| hoschimedes | 12.04.2013 17:02 |
Hallo Leo, erstmal Danke für deine Hilfe.
Hab alles so gemacht wie beschrieben.
Hier nun die Logfiles.
Adwcleaner Code:
# AdwCleaner v2.200 - Datei am 12/04/2013 um 17:12:13 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Mulan - MULAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mulan\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : SrvUpdater
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Mulan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk
Datei Gelöscht : C:\Users\Mulan\AppData\Roaming\Mozilla\Firefox\Profiles\x3zw7dez.default\searchplugins\icqplugin.xml
Ordner Gelöscht : C:\Program Files (x86)\BrowserCompanion
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Mulan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf
Ordner Gelöscht : C:\Users\Mulan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gelöscht : C:\Users\Mulan\AppData\LocalLow\bbrs_002.tb
Ordner Gelöscht : C:\Users\Mulan\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Mulan\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\Mulan\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\Mulan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\Users\Mulan\AppData\Roaming\Mozilla\Firefox\Profiles\x3zw7dez.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
Ordner Gelöscht : C:\Users\Mulan\AppData\Roaming\Mozilla\Firefox\Profiles\x3zw7dez.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Ordner Gelöscht : C:\Users\Mulan\AppData\Roaming\Mozilla\Firefox\Profiles\x3zw7dez.default\extensions\bbrs_002@blabbers.com
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/ --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v15.0.1 (de)
Datei : C:\Users\Mulan\AppData\Roaming\Mozilla\Firefox\Profiles\x3zw7dez.default\prefs.js
C:\Users\Mulan\AppData\Roaming\Mozilla\Firefox\Profiles\x3zw7dez.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.startup.homepage", "hxxp://start.icq.com/");
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", false);
Gelöscht : user_pref("icqtoolbar.firstTbRun", false);
Gelöscht : user_pref("icqtoolbar.geolastmodified", 1355828675);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options itb_people itb_zoom_in itb_zoom_out itb_zoom_def[...]
Gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Gelöscht : user_pref("icqtoolbar.installTime", "1355828675");
Gelöscht : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Gelöscht : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "15.0.1");
Gelöscht : user_pref("icqtoolbar.showPc", false);
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uniqueID", "134835117513483510541349727636499");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1355828678);
Gelöscht : user_pref("icqtoolbar.version", "1.5.3");
Gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Gelöscht : user_pref("keyword.URL", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=");
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\Mulan\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Chromium v window_placement: {
bottom: 718
Datei : C:\Users\Mulan\AppData\Local\Chromium\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.2.1578.0
Datei : C:\Users\Mulan\AppData\Roaming\Opera\Opera\operaprefs.ini
Gelöscht : Home URL=hxxp://start.icq.com/
Gelöscht : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera
*************************
AdwCleaner[S1].txt - [10480 octets] - [12/04/2013 17:12:13]
########## EOF - C:\AdwCleaner[S1].txt - [10541 octets] ##########
combofix Code:
ComboFix 13-04-12.01 - Mulan 12.04.2013 17:22:01.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4094.2471 [GMT 2:00]
ausgeführt von:: c:\users\Mulan\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mulan\AppData\Roaming\KB00103419.exe
c:\windows\IsUn0407.exe
c:\windows\ST6UNST.000
c:\windows\SysWow64\DEBUG.log
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-12 bis 2013-04-12 ))))))))))))))))))))))))))))))
.
.
