listen45.pls
[2012.06.22 21:19:33 | 000,006,396 | ---- | C] () -- C:\Users\Rena\Desktop\0677.mpssvc.reg
[2012.06.22 21:19:24 | 000,229,548 | ---- | C] () -- C:\Users\Rena\Desktop\1055.BFE.reg
[2012.06.22 17:13:48 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.22 17:08:05 | 099,308,192 | ---- | C] () -- C:\Users\Rena\Desktop\avira_free_antivirus_de.exe
[2012.06.17 23:59:48 | 003,362,816 | ---- | C] () -- C:\Users\Rena\Documents\PflanzenGegenZombies_og.exe.bak
[2012.06.17 20:21:32 | 000,001,485 | ---- | C] () -- C:\Users\Rena\.recently-used.xbel
[2012.06.14 23:03:16 | 000,000,972 | ---- | C] () -- C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nettalk.lnk
[2012.06.14 23:03:16 | 000,000,948 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nettalk.lnk
[2012.06.14 23:03:16 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Nettalk.lnk
[2012.06.12 13:37:14 | 000,068,356 | ---- | C] () -- C:\Users\Rena\Desktop\Purityyy - The Quick Brown Fox - The Big Black [WHO'S AFRAID OF THE BIG BLACK] (2012-05-12) Osu.osr
[2012.06.07 11:52:19 | 000,000,910 | ---- | C] () -- C:\Users\Rena\Desktop\@Home Mate.lnk
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.18 21:55:28 | 000,001,786 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.01.18 21:40:43 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe
[2012.01.18 21:40:09 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll
[2012.01.18 21:40:09 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2012.01.11 13:49:21 | 000,002,048 | -HS- | C] () -- C:\Users\Rena\AppData\Local\{35f92f7d-582a-ee8b-976b-730f9f4e24be}\@
[2011.11.16 01:11:22 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.11.07 00:06:24 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.09 17:42:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.09 17:39:28 | 000,000,017 | ---- | C] () -- C:\Users\Rena\AppData\Local\resmon.resmoncfg
 
========== LOP Check ==========
 
[2012.05.22 15:30:34 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\.minecraft
[2012.03.12 22:21:22 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\BadApple!!
[2012.05.10 16:32:52 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Beat Hazard
[2012.06.13 00:44:07 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\BitTorrent
[2012.02.23 12:43:26 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\DAEMON Tools Lite
[2011.09.26 20:19:00 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\DAEMON Tools Pro
[2012.04.21 23:30:20 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\FileZilla
[2012.06.26 18:57:23 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\ICQ
[2011.09.14 20:40:45 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Image-Line
[2012.05.16 20:24:19 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\IrfanView
[2012.03.11 11:29:12 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\mkvtoolnix
[2011.10.31 13:19:20 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Need for Speed World
[2012.06.26 18:59:50 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Nettalk
[2012.03.20 12:57:29 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\RenPy
[2012.01.24 00:34:54 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\ScummVM
[2011.11.18 22:29:04 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\TeamViewer
[2012.04.23 19:27:40 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\TS3Client
[2012.04.09 00:04:35 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\XMedia Recode
[2012.06.11 11:00:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


ExtrasOTL Logfile:
Code:
OTL Extras logfile created on: 26.06.2012 19:02:14 - Run 1
OTL by OldTimer - Version 3.2.53.0    Folder = C:\Users\Rena\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,25 Gb Total Physical Memory | 5,85 Gb Available Physical Memory | 80,63% Memory free
14,50 Gb Paging File | 12,89 Gb Available in Paging File | 88,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 64,16 Gb Total Space | 18,09 Gb Free Space | 28,19% Space Free | Partition Type: NTFS
Drive D: | 401,50 Gb Total Space | 19,10 Gb Free Space | 4,76% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 60,69 Gb Free Space | 3,26% Space Free | Partition Type: NTFS
 
Computer Name: RENA-PC | User Name: Rena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2B8F74F1-48DE-4D1E-80B1-4700C9AF4CC7}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D1484E02-6D76-4A68-B8F0-023B6893FF67}" = protocol=58 | dir=in | app=system |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{C9CFAD8F-5388-4414-87C4-18908735E565}C:\program files (x86)\icq7.6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"UDP Query User{BC270A5B-4831-4433-A566-030746CE8A66}C:\program files (x86)\icq7.6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Pen Tablet Driver" = Bamboo
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2510CF9A-3D92-4D1E-9124-080F53F4E293}" = ILLUSION @ふぉーむメイト
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{BA45D6C9-AC93-288B-DC4C-D65A01A2ED02}" = Application Profiles
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FE163F11-1919-4257-A280-FF5AF8DAEECB}" = ICQ Sparberater
"7-Zip" = 7-Zip 9.20
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira Free Antivirus
"Beat Hazard v1.5" = Beat Hazard v1.5
"BitTorrent" = BitTorrent
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"DAEMON Tools Lite" = DAEMON Tools Lite
"FileZilla Client" = FileZilla Client 3.5.3
"FL Studio 10" = FL Studio 10
"HaaliMkx" = Haali Media Splitter
"IL Download Manager" = IL Download Manager
"IrfanView" = IrfanView (remove only)
"Katawa Shoujo Act 1" = Katawa Shoujo Act 1
"LogMeIn Hamachi" = LogMeIn Hamachi
"MKVToolNix" = MKVToolNix 5.4.0
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nettalk_is1" = Nettalk 6.7
"OpenAL" = OpenAL
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"SMPlayer" = SMPlayer 0.6.9
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VLC media player 2.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 3.0.9.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.06.2012 08:00:19 | Computer Name = Rena-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000ccb60  ID des fehlerhaften Prozesses: 0xa2c  Startzeit der fehlerhaften Anwendung:
 0x01cd4e12cb0bf5a2  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 56743c10-ba06-11e1-bd86-90e6ba80e627
 
