| smily691 | 13.04.2013 23:48 |
ADWCleaner.txt Code:
# AdwCleaner v2.200 - Datei am 13/04/2013 um 23:24:33 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Administrator - KENNY
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Administrator\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchResults.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Gelöscht mit Neustart : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Plasmoo
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Ilivid
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Administrator\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Tanina\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Tanina\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Tanina\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Tanina\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Tanina\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\User\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\User\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\User\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\User\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\User\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\User\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\User\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\User\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Bandoo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2795622
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Opera v11.64.1403.0
Datei : C:\Users\User\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\Tanina\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
Datei : C:\Users\Administrator\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [11366 octets] - [13/04/2013 23:24:33]
########## EOF - C:\AdwCleaner[S1].txt - [11427 octets] ##########
Combofix: Code:
ComboFix 13-04-12.02 - Administrator 14.04.2013 0:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8173.6506 [GMT 2:00]
ausgeführt von:: c:\users\Administrator\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\User\4.0
c:\users\User\CivilizationV.exe
c:\users\User\CivilizationV_DX11.exe
c:\users\User\steam_api.dll
c:\users\User\x.x
c:\windows\ico.ico
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
F:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-13 bis 2013-04-13 ))))))))))))))))))))))))))))))
.
.
2013-04-13 11:02 . 2013-04-13 11:02 -------- d-----w- c:\users\Administrator\AppData\Local\Apple Computer
2013-04-11 17:38 . 2013-04-11 17:38 -------- d-----w- c:\users\Administrator\AppData\Roaming\Motorola
2013-04-10 18:39 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 18:39 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 18:39 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 18:39 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-04-10 18:39 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 18:39 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 18:39 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-04-10 18:39 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-04-10 18:39 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 18:38 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 18:38 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 18:38 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 18:38 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 18:38 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 18:38 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-03 12:27 . 2013-04-12 10:53 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-03-18 13:24 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-10 18:42 . 2011-05-31 12:28 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-28 13:28 . 2013-02-14 16:38 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-03-13 01:19 . 2012-07-13 18:42 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 01:19 . 2011-06-12 16:42 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 05:45 . 2013-03-13 12:56 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 12:56 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 12:56 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 12:56 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 12:56 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 12:56 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-09-06 162408]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]
OpenOffice.org 3.4.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-4-19 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\WolfTeam\GameGuard\dump_wmimmc.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [2009-05-08 53632]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2011-03-31 30208]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-11 1255736]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-10 283200]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-12-04 8704]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 565928]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-08 122856]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-08 369640]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2009-12-01 38992]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [2009-10-01 1307648]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 01:19]
.
2013-04-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3368515764-173444655-1910660914-1000Core.job
- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-17 22:35]
.
2013-04-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3368515764-173444655-1910660914-1000UA.job
- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-17 22:35]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-17 20:28]
.
2013-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-17 20:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
"lxbkbmgr.exe"="c:\program files (x86)\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2010-07-01 8151040]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: %SystemRoot%\system32\vsocklib.dll
FF - ProfilePath -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-!{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
Toolbar-!{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-14 00:14:55
ComboFix-quarantined-files.txt 2013-04-13 22:14
.
Vor Suchlauf: 23 Verzeichnis(se), 568.503.250.944 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 573.939.978.240 Bytes frei
.