2013-04-12 15:29 . 2013-04-12 15:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-12 12:56 . 2013-04-12 12:56 -------- d-----w- c:\program files (x86)\7-Zip
2013-04-12 07:14 . 2013-04-12 07:14 -------- d-----w- c:\programdata\Sophos
2013-04-12 07:13 . 2013-04-12 07:13 73728 ----a-r- c:\users\Mulan\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-04-12 07:13 . 2013-04-12 07:13 73728 ----a-r- c:\users\Mulan\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-04-12 07:13 . 2013-04-12 07:13 73728 ----a-r- c:\users\Mulan\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-04-12 07:13 . 2013-04-12 07:13 -------- d-----w- c:\program files (x86)\Sophos
2013-04-10 19:23 . 2013-04-10 19:23 -------- d-----w- c:\program files (x86)\PakkISO
2013-04-10 08:25 . 2013-04-12 15:15 -------- d--h--w- c:\users\Mulan\AppData\Roaming\D5EDAA39
2013-04-09 20:24 . 2013-04-12 08:29 -------- d-----w- c:\users\Mulan\AppData\Roaming\Ppid
2013-04-09 19:45 . 2013-04-09 19:45 -------- d-----w- c:\programdata\BlueStacks
2013-04-09 19:45 . 2013-04-09 19:45 -------- d-----w- c:\program files (x86)\BlueStacks
2013-04-03 09:48 . 2013-04-03 09:48 -------- d-----w- c:\program files (x86)\psx emulation cheater
2013-04-02 14:52 . 2013-04-02 14:52 -------- d-----w- c:\users\Mulan\AppData\Local\SWTORPerf
2013-04-01 18:46 . 2013-04-01 18:46 -------- d-----w- C:\Temp
2013-03-22 10:11 . 2013-03-22 10:11 -------- d-----w- c:\users\Mulan\.mepin
2013-03-13 20:39 . 2013-03-13 20:39 -------- d-----w- C:\LG_USB
2013-03-13 20:38 . 2012-04-13 00:09 131072 ----a-w- c:\windows\LGMobileDL.dll
2013-03-13 20:33 . 2009-10-19 20:49 1164728 ----a-w- c:\windows\SysWow64\NMSDVDXU.dll
2013-03-13 20:33 . 2009-05-22 12:26 630784 ----a-w- c:\windows\SysWow64\vsflex8u.ocx
2013-03-13 20:33 . 2009-05-22 12:26 419240 ----a-w- c:\windows\SysWow64\Vsflex7L.ocx
2013-03-13 20:33 . 2009-05-22 12:26 244416 ----a-w- c:\windows\SysWow64\Msflxgrd.ocx
2013-03-13 20:33 . 2013-03-13 20:33 -------- d--h--w- c:\users\Mulan\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
2013-03-13 20:33 . 2013-03-13 20:33 -------- d-----w- c:\users\Mulan\AppData\Roaming\LG Electronics
2013-03-13 20:26 . 2013-03-13 20:26 -------- d-----w- C:\ifx
2013-03-13 20:24 . 2013-03-13 20:37 -------- d-----w- C:\KM900
2013-03-13 20:13 . 2011-05-10 12:37 655872 ----a-w- c:\windows\SysWow64\msvcr90.dll
2013-03-13 20:13 . 2011-05-10 12:37 568832 ----a-w- c:\windows\SysWow64\msvcp90.dll
2013-03-13 20:13 . 2011-05-10 12:37 224768 ----a-w- c:\windows\SysWow64\msvcm90.dll
2013-03-13 20:13 . 2006-05-04 07:33 53248 ----a-w- c:\windows\SysWow64\CommonDL.dll
2013-03-13 20:13 . 2005-10-04 00:39 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2013-03-13 20:12 . 2013-03-13 20:13 -------- d-----w- c:\programdata\LGMOBILEAX
2013-03-13 19:41 . 2013-03-13 20:42 -------- d-----w- c:\program files (x86)\LG Electronics
2013-03-13 19:12 . 2013-03-13 19:12 -------- d-----w- c:\program files\DIFX
2013-03-13 19:12 . 2013-03-13 19:12 -------- d-----w- c:\program files (x86)\infineon
2013-03-13 19:12 . 2009-05-12 14:53 20480 ----a-w- c:\windows\SysWow64\drivers\FlashUsb_x64.sys
2013-03-13 19:12 . 2009-05-12 14:53 20480 ----a-w- c:\windows\system32\drivers\FlashUSB_x64.sys
2013-03-13 18:58 . 2013-03-13 19:42 -------- d-----w- c:\users\Mulan\AppData\Local\LG Electronics
2013-03-13 18:58 . 2013-03-13 18:58 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-03-13 18:54 . 2013-03-13 18:54 -------- d-----w- c:\users\Mulan\AppData\Local\Apple Computer
2013-03-13 18:54 . 2013-03-14 08:39 -------- d-----w- c:\users\Mulan\AppData\Roaming\Apple Computer