Error - 20.06.2012 03:36:38 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 20.06.2012 19:50:51 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 21.06.2012 19:18:11 | Computer Name = Rena-PC | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.60.0.80 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: dd0    Startzeit:
01cd5002929282cc    Endzeit: 15    Anwendungspfad: C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbam.exe    Berichts-ID: 5b8a8f5e-bbf7-11e1-a7d0-90e6ba80e627 
 
Error - 22.06.2012 03:57:42 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 22.06.2012 10:40:15 | Computer Name = Rena-PC | Source = Application Hang | ID = 1002
Description = Programm avcenter.exe, Version 12.3.0.15 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 838    Startzeit:
01cd5084c450ec77    Endzeit: 19141    Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir
 Desktop\avcenter.exe    Berichts-ID: 210728ab-bc78-11e1-9337-90e6ba80e627 
 
Error - 23.06.2012 13:36:51 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 23.06.2012 18:31:07 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 25.06.2012 09:45:35 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 25.06.2012 19:26:23 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ System Events ]
Error - 25.06.2012 17:33:42 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:  %%5
 
Error - 25.06.2012 17:33:42 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:  %%5
 
Error - 25.06.2012 17:33:42 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:  %%5
 
Error - 25.06.2012 17:33:57 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Akamai NetSession Interface" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000
Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 25.06.2012 17:34:44 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Akamai NetSession Interface" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000
Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 25.06.2012 17:37:34 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 25.06.2012 17:39:12 | Computer Name = Rena-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 25.06.2012 17:40:05 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 25.06.2012 17:40:59 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
  %%126
 
Error - 26.06.2012 12:29:37 | Computer Name = Rena-PC | Source = WMPNetworkSvc | ID = 866300
Description =
 
 
< End of report >
--- --- ---

GeFox 26.06.2012 18:15
SOO, zu aller erst einmal.....nach dem neustart wegen diesem adwcleaner meine antivir irgendwas wegen nem fehlenden tool oder so und deswegen ist der browserschutz jetzt deaktiviert.



# AdwCleaner v1.700 - Logfile created 06/26/2012 at 19:00:05
# Updated 26/06/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Rena - RENA-PC
# Running from : C:\Users\Rena\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Rena\AppData\Local\AskToolbar
Folder Deleted : C:\Users\Rena\AppData\Local\Conduit
Folder Deleted : C:\Users\Rena\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Rena\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Rena\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\ConduitCommon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\Linkury Smartbar Search.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Deleted : HKLM\SOFTWARE\Software
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.linkury.com --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\prefs.js

C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\user.js ... Deleted !