- - End Of File - - CCC7B8BFBE6C2B7C0946C7979418FFC8
OTL Code:
OTL logfile created on: 14.04.2013 00:19:02 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 5,92 Gb Available Physical Memory | 74,22% Memory free
15,96 Gb Paging File | 14,16 Gb Available in Paging File | 88,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 534,62 Gb Free Space | 28,70% Space Free | Partition Type: NTFS
Drive D: | 7,83 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 149,04 Gb Total Space | 3,77 Gb Free Space | 2,53% Space Free | Partition Type: NTFS
Drive F: | 139,28 Gb Total Space | 82,19 Gb Free Space | 59,01% Space Free | Partition Type: NTFS
Drive J: | 7,46 Gb Total Space | 1,80 Gb Free Space | 24,11% Space Free | Partition Type: FAT32
Computer Name: KENNY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.11 19:42:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2013.03.13 03:19:14 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
PRC - [2012.12.10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.10.02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.09.06 13:12:20 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2012.08.08 17:00:43 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.13 23:50:30 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.06.09 02:37:04 | 000,433,816 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012.06.09 02:36:36 | 000,354,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012.06.09 00:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2012.05.08 21:49:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:49:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.19 08:57:16 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.04.19 08:57:16 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.12.06 23:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011.12.06 23:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008.02.28 12:58:42 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark X1100 Series\LXBKbmgr.exe
PRC - [2008.02.28 12:57:36 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmon.exe
========== Modules (No Company Name) ==========
MOD - [2012.04.13 12:04:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.04.13 12:00:04 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2011.12.06 23:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
========== Services (SafeList) ==========
SRV:64bit: - [2008.02.19 10:12:32 | 000,565,928 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxbkcoms.exe -- (lxbk_device)
SRV - [2013.03.28 13:25:00 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013.03.15 18:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.13 03:19:14 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.12 22:03:20 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.12.04 19:13:34 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012.10.10 22:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.13 23:50:30 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.06.09 02:37:04 | 000,433,816 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012.06.09 02:36:36 | 000,354,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012.06.09 00:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012.05.08 21:49:04 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 21:49:03 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.12.06 23:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011.08.29 23:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.05.08 21:30:00 | 004,100,400 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.02.19 10:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxbkcoms.exe -- (lxbk_device)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.07.10 10:09:41 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.06.09 02:37:26 | 000,063,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012.06.09 02:37:24 | 000,031,384 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2012.06.09 02:36:16 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012.06.09 02:35:38 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012.06.08 23:52:20 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012.06.08 23:52:20 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012.05.08 21:49:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 21:49:04 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.29 23:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.08.29 23:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011.08.08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.31 15:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motport.sys -- (motport)
DRV:64bit: - [2011.03.31 15:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.03 17:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.12.08 18:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010.12.08 18:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.05.20 07:03:11 | 000,105,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.12.01 15:49:52 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.10.01 18:04:54 | 001,307,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.08 12:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.11.19 19:05:54 | 010,535,424 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.11.19 19:06:16 | 010,246,400 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2005.01.02 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3368515764-173444655-1910660914-500\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.internet-explorer9.de/willkommen