2013-03-13 18:52 . 2013-03-13 18:52 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-03-13 18:52 . 2013-03-13 18:52 -------- d-----w- c:\users\Mulan\AppData\Local\Apple
2013-03-13 18:52 . 2013-03-13 18:52 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-03-13 18:52 . 2013-03-13 18:52 -------- d-----w- c:\programdata\Apple
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-31 17:45 . 2012-05-12 13:54 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-31 17:45 . 2012-05-12 13:54 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-17 00:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 2676584]
"Steam"="d:\program files (x86)\QfG\Steam.exe" [2013-03-29 1631144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-02-15 601976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AWEAlloc;AWE Memory Allocation Driver;c:\windows\system32\DRIVERS\awealloc.sys [2012-11-02 18456]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FlashUSB;FlashUSB;c:\windows\system32\DRIVERS\FlashUSB_x64.sys [2009-05-12 20480]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-03-25 115272]
R3 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 OSFMount;OSFMount;c:\program files\OSFMount\OSFMount.sys [2012-04-03 540224]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-07-10 41704]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-02-15 71032]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-02-15 384888]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-07-13 471408]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-07-10 385392]
S2 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\DRIVERS\imdisk.sys [2012-11-02 39464]
S2 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe [2012-11-02 11776]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [2009-09-29 16384]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [2009-09-29 14848]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [2009-09-29 17408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 14:17 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-12 17:45]
.
2012-11-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2521019398-3998036147-3481974847-1000Core.job
- c:\users\Mulan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-21 19:40]
.
2012-11-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2521019398-3998036147-3481974847-1000UA.job
- c:\users\Mulan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-21 19:40]
.
2013-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-05 07:39]
.
2013-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-05 07:39]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Mulan\AppData\Roaming\Mozilla\Firefox\Profiles\x3zw7dez.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - ExtSQL: 2013-02-20 06:13; {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}; c:\users\Mulan\AppData\Roaming\Mozilla\Firefox\Profiles\x3zw7dez.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-LG LinkAir - (no file)
Wow6432Node-HKCU-Run-videovudns - c:\users\Mulan\AppData\Roaming\videovudns.exe
Wow6432Node-HKCU-Run-KB00103419.exe - c:\users\Mulan\AppData\Roaming\KB00103419.exe
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-GameWiz32 - c:\windows\system32\GKSUI18.EXE
AddRemove-{78AEEF25-88AA-453A-B2CC-446FE42AA08F}_is1 - d:\program files (x86)\Star Wars® Knights of the Old Republic Series\unins000.exe
AddRemove-{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1 - d:\program files (x86)\MAESTIA\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-12 17:32:13
ComboFix-quarantined-files.txt 2013-04-12 15:32
.
Vor Suchlauf: 15 Verzeichnis(se), 13.993.979.904 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 14.474.477.568 Bytes frei
.