Deleted : user_pref("CT2849855..clientLogIsEnabled", true);
Deleted : user_pref("CT2849855..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2849855..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2849855.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2849855.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2849855.BrowserCompStateIsOpen_129640009348738015", true);
Deleted : user_pref("CT2849855.CT2849855", "CT2849855");
Deleted : user_pref("CT2849855.CurrentServerDate", "26-6-2012");
Deleted : user_pref("CT2849855.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2849855.DialogsGetterLastCheckTime", "Sun Jun 24 2012 16:21:19 GMT+0200");
Deleted : user_pref("CT2849855.DownloadReferralCookieData", "");
Deleted : user_pref("CT2849855.EMailNotifierPollDate", "Sat Sep 10 2011 18:15:33 GMT+0200");
Deleted : user_pref("CT2849855.FeedLastCount129349796701375473", 138);
Deleted : user_pref("CT2849855.FeedPollDate129313974171006416", "Sat Sep 10 2011 18:15:34 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313975698350231", "Sat Sep 10 2011 18:15:34 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313976370850190", "Sat Sep 10 2011 18:15:34 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313976648818968", "Sat Sep 10 2011 18:15:34 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313977444757117", "Sat Sep 10 2011 18:15:34 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313980389131455", "Sat Sep 10 2011 18:15:34 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313980655381977", "Sat Sep 10 2011 18:15:34 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313980886163259", "Sat Sep 10 2011 18:15:34 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313981234756535", "Sat Sep 10 2011 18:15:34 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313983226631720", "Sat Sep 10 2011 18:15:35 GMT+0200");
Deleted : user_pref("CT2849855.FeedPollDate129313983607725691", "Sat Sep 10 2011 18:15:35 GMT+0200");
Deleted : user_pref("CT2849855.FeedTTL129313974171006416", 10);
Deleted : user_pref("CT2849855.FeedTTL129313977444757117", 15);
Deleted : user_pref("CT2849855.FeedTTL129313980655381977", 5);
Deleted : user_pref("CT2849855.FeedTTL129313981234756535", 5);
Deleted : user_pref("CT2849855.FirstServerDate", "10-9-2011");
Deleted : user_pref("CT2849855.FirstTime", true);
Deleted : user_pref("CT2849855.FirstTimeFF3", true);
Deleted : user_pref("CT2849855.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2849855.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2849855.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2849855.HasUserGlobalKeys", true);
Deleted : user_pref("CT2849855.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2849855.Initialize", true);
Deleted : user_pref("CT2849855.InitializeCommonPrefs", true);
Deleted : user_pref("CT2849855.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2849855.InstallationType", "Unknown");
Deleted : user_pref("CT2849855.InstalledDate", "Sat Sep 10 2011 18:15:49 GMT+0200");
Deleted : user_pref("CT2849855.IsGrouping", false);
Deleted : user_pref("CT2849855.IsInitSetupIni", true);
Deleted : user_pref("CT2849855.IsMulticommunity", false);
Deleted : user_pref("CT2849855.IsOpenThankYouPage", true);
Deleted : user_pref("CT2849855.IsOpenUninstallPage", true);
Deleted : user_pref("CT2849855.IsProtectorsInit", true);
Deleted : user_pref("CT2849855.LanguagePackLastCheckTime", "Mon Jun 25 2012 22:59:03 GMT+0200");
Deleted : user_pref("CT2849855.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2849855.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2849855.LastLogin_3.12.0.7", "Wed Apr 25 2012 20:11:04 GMT+0200");
Deleted : user_pref("CT2849855.LastLogin_3.12.2.3", "Wed May 30 2012 18:59:56 GMT+0200");
Deleted : user_pref("CT2849855.LastLogin_3.13.0.6", "Tue Jun 26 2012 18:29:47 GMT+0200");
Deleted : user_pref("CT2849855.LastLogin_3.6.0.10", "Sat Sep 10 2011 18:15:33 GMT+0200");
Deleted : user_pref("CT2849855.LatestVersion", "3.13.0.6");
Deleted : user_pref("CT2849855.Locale", "de");
Deleted : user_pref("CT2849855.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2849855.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2849855.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2849855.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2849855.OriginalFirstVersion", "3.6.0.10");
Deleted : user_pref("CT2849855.SearchEngineBeforeUnload", "ICQ Search");
Deleted : user_pref("CT2849855.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2849855.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284[...]
Deleted : user_pref("CT2849855.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2849855.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2849855.SearchInNewTabLastCheckTime", "Mon Jun 25 2012 22:59:02 GMT+0200");
Deleted : user_pref("CT2849855.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2849855.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2849855.SearchProtectorEnabled", false);
Deleted : user_pref("CT2849855.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2849855.ServiceMapLastCheckTime", "Mon Jun 25 2012 22:59:03 GMT+0200");
Deleted : user_pref("CT2849855.SettingsLastCheckTime", "Tue Jun 26 2012 18:29:47 GMT+0200");
Deleted : user_pref("CT2849855.SettingsLastUpdate", "1337169810");
Deleted : user_pref("CT2849855.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2849855.ThirdPartyComponentsLastCheck", "Sat Sep 10 2011 18:15:32 GMT+0200");
Deleted : user_pref("CT2849855.ThirdPartyComponentsLastUpdate", "1255344657");
Deleted : user_pref("CT2849855.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2849855.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849855");
Deleted : user_pref("CT2849855.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2849855.UserID", "UN30570685190913038");
Deleted : user_pref("CT2849855.WeatherNetwork", "");
Deleted : user_pref("CT2849855.WeatherPollDate", "Sat Sep 10 2011 18:15:36 GMT+0200");
Deleted : user_pref("CT2849855.WeatherUnit", "C");
Deleted : user_pref("CT2849855.alertChannelId", "1241896");
Deleted : user_pref("CT2849855.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2849855.globalFirstTimeInfoLastCheckTime", "Sat Sep 10 2011 18:15:34 GMT+0200");
Deleted : user_pref("CT2849855.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2849855.initDone", true);
Deleted : user_pref("CT2849855.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2849855.myStuffEnabled", true);
Deleted : user_pref("CT2849855.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2849855.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2849855.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2849855.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2849855.revertSettingsEnabled", true);
Deleted : user_pref("CT2849855.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2849855.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2849855.testingCtid", "");
Deleted : user_pref("CT2849855.toolbarAppMetaDataLastCheckTime", "Mon Jun 25 2012 22:59:03 GMT+0200");
Deleted : user_pref("CT2849855.toolbarContextMenuLastCheckTime", "Sat Sep 10 2011 18:15:35 GMT+0200");
Deleted : user_pref("CT2849855.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2849855/CT2849855[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1241896/1237569/DE", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849855", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849855",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2849855&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"b57[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Rena\\AppData\\Roaming\\Mozilla\\Fi[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2849855");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2849855");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2849855");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Sep 10 2011 18:15:35 GMT+0200");
Deleted : user_pref("CommunityToolbar.globalUserId", "a80989e9-c35b-4332-a0f2-96c646621b73");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Sep 10 2011 18:15:3[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Sep 10 2011 18:15:44 GMT+020[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Sep 10 2011 18:15:33 GMT+0200");
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "575c7bea-6ef6-4d2e-b07b-6d40d0dc0677");
Deleted : user_pref("extensions.asktb.AviraIDW-TS", "1319801289480");
Deleted : user_pref("extensions.asktb.AviraIDW-XML", "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<button xm[...]
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Deleted : user_pref("extensions.asktb.cbid", "JM");
Deleted : user_pref("extensions.asktb.config-updated", true);
Deleted : user_pref("extensions.asktb.crumb", "2011.09.10+06.38.07-toolbar009iad-DE-QmVybGluLEdlcm1hbnk%3D");
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&[...]
Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "GMXX0007");
Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "ed90ad1f-6e80-4149-89f6-c11c7dc72561");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1340660909027");
Deleted : user_pref("extensions.asktb.last-v", "3.14.0.100010");
Deleted : user_pref("extensions.asktb.locale", "de_DE");
Deleted : user_pref("extensions.asktb.location", "Berlin,Germany");
Deleted : user_pref("extensions.asktb.notification-shown", true);
Deleted : user_pref("extensions.asktb.o", "100000080");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "3");
Deleted : user_pref("extensions.asktb.sa", "NO");
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.asktb.v", "3.14.0.100013");
Deleted : user_pref("icqtoolbar.history", "Adult%E2%80%B2s%20Toy||35%24%20pc||Croixleur||Shion||Allkore%20-%20[...]

*************************

AdwCleaner[R1].txt - [21438 octets] - [26/06/2012 18:32:27]
AdwCleaner[S1].txt - [20356 octets] - [26/06/2012 19:00:05]

########## EOF - C:\AdwCleaner[S1].txt - [20485 octets] ##########




OTLOTL Logfile:
Code:
OTL logfile created on: 26.06.2012 19:02:14 - Run 1
OTL by OldTimer - Version 3.2.53.0    Folder = C:\Users\Rena\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,25 Gb Total Physical Memory | 5,85 Gb Available Physical Memory | 80,63% Memory free
14,50 Gb Paging File | 12,89 Gb Available in Paging File | 88,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 64,16 Gb Total Space | 18,09 Gb Free Space | 28,19% Space Free | Partition Type: NTFS
Drive D: | 401,50 Gb Total Space | 19,10 Gb Free Space | 4,76% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 60,69 Gb Free Space | 3,26% Space Free | Partition Type: NTFS
 