IE - HKU\S-1-5-21-3368515764-173444655-1910660914-500\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3368515764-173444655-1910660914-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.12 22:03:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.12 22:03:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 14:27:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2013.03.12 22:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.12 22:03:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.03.12 22:03:20 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.07.15 18:30:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.20 13:02:59 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.15 18:30:30 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.15 18:30:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.15 18:30:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.15 18:30:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2013.04.14 00:11:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\@2..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\@2..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk = C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\@2\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3368515764-173444655-1910660914-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3368515764-173444655-1910660914-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3368515764-173444655-1910660914-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3368515764-173444655-1910660914-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3368515764-173444655-1910660914-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab (Battlefield Play4Free Updater)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7EDE06E-AEED-4ACB-B847-F5C1FD65BA1D}: DhcpNameServer = 192.168.97.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - E:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.13 23:58:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.13 23:58:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.13 23:58:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.13 23:56:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.13 23:56:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.13 23:24:07 | 005,052,582 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2013.04.13 13:02:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple Computer
[2013.04.11 19:47:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013.04.11 19:38:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Motorola
[2013.04.03 14:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.03.23 20:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.04.14 00:19:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.14 00:11:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.14 00:00:54 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.14 00:00:54 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.13 23:55:35 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.13 23:52:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.13 23:52:12 | 2132,877,311 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.13 23:37:08 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.13 23:20:30 | 005,052,582 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2013.04.13 23:19:32 | 000,613,083 | ---- | M] () -- C:\Users\Administrator\Desktop\adwcleaner.exe
[2013.04.13 15:40:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3368515764-173444655-1910660914-1000UA.job
[2013.04.13 13:10:13 | 001,621,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.13 13:10:13 | 000,699,554 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.13 13:10:13 | 000,654,872 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.13 13:10:13 | 000,149,376 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.13 13:10:13 | 000,122,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.13 00:40:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3368515764-173444655-1910660914-1000Core.job
[2013.04.11 19:48:06 | 000,377,856 | ---- | M] () -- C:\Users\Administrator\Desktop\gmer_2.1.19163.exe
[2013.04.11 19:42:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013.04.11 19:41:55 | 000,000,020 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2013.04.11 19:41:12 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2013.04.11 19:38:39 | 000,001,235 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk
[2013.04.11 19:38:22 | 000,001,145 | ---- | M] () -- C:\Windows\Cm106.ini.imi
[2013.04.11 16:53:42 | 000,413,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.28 15:28:57 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.03.23 20:36:31 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.04.13 23:58:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.13 23:58:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.13 23:58:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.13 23:58:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.13 23:58:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.13 23:24:10 | 000,613,083 | ---- | C] () -- C:\Users\Administrator\Desktop\adwcleaner.exe
[2013.04.11 19:50:00 | 000,377,856 | ---- | C] () -- C:\Users\Administrator\Desktop\gmer_2.1.19163.exe
[2013.04.11 19:49:53 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2013.04.11 19:41:54 | 000,000,020 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2013.04.11 19:38:39 | 000,001,235 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk
[2013.03.23 20:36:31 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013.02.14 18:38:29 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.30 16:15:47 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2012.09.30 16:15:47 | 000,000,603 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2012.09.30 16:15:43 | 000,003,059 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2012.09.30 16:15:43 | 000,001,145 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2012.09.30 16:15:43 | 000,000,964 | ---- | C] () -- C:\Windows\cm106.ini
[2012.06.13 15:03:12 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011.11.30 14:21:19 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll
[2011.11.30 14:21:19 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll
[2011.11.30 14:21:19 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll
[2011.11.30 14:21:19 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll
[2011.11.30 14:21:19 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll
[2011.11.30 14:21:19 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll
[2011.11.30 14:21:19 | 000,537,256 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcoms.exe
[2011.11.30 14:21:19 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll
[2011.11.30 14:21:19 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll
[2011.11.30 14:21:19 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll
[2011.11.30 14:21:19 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll
[2011.11.30 14:21:19 | 000,385,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkih.exe