- - End Of File - - B5B0119EEE20D6612029D61616745C8C
OTL Code:
OTL logfile created on: 12.04.2013 17:36:30 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mulan\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 59,55% Memory free
9,99 Gb Paging File | 8,50 Gb Available in Paging File | 85,11% Paging File free
Paging file location(s): d:\pagefile.sys 6139 6139 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 13,56 Gb Free Space | 27,78% Space Free | Partition Type: NTFS
Drive D: | 238,20 Gb Total Space | 34,39 Gb Free Space | 14,44% Space Free | Partition Type: NTFS
Drive E: | 11,06 Gb Total Space | 1,77 Gb Free Space | 16,05% Space Free | Partition Type: NTFS
Computer Name: MULAN-PC | User Name: Mulan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.12 08:25:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mulan\Desktop\OTL.exe
PRC - [2013.02.15 15:28:12 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2013.02.15 15:27:52 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe
PRC - [2013.02.15 15:27:48 | 000,366,456 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
PRC - [2013.02.15 15:27:38 | 000,260,472 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
PRC - [2013.02.15 15:27:36 | 000,376,696 | ---- | M] (BlueStack Systems) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.13 02:52:48 | 000,471,408 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2012.07.10 05:08:30 | 000,404,848 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012.07.10 05:04:30 | 000,385,392 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2012.11.02 02:14:00 | 000,011,776 | ---- | M] (Olof Lagerkvist) [Auto | Running] -- C:\Windows\SysNative\imdsksvc.exe -- (ImDskSvc)
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.04.05 22:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011.05.13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010.03.23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.03.02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2013.03.31 19:45:21 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.15 15:28:12 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2013.02.15 15:27:52 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.16 19:37:24 | 005,124,464 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012.09.10 18:26:31 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.13 02:52:48 | 000,471,408 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012.07.10 05:13:34 | 000,078,072 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2012.07.10 05:08:30 | 000,404,848 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2012.07.10 05:04:30 | 000,385,392 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$BWDATOOLSET)
SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.03.23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.11.02 14:58:38 | 000,039,464 | ---- | M] (Olof Lagerkvist) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\imdisk.sys -- (ImDisk)
DRV:64bit: - [2012.11.02 02:14:15 | 000,018,456 | ---- | M] (Olof Lagerkvist) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\awealloc.sys -- (AWEAlloc)
DRV:64bit: - [2012.07.10 04:48:18 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012.07.10 04:48:16 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.25 10:26:34 | 000,115,272 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.12.07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011.10.14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.05.13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.04.27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010.03.23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.09.29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009.09.29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009.09.29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009.09.22 02:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.12 16:53:12 | 000,020,480 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys -- (FlashUSB)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.11.11 14:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008.11.11 14:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008.11.11 14:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV - [2013.02.15 15:28:06 | 000,071,032 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2012.04.03 16:04:58 | 000,540,224 | ---- | M] (PassMark Software) [Kernel | On_Demand | Stopped] -- C:\Programme\OSFMount\OSFMount.sys -- (OSFMount)