Computer Name: RENA-PC | User Name: Rena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.26 18:59:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Rena\Desktop\OTL.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.03.11 15:02:16 | 002,080,768 | ---- | M] (Nicolas Kruse) -- C:\Program Files (x86)\Nettalk6\Nettalk.exe
PRC - [2012.02.28 17:38:56 | 001,987,976 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.24 01:48:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.19 17:20:40 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.30 01:19:38 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.02.28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.08 12:52:45 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.09.08 17:48:36 | 006,583,160 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011.09.08 17:48:36 | 000,528,760 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.11.29 14:02:06 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.09.08 17:49:26 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2011.09.08 17:49:24 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 35 D1 BE 06 6F CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 17:20:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 17:20:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.09.09 17:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rena\AppData\Roaming\mozilla\Extensions
[2012.06.26 10:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rena\AppData\Roaming\mozilla\Firefox\Profiles\cjpurgzz.default\extensions
[2012.05.30 19:37:51 | 000,000,000 | ---D | M] (BittorrentBar_DE Community Toolbar) -- C:\Users\Rena\AppData\Roaming\mozilla\Firefox\Profiles\cjpurgzz.default\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2012.06.20 09:01:56 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-1.xml
[2012.02.03 12:00:59 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-10.xml
[2012.02.12 11:27:13 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-11.xml
[2012.02.17 14:25:07 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-12.xml
[2012.03.18 14:22:40 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-13.xml
[2012.03.28 18:50:38 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-14.xml
[2011.09.28 21:24:36 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-2.xml
[2011.10.01 22:47:25 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-3.xml
[2011.11.06 20:06:32 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-4.xml
[2011.11.11 16:53:52 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-5.xml
[2011.11.29 14:03:31 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-6.xml
[2011.12.21 12:20:26 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-7.xml
[2012.01.05 15:46:47 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-8.xml
[2012.01.10 00:50:37 | 000,000,950 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin-9.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\searchplugins\icqplugin.xml
[2012.03.17 18:33:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.05 23:26:45 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\RENA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CJPURGZZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.19 17:20:40 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.19 17:20:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.19 17:20:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.19 17:20:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.19 17:20:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 17:20:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 17:20:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.25 23:40:03 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nettalk.lnk = C:\Program Files (x86)\Nettalk6\Nettalk.exe (Nicolas Kruse)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6AA9396E-72DE-436E-9E3A-064C7F1BEC93}: DhcpNameServer = 83.169.186.161 83.169.186.225
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.26 18:59:19 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Rena\Desktop\OTL.exe
[2012.06.25 23:44:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.06.25 23:41:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.06.25 23:34:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.06.25 23:34:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.06.25 23:34:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.06.22 17:16:00 | 000,000,000 | ---D | C] -- C:\Users\Rena\AppData\Roaming\Avira
[2012.06.22 17:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.22 17:13:37 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.06.22 17:13:37 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.06.22 17:13:37 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.06.22 17:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.06.22 12:11:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.06.22 12:11:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.06.22 12:09:27 | 004,568,224 | R--- | C] (Swearware) -- C:\Users\Rena\Desktop\ComboFix.exe
[2012.06.22 11:13:03 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rena\Desktop\tdsskiller.exe
[2012.06.22 09:08:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rena\Desktop\dds.com
[2012.06.22 01:07:04 | 000,000,000 | ---D | C] -- C:\Users\Rena\AppData\Roaming\Malwarebytes
[2012.06.22 01:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.17 23:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Intenium
[2012.06.17 23:39:23 | 000,000,000 | ---D | C] -- C:\Users\Rena\Desktop\Pflanzen gegen Zombies German
[2012.06.14 23:03:35 | 000,000,000 | ---D | C] -- C:\Users\Rena\AppData\Roaming\Nettalk
[2012.06.14 23:03:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nettalk6
[2012.06.12 11:06:52 | 000,000,000 | ---D | C] -- C:\Users\Rena\AppData\Local\Macromedia
[2012.06.07 11:47:41 | 030,829,617 | ---- | C] (Inquisitor                                                  ) -- C:\Users\Rena\Desktop\@Home Mate HF Patch.exe
[2012.06.07 11:40:10 | 000,000,000 | ---D | C] -- C:\illusion
[2012.06.01 17:44:05 | 000,000,000 | ---D | C] -- C:\Users\Rena\Desktop\Dolphin
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Rena\*.tmp files -> C:\Users\Rena\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.26 19:06:10 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.26 19:06:10 | 000,020,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.26 19:05:38 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.26 19:05:38 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.26 19:05:38 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.26 19:05:38 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.26 19:05:38 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.26 19:01:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.26 19:01:00 | 1542,754,303 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.26 18:59:19 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Rena\Desktop\OTL.exe
[2012.06.26 18:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.26 18:32:09 | 000,609,201 | ---- | M] () -- C:\Users\Rena\Desktop\adwcleaner.exe
[2012.06.25 23:40:03 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.06.25 23:34:29 | 004,568,224 | R--- | M] (Swearware) -- C:\Users\Rena\Desktop\ComboFix.exe
[2012.06.24 04:06:00 | 000,000,069 | ---- | M] () -- C:\Users\Rena\Desktop\listen45.pls
[2012.06.22 21:19:34 | 000,006,396 | ---- | M] () -- C:\Users\Rena\Desktop\0677.mpssvc.reg
[2012.06.22 21:19:29 | 000,229,548 | ---- | M] () -- C:\Users\Rena\Desktop\1055.BFE.reg
[2012.06.22 17:13:48 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.22 17:13:05 | 099,308,192 | ---- | M] () -- C:\Users\Rena\Desktop\avira_free_antivirus_de.exe
[2012.06.22 11:13:04 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rena\Desktop\tdsskiller.exe
[2012.06.22 09:08:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rena\Desktop\dds.com
[2012.06.17 20:21:32 | 000,001,485 | ---- | M] () -- C:\Users\Rena\.recently-used.xbel
[2012.06.14 23:03:16 | 000,000,972 | ---- | M] () -- C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nettalk.lnk
[2012.06.14 23:03:16 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Nettalk.lnk
[2012.06.14 08:56:37 | 000,297,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.12 13:37:15 | 000,068,356 | ---- | M] () -- C:\Users\Rena\Desktop\Purityyy - The Quick Brown Fox - The Big Black [WHO'S AFRAID OF THE BIG BLACK] (2012-05-12) Osu.osr
[2012.06.07 11:52:19 | 000,000,910 | ---- | M] () -- C:\Users\Rena\Desktop\@Home Mate.lnk
[2012.06.07 11:48:15 | 030,829,617 | ---- | M] (Inquisitor                                                  ) -- C:\Users\Rena\Desktop\@Home Mate HF Patch.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Rena\*.tmp files -> C:\Users\Rena\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.26 18:32:08 | 000,609,201 | ---- | C] () -- C:\Users\Rena\Desktop\adwcleaner.exe
[2012.06.25 23:34:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.06.25 23:34:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.06.25 23:34:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.06.25 23:34:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.06.25 23:34:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.06.24 04:05:59 | 000,000,069 | ---- | C] () -- C:\Users\Rena\Desktop\listen45.pls
[2012.06.22 21:19:33 | 000,006,396 | ---- | C] () -- C:\Users\Rena\Desktop\0677.mpssvc.reg
[2012.06.22 21:19:24 | 000,229,548 | ---- | C] () -- C:\Users\Rena\Desktop\1055.BFE.reg
[2012.06.22 17:13:48 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.22 17:08:05 | 099,308,192 | ---- | C] () -- C:\Users\Rena\Desktop\avira_free_antivirus_de.exe
[2012.06.17 23:59:48 | 003,362,816 | ---- | C] () -- C:\Users\Rena\Documents\PflanzenGegenZombies_og.exe.bak
[2012.06.17 20:21:32 | 000,001,485 | ---- | C] () -- C:\Users\Rena\.recently-used.xbel
[2012.06.14 23:03:16 | 000,000,972 | ---- | C] () -- C:\Users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nettalk.lnk
[2012.06.14 23:03:16 | 000,000,948 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nettalk.lnk
[2012.06.14 23:03:16 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Nettalk.lnk
[2012.06.12 13:37:14 | 000,068,356 | ---- | C] () -- C:\Users\Rena\Desktop\Purityyy - The Quick Brown Fox - The Big Black [WHO'S AFRAID OF THE BIG BLACK] (2012-05-12) Osu.osr
[2012.06.07 11:52:19 | 000,000,910 | ---- | C] () -- C:\Users\Rena\Desktop\@Home Mate.lnk
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.18 21:55:28 | 000,001,786 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.01.18 21:40:43 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe
[2012.01.18 21:40:09 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll
[2012.01.18 21:40:09 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2012.01.11 13:49:21 | 000,002,048 | -HS- | C] () -- C:\Users\Rena\AppData\Local\{35f92f7d-582a-ee8b-976b-730f9f4e24be}\@
[2011.11.16 01:11:22 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.11.07 00:06:24 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.09 17:42:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.09 17:39:28 | 000,000,017 | ---- | C] () -- C:\Users\Rena\AppData\Local\resmon.resmoncfg
 