[2011.11.30 14:21:19 | 000,381,608 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcfg.exe
[2011.11.30 14:21:19 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll
[2011.11.30 14:21:19 | 000,180,904 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkppls.exe
[2011.11.30 14:21:19 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll
[2011.11.30 14:21:19 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll
[2011.11.07 21:18:30 | 000,000,355 | ---- | C] () -- C:\Windows\Lexstat.ini
[2011.11.06 16:46:32 | 000,000,680 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2011.07.09 14:11:46 | 001,598,576 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.24 20:51:18 | 000,036,352 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.06.13 00:46:12 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.06.03 20:40:27 | 000,843,776 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2011.06.03 20:40:27 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2011.06.03 20:40:26 | 000,172,032 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll
[2011.06.03 20:40:26 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
[2011.06.03 20:40:26 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2011.05.31 13:45:47 | 000,035,952 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.05.31 13:45:06 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.05.31 13:45:02 | 000,024,353 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.01.31 11:06:18 | 000,008,046 | ---- | C] () -- C:\Program Files (x86)\Common Files\setupBanner.jpg
[2009.04.14 16:07:42 | 000,037,607 | ---- | C] () -- C:\Program Files (x86)\Common Files\license.rtf
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.04.11 19:38:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Motorola
[2011.11.16 19:45:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2011.11.16 19:35:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Opera
[2011.08.09 21:59:48 | 000,000,000 | ---D | M] -- C:\Users\Tanina\AppData\Roaming\DAEMON Tools Pro
[2012.05.04 14:33:09 | 000,000,000 | ---D | M] -- C:\Users\Tanina\AppData\Roaming\GHISLER
[2013.03.03 14:28:37 | 000,000,000 | ---D | M] -- C:\Users\Tanina\AppData\Roaming\gtk-2.0
[2013.01.30 09:45:58 | 000,000,000 | ---D | M] -- C:\Users\Tanina\AppData\Roaming\LolClient
[2012.03.04 19:20:16 | 000,000,000 | ---D | M] -- C:\Users\Tanina\AppData\Roaming\Motorola
[2011.11.15 08:18:10 | 000,000,000 | ---D | M] -- C:\Users\Tanina\AppData\Roaming\OpenOffice.org
[2012.05.04 14:44:04 | 000,000,000 | ---D | M] -- C:\Users\Tanina\AppData\Roaming\Opera
[2012.04.09 16:05:36 | 000,000,000 | ---D | M] -- C:\Users\Tanina\AppData\Roaming\Oriolus
[2012.02.11 10:41:12 | 000,000,000 | ---D | M] -- C:\Users\Tanina\AppData\Roaming\srMedia
[2013.02.04 15:46:57 | 000,000,000 | ---D | M] -- C:\Users\Tanina\AppData\Roaming\TS3Client
[2013.02.08 21:57:46 | 000,000,000 | ---D | M] -- C:\Users\Tanina\AppData\Roaming\uTorrent
[2013.04.13 01:58:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
[2012.02.02 00:26:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.Nitrous
[2012.09.25 12:43:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Anvil Studio
[2012.09.03 20:44:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Armagetron
[2012.01.31 00:20:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe Limited
[2011.09.04 21:23:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.10.13 18:44:36 | 000,000,000 | -HSD | M] -- C:\Users\User\AppData\Roaming\Common
[2012.09.20 21:48:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2012.09.20 21:48:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Pro
[2011.05.31 14:09:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DeepBurner
[2011.11.06 16:49:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dexpot
[2012.11.02 16:47:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DisplayFusion
[2012.01.29 13:36:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft
[2011.06.12 12:34:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\EAC
[2011.06.12 12:28:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GHISLER
[2012.01.08 15:32:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Greenshot
[2012.06.26 19:02:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Groovedown
[2012.11.18 23:27:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2012.05.19 21:04:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Hive Cluster
[2011.08.17 17:08:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2011.06.01 15:18:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient
[2012.06.08 16:56:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient2
[2011.08.09 11:11:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mael
[2012.09.25 18:04:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MAGIX
[2011.10.02 23:53:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MAXON
[2012.03.04 14:23:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Motorola
[2011.05.31 14:19:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2011.09.03 19:26:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera
[2012.02.12 16:33:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Oriolus
[2012.07.03 15:58:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PunkBuster
[2011.08.03 20:11:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Screaming Bee
[2011.11.30 09:42:38 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\srMedia
[2012.04.11 22:10:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer
[2011.10.23 15:33:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Teeworlds
[2012.03.11 14:56:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird
[2013.04.03 14:42:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TS3Client
[2011.05.31 21:20:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ts3overlay
[2012.07.10 14:06:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft
[2013.02.04 23:13:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2012.11.11 03:50:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\wargaming.net
========== Purity Check ==========
< End of report >
Denkst Du, alles ist wieder in Ordnung?
Kannst Du mir sagen, wie mein Sohn sich so etwas eingefangen haben kann?
Viele Grüße und Danke,
Mike |
Aktualität von System und Software