DRV - [2012.03.05 17:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.05.12 16:53:12 | 000,020,480 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\FlashUsb_x64.sys -- (FlashUSB)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2521019398-3998036147-3481974847-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2521019398-3998036147-3481974847-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2521019398-3998036147-3481974847-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 44 C7 1A CB 92 CD 01 [binary data]
IE - HKU\S-1-5-21-2521019398-3998036147-3481974847-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2521019398-3998036147-3481974847-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2521019398-3998036147-3481974847-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..extensions.enabledAddons: leethax@leethax.net:2012.08.15
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.5
FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.5.3
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\4game.com/plugin: D:\Program Files (x86)\4game\4game\npplugin4game.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mulan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.07.19 12:58:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.13 20:53:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.13 20:53:18 | 000,000,000 | ---D | M]
[2012.07.08 19:00:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mulan\AppData\Roaming\mozilla\Extensions
[2013.04.12 17:12:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mulan\AppData\Roaming\mozilla\Firefox\Profiles\x3zw7dez.default\extensions
[2012.08.16 09:48:07 | 000,021,524 | ---- | M] () (No name found) -- C:\Users\Mulan\AppData\Roaming\mozilla\firefox\profiles\x3zw7dez.default\extensions\leethax@leethax.net.xpi
[2012.12.18 13:04:31 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\Mulan\AppData\Roaming\mozilla\firefox\profiles\x3zw7dez.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.07.24 14:48:30 | 000,000,168 | ---- | M] () -- C:\Users\Mulan\AppData\Roaming\mozilla\firefox\profiles\x3zw7dez.default\searchplugins\icqplugin.gif
[2012.07.24 14:48:30 | 000,000,618 | ---- | M] () -- C:\Users\Mulan\AppData\Roaming\mozilla\firefox\profiles\x3zw7dez.default\searchplugins\icqplugin.src
[2013.04.12 17:12:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.12 07:51:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\MULAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X3ZW7DEZ.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\USERS\MULAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X3ZW7DEZ.DEFAULT\EXTENSIONS\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012.09.10 18:26:31 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 12:32:34 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Mulan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Uplay PC (Enabled) = D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Mulan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
O1 HOSTS File: ([2013.04.12 17:29:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2521019398-3998036147-3481974847-1000..\Run: [HP Deskjet 3050A J611 series (NET)] C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2521019398-3998036147-3481974847-1000..\Run: [Steam] D:\Program Files (x86)\QfG\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2521019398-3998036147-3481974847-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2521019398-3998036147-3481974847-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2521019398-3998036147-3481974847-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2521019398-3998036147-3481974847-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2521019398-3998036147-3481974847-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2521019398-3998036147-3481974847-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2521019398-3998036147-3481974847-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F9E14B1-7260-490A-956A-F19132336641}: DhcpNameServer = 10.72.88.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4092122-57F9-4F9D-8F05-7E98F6375FE8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.12 17:32:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.12 17:19:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.12 17:19:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.12 17:19:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.12 17:19:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.12 17:19:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.12 17:17:36 | 005,053,020 | R--- | C] (Swearware) -- C:\Users\Mulan\Desktop\ComboFix.exe
[2013.04.12 14:56:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.04.12 11:21:09 | 000,000,000 | ---D | C] -- C:\Users\Mulan\Desktop\Virus