========== LOP Check ==========
 
[2012.05.22 15:30:34 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\.minecraft
[2012.03.12 22:21:22 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\BadApple!!
[2012.05.10 16:32:52 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Beat Hazard
[2012.06.13 00:44:07 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\BitTorrent
[2012.02.23 12:43:26 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\DAEMON Tools Lite
[2011.09.26 20:19:00 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\DAEMON Tools Pro
[2012.04.21 23:30:20 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\FileZilla
[2012.06.26 18:57:23 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\ICQ
[2011.09.14 20:40:45 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Image-Line
[2012.05.16 20:24:19 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\IrfanView
[2012.03.11 11:29:12 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\mkvtoolnix
[2011.10.31 13:19:20 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Need for Speed World
[2012.06.26 18:59:50 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\Nettalk
[2012.03.20 12:57:29 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\RenPy
[2012.01.24 00:34:54 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\ScummVM
[2011.11.18 22:29:04 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\TeamViewer
[2012.04.23 19:27:40 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\TS3Client
[2012.04.09 00:04:35 | 000,000,000 | ---D | M] -- C:\Users\Rena\AppData\Roaming\XMedia Recode
[2012.06.11 11:00:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---



Extras
OTL Logfile:
Code:
OTL Extras logfile created on: 26.06.2012 19:02:14 - Run 1
OTL by OldTimer - Version 3.2.53.0    Folder = C:\Users\Rena\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,25 Gb Total Physical Memory | 5,85 Gb Available Physical Memory | 80,63% Memory free
14,50 Gb Paging File | 12,89 Gb Available in Paging File | 88,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 64,16 Gb Total Space | 18,09 Gb Free Space | 28,19% Space Free | Partition Type: NTFS
Drive D: | 401,50 Gb Total Space | 19,10 Gb Free Space | 4,76% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 60,69 Gb Free Space | 3,26% Space Free | Partition Type: NTFS
 
Computer Name: RENA-PC | User Name: Rena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2B8F74F1-48DE-4D1E-80B1-4700C9AF4CC7}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D1484E02-6D76-4A68-B8F0-023B6893FF67}" = protocol=58 | dir=in | app=system |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{C9CFAD8F-5388-4414-87C4-18908735E565}C:\program files (x86)\icq7.6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"UDP Query User{BC270A5B-4831-4433-A566-030746CE8A66}C:\program files (x86)\icq7.6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Pen Tablet Driver" = Bamboo
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.1
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2510CF9A-3D92-4D1E-9124-080F53F4E293}" = ILLUSION @ふぉーむメイト
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{BA45D6C9-AC93-288B-DC4C-D65A01A2ED02}" = Application Profiles
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FE163F11-1919-4257-A280-FF5AF8DAEECB}" = ICQ Sparberater
"7-Zip" = 7-Zip 9.20
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira Free Antivirus
"Beat Hazard v1.5" = Beat Hazard v1.5
"BitTorrent" = BitTorrent
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"DAEMON Tools Lite" = DAEMON Tools Lite
"FileZilla Client" = FileZilla Client 3.5.3
"FL Studio 10" = FL Studio 10
"HaaliMkx" = Haali Media Splitter
"IL Download Manager" = IL Download Manager
"IrfanView" = IrfanView (remove only)
"Katawa Shoujo Act 1" = Katawa Shoujo Act 1
"LogMeIn Hamachi" = LogMeIn Hamachi
"MKVToolNix" = MKVToolNix 5.4.0
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nettalk_is1" = Nettalk 6.7
"OpenAL" = OpenAL
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"SMPlayer" = SMPlayer 0.6.9
"The KMPlayer" = The KMPlayer (remove only)
"VLC media player" = VLC media player 2.0.1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 3.0.9.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.06.2012 08:00:19 | Computer Name = Rena-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000ccb60  ID des fehlerhaften Prozesses: 0xa2c  Startzeit der fehlerhaften Anwendung:
 0x01cd4e12cb0bf5a2  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 56743c10-ba06-11e1-bd86-90e6ba80e627
 
Error - 20.06.2012 03:36:38 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 20.06.2012 19:50:51 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 21.06.2012 19:18:11 | Computer Name = Rena-PC | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.60.0.80 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: dd0    Startzeit:
01cd5002929282cc    Endzeit: 15    Anwendungspfad: C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbam.exe    Berichts-ID: 5b8a8f5e-bbf7-11e1-a7d0-90e6ba80e627 
 
Error - 22.06.2012 03:57:42 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 22.06.2012 10:40:15 | Computer Name = Rena-PC | Source = Application Hang | ID = 1002
Description = Programm avcenter.exe, Version 12.3.0.15 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 838    Startzeit:
01cd5084c450ec77    Endzeit: 19141    Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir
 Desktop\avcenter.exe    Berichts-ID: 210728ab-bc78-11e1-9337-90e6ba80e627 
 
Error - 23.06.2012 13:36:51 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 23.06.2012 18:31:07 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 25.06.2012 09:45:35 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 25.06.2012 19:26:23 | Computer Name = Rena-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ System Events ]
Error - 25.06.2012 17:33:42 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:  %%5
 
Error - 25.06.2012 17:33:42 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:  %%5
 
Error - 25.06.2012 17:33:42 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:  %%5
 
Error - 25.06.2012 17:33:57 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Akamai NetSession Interface" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000
Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 25.06.2012 17:34:44 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Akamai NetSession Interface" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000
Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 25.06.2012 17:37:34 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 25.06.2012 17:39:12 | Computer Name = Rena-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 25.06.2012 17:40:05 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 25.06.2012 17:40:59 | Computer Name = Rena-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
  %%126
 
Error - 26.06.2012 12:29:37 | Computer Name = Rena-PC | Source = WMPNetworkSvc | ID = 866300
Description =
 
 
< End of report >
--- --- ---

Larusso 26.06.2012 20:01
Ja, weil der Webguard mit der ASK Toolbar gebündelt ist. Du willst diese Toolbar nicht auf dem System. Glaubs mir und ist auch der Grund, warum wir Avira nicht mehr empfehlen.


Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

SystemLook
  • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    :regfind
    {35f92f7d-582a-ee8b-976b-730f9f4e24be}
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

GeFox 26.06.2012 22:15
gibt es denn noch irgendnen anderes kostenlose virenprogramm da sdu empfiehlst? oder ein gutes was nicht zu euer ist? =)


SystemLook 30.07.11 by jpshortstuff
Log created at 23:13 on 26/06/2012 by Rena
Administrator - Elevation successful

========== regfind ==========

Searching for "{35f92f7d-582a-ee8b-976b-730f9f4e24be}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths]
"url2"="C:\Windows\Installer\{35f92f7d-582a-ee8b-976b-730f9f4e24be}"
[HKEY_USERS\S-1-5-21-1497996645-2277315608-401803657-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths]
"url2"="C:\Windows\Installer\{35f92f7d-582a-ee8b-976b-730f9f4e24be}"

-= EOF =-

Larusso 27.06.2012 14:50
Hy, muss da schnell was abklären. Melde mich so schnell als möglich wieder.

GeFox 27.06.2012 15:00
dieses abklären hat aber nichts mit mir zu tun oder? ...... ok ich warte XD

Larusso 28.06.2012 06:50
Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths]
"url2"=-

[HKEY_USERS\S-1-5-21-1497996645-2277315608-401803657-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths]
"url2"=-

ClearJavaCache::
Reboot::
Speichere dies als CFScript.txt auf deinem Desktop.
Wichtig:
  • Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern. Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher, dass ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.

http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


GeFox 28.06.2012 15:22
alter......sind das viele sachen die ich machen muss. muss ich mir alles merken ^^

alles genau so wie es ist nach der reihenfolge? und auch das combofix script was ja schon da istz von c entfernen?

Larusso 28.06.2012 15:40
Erstens, ich bin nicht dein Alter :koch:

2. steht alles da

GeFox 28.06.2012 18:27
alter war doch jetzt nicht direkt an dich gerichtet T.T ..... war einfach nur so gesagt, sry wenns dich irgendwie verärgert hat......

ok dann werd ich mich da morgen mal dransetzen da ich heute keine zeit mehr habe

danke für deine ganzen mühen

eine frage die mir ncoh etwas unkalr ist ...... starte combofix automatisch sobald ich CFScript.txt in die exe schiebe oder muss ich es vorher starten? :> ... sry für die ganzen fragen will aber lieber einmal mehr sicher gehen als einmal zu wenig