[2013.04.12 09:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013.04.12 09:13:51 | 000,000,000 | ---D | C] -- C:\Users\Mulan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2013.04.12 09:13:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2013.04.12 08:25:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mulan\Desktop\OTL.exe
[2013.04.10 21:23:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PakkISO
[2013.04.10 10:25:15 | 000,000,000 | -H-D | C] -- C:\Users\Mulan\AppData\Roaming\D5EDAA39
[2013.04.09 22:24:18 | 000,000,000 | ---D | C] -- C:\Users\Mulan\AppData\Roaming\Ppid
[2013.04.09 21:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2013.04.09 21:45:37 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2013.04.09 21:45:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks
[2013.04.03 18:41:38 | 000,000,000 | ---D | C] -- C:\Users\Mulan\Documents\StarCraft II
[2013.04.03 18:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2013.04.03 11:48:09 | 000,000,000 | ---D | C] -- C:\Users\Mulan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\psx emulation cheater
[2013.04.03 11:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\psx emulation cheater
[2013.04.03 11:48:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\psx emulation cheater
[2013.04.02 21:46:45 | 000,000,000 | ---D | C] -- C:\Users\Mulan\Desktop\emu
[2013.04.02 16:52:23 | 000,000,000 | ---D | C] -- C:\Users\Mulan\AppData\Local\SWTORPerf
[2013.04.01 20:46:21 | 000,000,000 | ---D | C] -- C:\Temp
[2013.03.29 00:15:20 | 000,000,000 | ---D | C] -- C:\Users\Mulan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013.03.22 12:11:35 | 000,000,000 | ---D | C] -- C:\Users\Mulan\.mepin
[2013.03.19 16:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAESTIA
[2013.03.13 22:39:45 | 000,000,000 | ---D | C] -- C:\LG_USB
[2013.03.13 22:35:59 | 000,000,000 | ---D | C] -- C:\Users\Mulan\Documents\LG Electronics
[2013.03.13 22:33:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite III
[2013.03.13 22:33:31 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\SysWow64\NMSDVDXU.dll
[2013.03.13 22:33:31 | 000,630,784 | ---- | C] (ComponentOne) -- C:\Windows\SysWow64\vsflex8u.ocx
[2013.03.13 22:33:31 | 000,419,240 | ---- | C] (VideoSoft) -- C:\Windows\SysWow64\Vsflex7L.ocx
[2013.03.13 22:33:26 | 000,000,000 | -H-D | C] -- C:\Users\Mulan\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2013.03.13 22:33:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LG Electronics
[2013.03.13 22:33:26 | 000,000,000 | ---D | C] -- C:\Users\Mulan\AppData\Roaming\LG Electronics
[2013.03.13 22:26:41 | 000,000,000 | ---D | C] -- C:\ifx
[2013.03.13 22:24:51 | 000,000,000 | ---D | C] -- C:\KM900
[2013.03.13 22:13:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
[2013.03.13 22:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX
[2013.03.13 21:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite IV
[2013.03.13 21:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2013.03.13 21:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013.03.13 21:12:12 | 000,020,480 | ---- | C] (Danish Wireless Design A/S) -- C:\Windows\SysWow64\drivers\FlashUsb_x64.sys
[2013.03.13 21:12:12 | 000,020,480 | ---- | C] (Danish Wireless Design A/S) -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys
[2013.03.13 21:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infineon USB driver
[2013.03.13 21:12:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\infineon
[2013.03.13 20:58:54 | 000,000,000 | ---D | C] -- C:\Users\Mulan\Documents\LG PC Suite IV
[2013.03.13 20:58:54 | 000,000,000 | ---D | C] -- C:\Users\Mulan\AppData\Local\LG Electronics
[2013.03.13 20:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.03.13 20:54:41 | 000,000,000 | ---D | C] -- C:\Users\Mulan\AppData\Local\Apple Computer
[2013.03.13 20:54:00 | 000,000,000 | ---D | C] -- C:\Users\Mulan\AppData\Roaming\Apple Computer
[2013.03.13 20:53:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.03.13 20:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013.03.13 20:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.03.13 20:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013.03.13 20:52:17 | 000,000,000 | ---D | C] -- C:\Users\Mulan\AppData\Local\Apple
[2013.03.13 20:52:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013.03.13 20:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
========== Files - Modified Within 30 Days ==========
[2013.04.12 17:29:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.12 17:22:35 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.12 17:22:35 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.12 17:17:56 | 005,053,020 | R--- | M] (Swearware) -- C:\Users\Mulan\Desktop\ComboFix.exe
[2013.04.12 17:14:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.12 17:14:06 | 3219,521,536 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.12 17:11:08 | 000,613,083 | ---- | M] () -- C:\Users\Mulan\Desktop\adwcleaner.exe
[2013.04.12 11:19:58 | 000,000,188 | ---- | M] () -- C:\Users\Mulan\defogger_reenable
[2013.04.12 09:13:51 | 000,003,205 | ---- | M] () -- C:\Users\Mulan\Desktop\Sophos Virus Removal Tool.lnk
[2013.04.12 08:25:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mulan\Desktop\OTL.exe
[2013.04.11 16:27:54 | 000,534,798 | ---- | M] () -- C:\Users\Mulan\Desktop\white-tiger-wallpaper.jpg
[2013.04.10 16:17:33 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.04.10 10:33:39 | 001,976,895 | ---- | M] () -- C:\Users\Mulan\Documents\Scan1.jpg
[2013.04.10 10:31:30 | 001,630,670 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.10 10:31:30 | 000,701,204 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.10 10:31:30 | 000,663,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.10 10:31:30 | 000,148,038 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.10 10:31:30 | 000,124,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.09 21:46:44 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\Apps.lnk
[2013.04.09 21:46:42 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk
[2013.04.07 16:17:56 | 000,001,354 | ---- | M] () -- C:\Users\Mulan\Desktop\DC Universe Online PSG.lnk
[2013.04.03 18:41:43 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2013.04.03 11:48:09 | 000,001,965 | ---- | M] () -- C:\Users\Mulan\Desktop\psx emulation cheater.lnk
[2013.04.02 11:29:06 | 001,058,137 | ---- | M] () -- C:\Users\Mulan\Documents\Scan.jpg
[2013.04.01 20:47:08 | 001,739,906 | ---- | M] () -- C:\Users\Mulan\Documents\V0611_12-03-13.mp4
[2013.04.01 20:46:24 | 000,185,089 | ---- | M] () -- C:\Users\Mulan\Documents\V0611_12-03-13.3gp
[2013.04.01 09:58:41 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.29 17:33:50 | 000,378,199 | ---- | M] () -- C:\Users\Mulan\Desktop\202070-Dayane.jpg
[2013.03.29 00:15:20 | 000,000,876 | ---- | M] () -- C:\Users\Mulan\Desktop\Uplay.lnk
[2013.03.25 21:35:01 | 000,000,623 | ---- | M] () -- C:\Users\Mulan\Desktop\Demon Slayer - Anmeldeclient.lnk
[2013.03.20 22:17:57 | 000,007,602 | ---- | M] () -- C:\Users\Mulan\AppData\Local\Resmon.ResmonCfg
[2013.03.18 13:51:26 | 000,972,107 | ---- | M] () -- C:\Users\Mulan\Documents\Scan0001.jpg
[2013.03.13 22:39:15 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2013.03.13 22:33:42 | 000,001,258 | ---- | M] () -- C:\Users\Mulan\Desktop\LG PC Suite III.lnk
[2013.03.13 21:57:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
========== Files Created - No Company Name ==========
[2013.04.12 17:19:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.12 17:19:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.12 17:19:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.12 17:19:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.12 17:19:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.12 17:11:00 | 000,613,083 | ---- | C] () -- C:\Users\Mulan\Desktop\adwcleaner.exe
[2013.04.12 11:19:57 | 000,000,188 | ---- | C] () -- C:\Users\Mulan\defogger_reenable
[2013.04.12 09:13:51 | 000,003,205 | ---- | C] () -- C:\Users\Mulan\Desktop\Sophos Virus Removal Tool.lnk
[2013.04.11 16:27:53 | 000,534,798 | ---- | C] () -- C:\Users\Mulan\Desktop\white-tiger-wallpaper.jpg
[2013.04.10 10:33:39 | 001,976,895 | ---- | C] () -- C:\Users\Mulan\Documents\Scan1.jpg
[2013.04.09 21:46:44 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\Apps.lnk
[2013.04.09 21:46:42 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Start BlueStacks.lnk
[2013.04.07 16:17:56 | 000,001,354 | ---- | C] () -- C:\Users\Mulan\Desktop\DC Universe Online PSG.lnk
[2013.04.07 16:17:56 | 000,001,354 | ---- | C] () -- C:\Users\Mulan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online PSG.lnk
[2013.04.03 18:41:38 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2013.04.03 11:48:09 | 000,001,965 | ---- | C] () -- C:\Users\Mulan\Desktop\psx emulation cheater.lnk
[2013.04.01 20:47:03 | 001,739,906 | ---- | C] () -- C:\Users\Mulan\Documents\V0611_12-03-13.mp4
[2013.04.01 20:46:22 | 000,185,089 | ---- | C] () -- C:\Users\Mulan\Documents\V0611_12-03-13.3gp
[2013.03.29 17:33:50 | 000,378,199 | ---- | C] () -- C:\Users\Mulan\Desktop\202070-Dayane.jpg
[2013.03.29 00:15:20 | 000,000,876 | ---- | C] () -- C:\Users\Mulan\Desktop\Uplay.lnk
[2013.03.20 22:17:57 | 000,007,602 | ---- | C] () -- C:\Users\Mulan\AppData\Local\Resmon.ResmonCfg