So, ich habs jetzt versucht so zu machen wie es da stand aber das mit combo.fix...is es nicht genau das selbe was ich schonmal gemacht habe? xD ... naja ich hoffe das passt alles so .....
Combofix Logfile:
Code:
ComboFix 12-06-28.03 - Rena 29.06.2012  5:17.2.4 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.7423.5822 [GMT 2:00]
ausgeführt von:: c:\users\Rena\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Rena\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-28 bis 2012-06-29  ))))))))))))))))))))))))))))))
.
.
2012-06-29 03:21 . 2012-06-29 03:21        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-27 16:30 . 2012-06-27 16:30        --------        d-----w-        c:\program files (x86)\LogMeIn Hamachi
2012-06-22 19:27 . 2012-05-04 11:00        366592        ----a-w-        c:\windows\system32\qdvd.dll
2012-06-22 19:27 . 2012-05-04 09:59        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll
2012-06-22 15:16 . 2012-06-22 15:16        --------        d-----w-        c:\users\Rena\AppData\Roaming\Avira
2012-06-22 15:13 . 2012-05-02 13:24        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-06-22 15:13 . 2012-04-27 08:20        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-06-22 15:13 . 2012-04-24 22:32        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-06-22 15:13 . 2012-06-22 15:13        --------        d-----w-        c:\program files (x86)\Avira
2012-06-21 23:08 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-21 23:08 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-21 23:08 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-21 23:08 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-21 23:08 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-21 23:08 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-21 23:08 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-21 23:08 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-21 23:08 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-21 23:07 . 2012-06-21 23:07        --------        d-----w-        c:\users\Rena\AppData\Roaming\Malwarebytes
2012-06-21 23:06 . 2012-06-21 23:06        --------        d-----w-        c:\programdata\Malwarebytes
2012-06-19 15:20 . 2012-06-19 15:20        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-19 15:20 . 2012-06-19 15:20        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-19 06:27 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{5061DE1B-E3BA-4C48-A3FB-A530B784FFD2}\mpengine.dll
2012-06-17 21:39 . 2012-06-17 21:39        --------        d-----w-        c:\programdata\Intenium
2012-06-14 21:03 . 2012-06-29 03:12        --------        d-----w-        c:\users\Rena\AppData\Roaming\Nettalk
2012-06-14 21:03 . 2012-06-14 21:03        --------        d-----w-        c:\program files (x86)\Nettalk6
2012-06-12 09:06 . 2012-06-12 09:06        --------        d-----w-        c:\users\Rena\AppData\Local\Macromedia
2012-06-07 09:40 . 2012-06-07 09:40        40960        ----a-r-        c:\users\Rena\AppData\Roaming\Microsoft\Installer\{2510CF9A-3D92-4D1E-9124-080F53F4E293}\NewShortcut1_2510CF9A3D924D1E9124080F53F4E293.exe
2012-06-07 09:40 . 2012-06-07 09:40        40960        ----a-r-        c:\users\Rena\AppData\Roaming\Microsoft\Installer\{2510CF9A-3D92-4D1E-9124-080F53F4E293}\ARPPRODUCTICON.exe
2012-06-07 09:40 . 2012-06-07 09:40        --------        d-----w-        C:\illusion
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 23:48 . 2012-04-03 07:08        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 23:48 . 2011-09-09 16:05        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-06 05:22 . 2012-04-06 05:22        11174400        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22        159744        ----a-w-        c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21        909312        ----a-w-        c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2011-12-06 03:16        1067520        ----a-w-        c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16        442368        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16        503808        ----a-w-        c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16        236544        ----a-w-        c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14        120320        ----a-w-        c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14        21504        ----a-w-        c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14        59392        ----a-w-        c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13        6800896        ----a-w-        c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10        26181632        ----a-w-        c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-12-06 02:18        64000        ----a-w-        c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2009-08-18 00:26        7479296        ----a-w-        c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50        19753984        ----a-w-        c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35        1120768        ----a-w-        c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34        1831424        ----a-w-        c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34        4731904        ----a-w-        c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34        6203392        ----a-w-        c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30        51200        ----a-w-        c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30        44544        ----a-w-        c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29        16090624        ----a-w-        c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25        13764096        ----a-w-        c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23        7431680        ----a-w-        c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22        4795904        ----a-w-        c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11        514560        ----a-w-        c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        360448        ----a-w-        c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11        17408        ----a-w-        c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        14848        ----a-w-        c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        14848        ----a-w-        c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11        41984        ----a-w-        c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10        33280        ----a-w-        c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10        343040        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-12-06 02:11        54784        ----a-w-        c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09        41984        ----a-w-        c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09        44544        ----a-w-        c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09        32256        ----a-w-        c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06        54784        ----a-w-        c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06        54784        ----a-w-        c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06        53760        ----a-w-        c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06        53760        ----a-w-        c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34        187392        ----a-w-        c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34        74752        ----a-w-        c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34        64512        ----a-w-        c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33        63488        ----a-w-        c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33        56320        ----a-w-        c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33        16457216        ----a-w-        c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32        13007872        ----a-w-        c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32        54784        ----a-w-        c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32        50176        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2012-04-01 10:21 . 2012-04-01 10:21        525544        ----a-w-        c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-06-25_21.41.23  )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-06-29 03:22        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-25 21:41        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-25 21:41        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-29 03:22        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-25 21:41        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-29 03:22        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-09 15:39 . 2012-06-28 17:24        34430              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-28 17:24        32800              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-09-09 17:36 . 2009-03-18 14:35        33856              c:\windows\system32\hamachi.sys
+ 2011-09-09 17:36 . 2009-03-18 15:35        33856              c:\windows\system32\hamachi.sys
- 2011-09-09 15:30 . 2012-06-25 13:11        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-09 15:30 . 2012-06-28 14:19        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-09 15:30 . 2012-06-25 13:11        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-09 15:30 . 2012-06-28 14:19        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-28 14:19        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-25 13:11        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-09 15:35 . 2012-06-28 17:23        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-09 15:35 . 2012-06-25 18:29        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-06-25 22:57        89968              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-09-09 15:35 . 2012-06-25 18:29        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-09 15:35 . 2012-06-28 17:23        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-09 15:35 . 2012-06-28 17:23        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-09 15:35 . 2012-06-25 18:29        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-09 15:35 . 2012-06-29 03:03        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-09 15:35 . 2012-06-25 21:08        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-09 15:35 . 2012-06-25 21:08        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-09 15:35 . 2012-06-29 03:03        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-09 15:36 . 2012-06-28 17:24        9942              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1497996645-2277315608-401803657-1001_UserData.bin
- 2012-06-25 21:40 . 2012-06-25 21:40        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-29 03:21 . 2012-06-29 03:21        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-29 03:21 . 2012-06-29 03:21        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-25 21:40 . 2012-06-25 21:40        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-06-28 17:27        616032              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-25 18:33        616032              c:\windows\system32\perfh009.dat
- 2009-07-14 17:58 . 2012-06-25 18:33        654150              c:\windows\system32\perfh007.dat
+ 2009-07-14 17:58 . 2012-06-28 17:27        654150              c:\windows\system32\perfh007.dat
- 2009-07-14 02:36 . 2012-06-25 18:33        106412              c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-28 17:27        106412              c:\windows\system32\perfc009.dat
+ 2009-07-14 17:58 . 2012-06-28 17:27        130022              c:\windows\system32\perfc007.dat
- 2009-07-14 17:58 . 2012-06-25 18:33        130022              c:\windows\system32\perfc007.dat
+ 2012-01-25 18:32 . 2012-06-29 03:21        501176              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-01-25 18:32 . 2012-06-25 21:40        501176              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-06-29 03:21        253312              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-25 21:40        253312              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-27 16:29 . 2012-06-27 16:29        3884544              c:\windows\Installer\aad4.msi
+ 2011-09-09 17:30 . 2012-06-29 03:21        48278736              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1497996645-2277315608-401803657-1001-8192.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FE163F11-1919-4257-A280-FF5AF8DAEECB}]
2011-08-24 13:26        50240        ----a-w-        c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\Rena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Nettalk.lnk - c:\program files (x86)\Nettalk6\Nettalk.exe [2012-6-14 2080768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 X6va005;X6va005;c:\users\Rena\AppData\Local\Temp\00572D5.tmp [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-29 279616]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 23:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421
uSearchAssistant = hxxp://www.google.com
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 83.169.186.225 83.169.186.161
FF - ProfilePath - c:\users\Rena\AppData\Roaming\Mozilla\Firefox\Profiles\cjpurgzz.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Rena\AppData\Local\Temp\00572D5.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-29  05:25:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-29 03:25
.
Vor Suchlauf: 12 Verzeichnis(se), 21.177.163.776 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 20.988.870.656 Bytes frei
.
- - End Of File - - 55441FD5DF19EEBF99E59BF1736CCC07
--- --- ---

und zu diesem eset......nach das alles fertig war und ich die txt gespeichert habe und gespeichert habe meinte mein rechner kurze zeit später das ESET wohl eventuell nicht richtig installiert wurde.........und sehr viel drin steht da auch nicht

E:\Download\VideoConverter_Setup.exe a variant of Win32/SweetIM.A application


das wars...ich hoffe das passt alles so ^^

Larusso 29.06.2012 06:44
Macht der Rechner noch Probleme ?

GeFox 29.06.2012 08:30
naja was heißt probleme.....hab das gefühl das der ein bissel langamer ist oder beim schreiben ab und zu etwas nachhakt...kann aber auch nur paranoia sein wegen viren und so ^^
was mir aufgefallen is das wenn ich firefox starte der jedesmal kurzzeitig nen braunes bild zeigt bevor google zu sehen ist was mich schon irgendwie nervt weils vorher nicht war und dann halt antivir da der browserschutz ja nicht mehr geht.

wäre nett wenn du da noch irgendwie was zu sagen kannst ^^
und was mich auch noch interessiert sind die funde die eset da angezeigt hat oder so
E:\Download\VideoConverter_Setup.exe a variant of Win32/SweetIM.A application
muss ich damit nichts machen?

auch bis jetzt besten dank für deine hilfe xD

Larusso 29.06.2012 16:24
Zitat:
E:\Download\VideoConverter_Setup.exe a variant of Win32/SweetIM.A application
muss ich damit nichts machen?
Du weißt nichtmal, was du dir herunter ladest ?


Zitat:
da der browserschutz ja nicht mehr geht.
Avira neu installieren oder darauf verzichten.


Zitat:
wenn ich firefox starte der jedesmal kurzzeitig nen braunes bild zeigt bevor google zu sehen ist
Keine Ahnung. Firefox neu installieren versuchen.

GeFox 29.06.2012 16:34
naja eigentlich schon aber da er mir das als fund oder was auch immer anzeigt soll ich beides entfernen oder wie was wo? xD

wenn ich es neu installiere ist aber dieses ask wieder da oder? <<

hmmm.....speichert firefox alle gespeicherten seiten und pw etc oder kann ich mir das speichern ? ^^

die 4 sachen die antivir gefunden hat einfach in quarantäne lassen?

Larusso 30.06.2012 03:37
Zitat:
naja eigentlich schon aber da er mir das als fund oder was auch immer anzeigt soll ich beides entfernen oder wie was wo?
Ist mir eigentlich Schnuppe. Ich entferne hier Malware und bin nicht dafür da, deinen PC zu entmüllen.


Zitat:
wenn ich es neu installiere ist aber dieses ask wieder da oder? <<
Ja

Zitat:
speichert firefox alle gespeicherten seiten und pw etc oder kann ich mir das speichern ? ^^
MozBackup - Backup tool for Firefox and Thunderbird


Zitat:
die 4 sachen die antivir gefunden hat einfach in quarantäne lassen?
Ja :rolleyes:

GeFox 30.06.2012 11:21
ok besten dank für alles :>........dann kann ich nun alles mögliche was ich runtergeladen habe (combofix, adwcleaner, otl usw.) entfernen sowie auch die logs? und kann ich dann auch eset deinstallieren?

Larusso 30.06.2012 13:06
ESET kannst du deinstallieren.



Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
Combofix /Uninstall
http://larusso.trojaner-board.de/Images/CFuninstall.jpg

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.



Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.



Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher, immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Eine out of date Anti Virensoftware ist nutzlos!


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.


Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

GeFox 30.06.2012 15:03
danke danke danke nochmal =)

Larusso 01.07.2012 17:44
Froh das wir helfen konnten :abklatsch:

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:11 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131