[2013.03.18 13:51:25 | 000,972,107 | ---- | C] () -- C:\Users\Mulan\Documents\Scan0001.jpg
[2013.03.13 22:33:42 | 000,001,258 | ---- | C] () -- C:\Users\Mulan\Desktop\LG PC Suite III.lnk
[2013.03.13 22:13:09 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2013.03.13 22:13:09 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2013.03.13 21:57:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.03.13 20:52:16 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.01.26 02:11:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2013.01.12 10:44:11 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.11.07 10:24:37 | 000,110,572 | ---- | C] () -- C:\ProgramData\su.x86
[2012.10.07 12:40:47 | 000,000,000 | ---- | C] () -- C:\Users\Mulan\__ng3d.lock
[2012.09.20 23:30:22 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.28 15:32:00 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2012.05.25 17:27:12 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE
[2012.05.06 10:25:53 | 000,000,335 | ---- | C] () -- C:\Users\Mulan\SciTE.session
[2012.05.05 08:47:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 15:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.12.29 13:40:20 | 000,000,018 | ---- | C] () -- C:\Users\Mulan\abbrev.properties
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.03.27 17:22:54 | 000,014,905 | ---- | C] () -- C:\Users\Mulan\au3abbrev.properties
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012.06.07 16:52:34 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\.bsnes
[2012.11.27 16:42:57 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\7road
[2012.07.27 22:52:21 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\aliasworlds
[2012.07.18 18:26:28 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\Argonyt
[2012.05.09 18:09:21 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\Boolat Games
[2012.07.22 13:05:30 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\Boomzap
[2012.09.22 23:08:29 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\com.bwsf.DragonAgeLegends
[2013.04.12 17:15:42 | 000,000,000 | -H-D | M] -- C:\Users\Mulan\AppData\Roaming\D5EDAA39
[2013.04.11 07:18:29 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\DAEMON Tools Lite
[2012.09.21 01:09:01 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\Dragon Age Toolset
[2012.05.18 10:16:37 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\FirstColony
[2013.03.06 13:43:20 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\FRITZ!
[2013.03.06 13:38:16 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2012.05.08 21:58:51 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\Gamehouse All My Gods
[2012.05.19 21:58:39 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\GameInvest
[2012.09.27 23:01:59 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\ICQ
[2012.09.27 20:27:36 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\ICQ Search
[2012.06.04 19:42:35 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\ITTerritory
[2012.05.17 23:05:17 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\Kalypso Media
[2013.03.13 22:33:26 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\LG Electronics
[2013.03.31 22:41:26 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\Might & Magic Heroes VI
[2012.10.12 21:59:59 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\MotioninJoy
[2012.05.08 07:12:30 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\Opera
[2012.05.12 16:30:24 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\PoBros
[2013.04.12 10:29:10 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\Ppid
[2012.07.08 17:57:58 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\SFBot
[2012.08.22 08:34:22 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\Subversion
[2013.03.06 22:01:08 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\The Creative Assembly
[2012.12.15 20:50:25 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\TS3Client
[2012.05.28 12:47:29 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\Ubisoft
[2012.05.23 09:19:32 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\Unity
[2012.11.06 23:12:31 | 000,000,000 | ---D | M] -- C:\Users\Mulan\AppData\Roaming\VSRevoGroup
[2013.03.13 22:33:26 | 000,000,000 | -H-D | M] -- C:\Users\Mulan\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:6BF0805F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4E243396
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:6EE8565A
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:667565EE
< End of report >
ich hoffe das passt so
Mit freundlichen Grüssen Kai |
Hinweise zum Ablauf